Overview Integrations Release Notes Operational Guide MetaDefender Sandbox API Reference v1
Getting Started
Support
Configuration
2.0.0
Search this version
Configuration
Configuration
Architectural Overview
Features
Title
Message
Create new category
What is the title of your new category?
Edit page index title
What is the title of the page index?
Edit category
What is the new title of your category?
Edit link
What is the new title and URL of your link?
CEF Syslog Feedback
Copy Markdown
Open in ChatGPT
Open in Claude
The broker component can be configured to send a CEF syslog summary string to any endpoint via TCP or UDP.
The CEF syslog feedback is generated and sent to the configured endpoint when the main transform task and all its subtasks are in a final processing state.
To modify the syslog feedback configuration:
Step #1 - Open /home/sandbox/sandbox/broker.cfg in a text editor
Step #2 - Add or modify the following properties (no need to overwrite default values):
broker.cfg
############################### CEF Syslog Feedback settings##############################cefSyslogEnabled=falsecefSyslogHost=cefSyslogPort=514cefSyslogProtocol=tcpcefSyslogTimeoutMs=10000cefSyslogUseSSL=falseStep #3 - Save the file and restart the sandbox service
Property details
| Property Name | Default Value | Description |
|---|---|---|
| cefSyslogEnabled | false | Main switch to enable / disable CEF syslog feedback |
| cefSyslogHost | - | Host name or IP address of the log server |
| cefSyslogPort | 514 | Port of the log server |
| cefSyslogProtocol | tcp | Connection protocol to use: tcp or udp |
| cefSyslogTimeoutMs | 10 seconds | Connection timeout used for TCP sockets |
| cefSyslogUseSSL | false | Switch to enable / disable SSL verification for TCP sockets |
Example CEF syslog string:
message
CEF:0|OPSWAT Inc.|broker|1.1.0-1e895e7|transform-file| c378387344e0a552dc065de6bfa607fd26e0b5c569751c79fbf9c6f2e9 1c98079| cn1=1c281ba2-d4cd-4811-9ccc-fbf941c517b0 cn1Label=Task ID cn2=c378387344e0a552dc065de6bfa607fd26e0b5c569751c79fbf9c6f2e91c9807 cn2Label=SHA256 cn3=application/vnd.ms-word.document.macroenabled.12 cn3Label=Media Type cn4=2022-04-96 02:20+020096 cn4Label=Date cn5=antivm,macros,macros-on-open,obfuscated,powershell,docx cn5Label=All Tags cn6=EMU000,V004,S010,EMU006,S000,SIGG001,S041,V001,V000,Y000,S040 cn6Label=All Signal Group IDsType to search, ESC to discard
Type to search, ESC to discard
Type to search, ESC to discard
Last updated on
Was this page helpful?
Next to read:
Sandbox Engine Exit CodesSee the "Technical Datasheet" for a complete list of features: https://docs.opswat.com/filescan/datasheet/technical-datasheet
Discard Changes
Do you want to discard your current changes and overwrite with the template?
Archive Synced Block
Message
Create new Template
What is this template's title?
Delete Template
Message
