Views:

Apex Central can forward logs to a syslog server in the following log formats:

  • CEF: Uses the standard Common Event Format (CEF) for log messages

  • Apex Central format: Sets the syslog Facility code to "Local0" and the Severity code to "Notice"

The following tables outline the formats supported by each log type.

Table 1. Security Logs

Log Type

CEF

Apex Central Format

Application Control

Yes

No

Attack Discovery

Yes

No

Behavior Monitoring

Yes

Yes

C&C Callbacks

Yes

No

Content Violations

Yes

No

Data Loss Prevention

Yes

Yes

Device Control

Yes

Yes

Intrusion Prevention

Yes

No

Network Content Inspection

Yes

No

Predictive Machine Learning

Yes

No

Spyware/Grayware

Yes

No

Suspicious Files

Yes

No

Virtual Analyzer

Yes

No

Virus/Malware

Yes

No

Web Violations

Yes

No

Table 2. Product Information

Log Type

CEF

Apex Central Format

Engine Update Status

Yes

Yes

Managed Product Logon/Logoff Events

Yes

Yes

Product Auditing Events

Yes

No

Pattern Update Status

Yes

Yes

For information about mapping syslog content between CEF and Apex Central formats, see Syslog Content Mapping - CEF.