Content Mapping Between TMWS Log Output and CEF Syslog Formats

To enable flexible integration with third-party log management systems, TMWS supports Common Event Format (CEF) as the syslog message format.

Common Event Format (CEF) is an open log management standard created by HP ArcSight. TMWS uses a subset of predefined extension keys and its own custom extension keys.

TMWS provides two types of CEF syslog key-value mapping for use as necessary:

  • Syslog content mapping type 1

  • Syslog content mapping type 2

    Note:

    To use this syslog content mapping type, make sure that you have upgraded your on-premises gateway to version 3.1.0.2502 or later.