Apex Central can forward logs to a syslog server in the following log formats:
-
CEF: Uses the standard Common Event Format (CEF) for log messages
-
Apex Central format: Sets the syslog Facility code to "Local0" and the Severity code to "Notice"
The following tables outline the formats supported by each log type.
|
Log Type |
CEF |
Apex Central Format |
|---|---|---|
|
Application Control violations |
Yes |
No |
|
Attack Discovery detections |
Yes |
No |
|
Behavior Monitoring detections |
Yes |
Yes |
|
C&C Callback |
Yes |
No |
|
Content Violation |
Yes |
No |
|
Data Loss Prevention |
Yes |
Yes |
|
Device Control violations |
Yes |
Yes |
|
Suspicious File detections |
Yes |
No |
|
Network Content Inspection |
Yes |
No |
|
Virus/Malware detections |
Yes |
No |
|
Spyware/Grayware detections |
Yes |
No |
|
Predictive Machine Learning detections |
Yes |
No |
|
Virtual Analyzer detections |
Yes |
No |
|
Web Violation |
Yes |
No |
|
Log Type |
CEF |
Apex Central Format |
|---|---|---|
|
Engine Update Status |
Yes |
Yes |
|
Pattern Update Status |
Yes |
Yes |
|
Managed Product Logon/Logoff Events |
Yes |
Yes |
For information about mapping syslog content between CEF and Apex Central formats, see Syslog Content Mapping - CEF.