|
CEF Key |
Description |
Value |
|---|---|---|
|
Header (logVer) |
CEF format version |
CEF:0 |
|
Header (vendor) |
Appliance vendor |
Trend Micro |
|
Header (pname) |
Appliance product |
Apex Central |
|
Header (pver) |
Appliance version |
2019 |
|
Header (eventid) |
Event ID |
800102 |
|
Header (eventName) |
Log name |
Engine Update Status |
|
Header (severity) |
Severity |
3 |
|
rt |
Log generation time in UTC |
Example: "Apr 20 2017 12:04:34 GMT+00:00" |
|
shost |
Product Entity/Endpoint |
Example: "shost1" |
|
cs2Label |
Corresponding label for the "cs2" field |
"Product/Endpoint IP" |
|
cs2 |
Product/Endpoint IP |
Example: "10.0.17.6" |
|
cn1Label |
Corresponding label for the "cn1" field |
"Connection Status" |
|
cn1 |
Connection status |
Example: "100"
|
|
cn2Label |
Corresponding label for the "cn2" field |
"Engine" |
|
cn2 |
Engine |
Example: "4096" |
|
cn5Label |
Corresponding label for the "cn5" field |
"Engine Version" |
|
cs5 |
Engine version |
Example: "9.950.1006" |
|
cn3Level |
Corresponding label for the "cn3" field |
"Engine Status" |
|
cn3 |
Engine status |
Example: "1"
|
|
cs6Label |
Corresponding label for the "cs6" field |
"AUComponent_Type" |
|
cs6 |
ActiveUpdate component type |
Example: "1"
|
|
deviceFacility |
Product name |
Example: "Apex One" |
Log sample:
CEF:0|Trend Micro|Apex Central|2019|800102|Engine Update S tatus|3|rt=Apr 20 2017 12:04:34 GMT+00:00 shost=shost1 cs2La bel=Product/Endpoint_IP cs2=10.0.17.6 cn1Label=Connection_St atus cn1=100 cn2Label=Engine cn2=4096 cs5Label=Engine_Versio n cs5=9.950.1006 cn3Label=Engine_Status cn3=1 cs6Label=AUCom ponent_Type cs6=1 deviceFacility=Apex One . [0]