How to send the hash file information of the scanned object through syslog?
search cancel

How to send the hash file information of the scanned object through syslog?

book

Article ID: 217591

calendar_today

Updated On:

Products

Content Analysis Software

Issue/Introduction

This article explains on how to setup the CAS appliance to send the hash information of the scanned object to the syslog server. 

Environment

 

 

 

 

Resolution

Go to Settings > Logging > Set the “ICAP_CONNECTION” Syslog to “INFO” and make sure the File is set to “NONE”.

Enabling the module to File should only been done during troubleshooting in order to prevent from the File taking too much disk space on the appliance.

This setting will cause the logs that contains those scanned objects with the hash information been sent to the Syslog server.

 

 

Below are two samples syslog that contains the hash information for the scanned object. 

<46>1 2021-06-17T06:39:02.572Z 10.0.80.30 avservice 6653 - https://secure.eicar.org/eicar.com verdict malicious.  Hash: 3395856ce81f2b7382dee72602f798b642f14140 Tenant: N/A Transaction: f454a9c809b1f5c5-0000000000012723-0000000060caee04

<46>1 2021-06-17T06:38:45.121Z 10.0.80.30 avservice 6653 - https://www.eicar.org/wp-content/themes/enfold/js/shortcodes.js?ver=4.1 verdict not malicious.  Hash: 0942651fecf57a5f50972f7a65334829ff7773a7 Tenant: N/A Transaction: f454a9c809b1f5c5-0000000000012716-0000000060caedf4

Powered by Wolken Software