What are the supported Syslog Formats?
book
Article ID: 286438
calendar_today
Updated On:
Products
Carbon Black App Control (formerly Cb Protection)
Issue/Introduction
What are the supported log formats for syslogging?
Environment
- App Control Server: All Supported Versions
Resolution
The supported formats are:
-
Basic (RFC3164) – the default for upgrades from some previous releases
-
Enhanced (RFC5424) – a newer standard; the default for new installations
-
CEF (HP ArcSight) – the format to use to integrate App Control event logs withHP ArcSight ESM or HP ArcSight Logger
-
LEEF (IBM Q1 Labs) – the format to user to integrate App Control event logs with IBM Security QRadar Log Manager or IBM Security QRadar SIEM
Additional Information
- Ensure the syslog application supports these formats and are configured correctly
- Not all Syslog applications support these log formats
- See the Events Guide on VMware Docs > Server Documentation for more details.
- It is currently only possible to send to one Syslog server at this time.
Feedback
thumb_up
Yes
thumb_down
No