Views:
CEF Key
Description
Value
Header (logVer)
CEF format version
CEF:0
Header (vendor)
Product vendor
TrendAI™
Header (pname)
Product name
Apex Central
Header (pver)
Product version
2019
Header (eventid)
Event ID
800101
Header (eventName)
Log name
Pattern Update Status
Header (severity)
Severity
3
rt
Event trigger time in UTC
Example: Mar 22 2018 08:23:23 GMT+00:00
shost
Product Entity/Endpoint
Example: shost1
cs1Label
Corresponding label for the cs1 field
Operating System
cs1
Operating system
Example: Windows 7
cs2Label
Corresponding label for the cs2 field
Product/Endpoint IP
cs2
Product/Endpoint IP
Example: 10.0.7.20
cs3Label
Corresponding label for the cs3 field
Update Agent
cs3
Update Agent
Example: 0
cs4Label
Corresponding label for the cs4 field
Domain
cs4
Domain
Example: Default
cn1Label
Corresponding label for the cn1 field
Connection Status
cn1
Connection status
Example: 100
  • 0: Unable to connect
  • 1: Active
  • 2: Inactive
  • 100: Product active
  • 101: Product inactive but agent is active
  • 102: Roaming
cn2Label
Corresponding label for the cn2 field
Pattern/Rule
cn2
Pattern/Rule
Example: 2048
cs5Label
Corresponding label for the cs5 field
Pattern/Rule Version
cs5
Pattern/Rule version
Example: 1548
cn3Label
Corresponding label for the cn3 field
Pattern/Rule Status
cn3
Pattern/Rule status
Example: 1
  • 1: Up-to-date
  • 2: 1 version old
  • 3: 2 versions old
  • 4: 3 versions old
  • 5: 4 versions old
  • 6: 5 versions old
  • 7: 6 or more versions old
cs6Label
Corresponding label for the cs6 field
AUComponent_Type
cs6
ActiveUpdate component type
Example: 2
  • 2: Pattern
deviceFacility
Managed product name
Example: Apex One
msg
Pattern type display name
Example: "Virus Pattern"
deviceNtDomain
Active Directory domain
Example: APEXTMCM
dntdom
Apex One domain hierarchy
Example: OSCEDomain1
ApexCentralHost
Apex Central host name
Example: TW-CHRIS-W2019
devicePayloadId
Unique message GUID
Example: 1C00290C0360-9CDE11EB-D4B8-F51F-C697
Log sample:
CEF:0|TrendAI™|Apex Central|2019|800101|Pattern Update 
Status|3|rt=Nov 02 2017 12:46:44 GMT+00:00 shost=shost1 cs1L
abel=Operating_System cs1=Windows 7  cs2Label=Product/Endpoi
nt_IP cs2=10.0.7.20 cs3Label=Update_Agent cs3=0 cs4Label=Dom
ain cs4=Default cn1Label=Connection_Status cn1=100 cn2Label=
Pattern/Rule cn2=2048 cs5Label=Pattern/Rule_Version cs5=1548
 cn3Label=Pattern/Rule_Status cn3=1 cs6Label=AUComponent_Typ
e cs6=2 deviceFacility=Apex One deviceNtDomain=APEXTMCM dntd
om=OSCEDomain1
Keywords: Pattern Update Status