Environment
- App Control: All supported versions
Question
What are the supported log formats for syslogging?
Answer
The supported formats are:
-
Basic (RFC3164)– the default for upgrades from some previous releases
-
Enhanced (RFC5424) – a newer standard; the default for new installations
-
CEF (HP ArcSight) – the format to use to integrate CB Protection event logs withHP ArcSight ESM or HP ArcSight Logger
-
LEEF (IBM Q1 Labs) – the format to user to integrate CB Protection event logs with IBM Security QRadar Log Manager or IBM Security QRadar SIEM
Additional Notes
- Ensure the syslog application supports these formats and are configured correctly
- Not all Syslog applications support these log formats
- App Control Events Guides are available for all supported versions on the User Exchange
Related Content