Syslog Message Format

MetaDefender Core supports to send CEF (Common Event Format) syslog message style

Remote Syslog

log format
    
[Local Timestamp] [Source IP Address] [UTC Timestamp]  [Hostname] [CEF:Version|Device Vendor|Device Product|Device Version|Signature ID|Name|Severity|Extension]
Copy

For example:

log example
    
Jun 24 14:33:18 192.168.200.223 2019-06-24T14:33:19+07:00 OPSWATPC CEF:0|OPSWAT|MSCL|4.16.0|core.network|MSCL[7548] New maximum agent count is set|2|maxAgentCount='1' msgid=665
Copy

Prefix field	Sample value	Description
Local timestamp	Jun 24 14:33:18
IP address	192.168.200.223	Source IP address ver. 4
UTC timestamp	2019-06-24T14:33:19+07:00
Hostname	OPSWATPC
CEF:Version	CEF:0	Version 0
Device Vendor	OPSWAT
Device Product	MSCL	MSCL = MetaDefender Core on Linux MSCW = MetaDefender Core on Windows
Device Version	4.16.0	MetaDefender Core version
Signature ID	core.network	For example: core.network: Component "network" on "Core" module agent.engines: Component "engines" on "Node" common.update: Component "update" on common module shared by all modules
Name	MSCL[7548] New maximum agent count is set	Subject of log message MSCL[7548] = MetaDefender Core on Linux ["ometascan" process id = 7548] ometascan-node[455] = MetaDefender Core Node ["ometascan-node" process id = 455]
Severity	2	Log level DUMP (0): The most verbose severity level, these entries are for debuggers only. DEBUG (1): Debuggers severity level, mostly used by support issues. INFO (2): Information from the software, such as scan results. WARNING (3): A problem occurred needs investigation and OPSWAT support must be contacted, however the product is supposed to be operational. ERROR (4): Software error happened, please contact support if the issue is persist. Software functionality may be downgraded in these cases.
Extension	maxAgentCount='1' msgid=665	To learn more about msgid (message ID): Error Message Description Table

Local Syslog

log format
    
[Local Timestamp] [Hostname] [CEF:Version|Device Vendor|Device Product|Device Version|Signature ID|Name|Severity|Extension]
Copy

For example:

log example
    
Jun 24 14:33:18 OPSWATPC CEF:0|OPSWAT|MSCL|4.16.0|core.network|MSCL[7548] New maximum agent count is set|2|maxAgentCount='1' msgid=665
Copy

Prefix field	Sample value	Description
Timestamp	Jun 24 14:33:18
Hostname	OPSWATPC
CEF:Version	CEF:0	Version 0
Device Vendor	OPSWAT
Device Product	MSCL	MSCL = MetaDefender Core on Linux MSCW = MetaDefender Core on Windows
Device Version	4.16.0	MetaDefender Core version
Signature ID	core.network	For example: core.network: Component "network" on "Core" module agent.engines: Component "engines" on "Node" common.update: Component "update" on common module shared by all modules
Name	MSCL[7548] New maximum agent count is set	Subject of log message MSCL[7548] = MetaDefender Core on Linux ["ometascan" process id = 7548] ometascan-node[455] = MetaDefender Core Node ["ometascan-node" process id = 455]
Severity	2	Log level DUMP (0): The most verbose severity level, these entries are for debuggers only. DEBUG (1): Debuggers severity level, mostly used by support issues. INFO (2): Information from the software, such as scan results. WARNING (3): A problem occurred needs investigation and OPSWAT support must be contacted, however the product is supposed to be operational. ERROR (4): Software error happened, please contact support if the issue is persist. Software functionality may be downgraded in these cases.
Extension	maxAgentCount='1' msgid=665	To learn more about msgid (message ID): Error Message Description Table

Last updated on

Was this page helpful?