Apex Central can forward logs to a syslog server in the following log formats:
-
CEF: Uses the standard Common Event Format (CEF) for log messages
-
Apex Central format: Sets the syslog Facility code to "Local0" and the Severity code to "Notice"
The following tables outline the formats supported by each log type.
|
Log Type |
CEF |
Apex Central Format |
|---|---|---|
|
Application Control |
Yes |
No |
|
Attack Discovery |
Yes |
No |
|
Behavior Monitoring |
Yes |
Yes |
|
C&C Callbacks |
Yes |
No |
|
Content Violations |
Yes |
No |
|
Data Loss Prevention |
Yes |
Yes |
|
Device Control |
Yes |
Yes |
|
Intrusion Prevention |
Yes |
No |
|
Network Content Inspection |
Yes |
No |
|
Predictive Machine Learning |
Yes |
No |
|
Spyware/Grayware |
Yes |
No |
|
Suspicious Files |
Yes |
No |
|
Virtual Analyzer |
Yes |
No |
|
Virus/Malware |
Yes |
No |
|
Web Violations |
Yes |
No |
|
Log Type |
CEF |
Apex Central Format |
|---|---|---|
|
Engine Update Status |
Yes |
Yes |
|
Managed Product Logon/Logoff Events |
Yes |
Yes |
|
Product Auditing Events |
Yes |
No |
|
Pattern Update Status |
Yes |
Yes |
For information about mapping syslog content between CEF and Apex Central formats, see Syslog Content Mapping - CEF.