CEF Pattern Update Status Logs

CEF Key

Description

Value

Header (logVer)

CEF format version

CEF:0

Header (vendor)

Appliance vendor

Trend Micro

Header (pname)

Appliance product

Control Manager

Header (pver)

Appliance version

7.0

Header (eventid)

Event ID

800101

Header (eventName)

Log name

Pattern Update Status

Header (severity)

Severity

3

rt

Log generation time in UTC

Example: "Nov 02 2017 12:46:44 GMT+00:00"

shost

Product Entity/Endpoint

Example: "shost1"

cs1Label

Corresponding label for the "cs1" field

"Operating System"

cs1

Operating system

Example: "Windows 7"

cs2Label

Corresponding label for the "cs2" field

"Product/Endpoint IP"

cs2

Product/Endpoint IP

Example: "10.0.7.20"

cs3Label

Corresponding label for the "cs3" field

"Update Agent"

cs3

Update Agent

Example: "0"

cs4Label

Corresponding label for the "cs4" field

"Domain"

cs4

Domain

Example: "Default"

cn1Label

Corresponding label for the "cn1" field

"Connection Status"

cn1

Connection status

Example: "100"

  • 0: Unable to connect

  • 1: Active

  • 2: Inactive

  • 100: Product active

  • 101: Product inactive but agent is active

  • 102: Roaming

cn2Label

Corresponding label for the "cn2" field

"Pattern/Rule"

cn2

Pattern/Rule

Example: "2048"

cs5Label

Corresponding label for the "cs5" field

"Pattern/Rule Version"

cs5

Pattern/Rule version

Example: "1548"

cn3Label

Corresponding label for the "cn3" field

"Pattern/Rule Status"

cn3

Pattern/Rule status

Example: "1"

  • 0: Unused

  • 1: In use

cs6Label

Corresponding label for the "cs6" field

"AUComponent_Type"

cs6

ActiveUpdate component type

Example: "2"

  • 2: Pattern

deviceFacility

Product

Example: "OfficeScan"

Log sample:

CEF:0|Trend Micro|Control Manager|7.0|800101|Pattern Update 
Status|3|rt=Nov 02 2017 12:46:44 GMT+00:00 shost=shost1 cs1L
abel=Operating_System cs1=Windows 7  cs2Label=Product/Endpoi
nt_IP cs2=10.0.7.20 cs3Label=Update_Agent cs3=0 cs4Label=Dom
ain cs4=Default cn1Label=Connection_Status cn1=100 cn2Label=
Pattern/Rule cn2=2048 cs5Label=Pattern/Rule_Version cs5=1548
 cn3Label=Pattern/Rule_Status cn3=1 cs6Label=AUComponent_Typ
e cs6=2 deviceFacility=OfficeScan . [0]