System Log Messages (Deep Discovery Email Inspector)

https://docs.trendmicro.com/o-help/ent/ddei/5.1/en-us/ddei_5.1_ag.pdf

System Log Messages

Base Rule

General Info Log Message

Information

System Event Logs

Sub Rule

General System

Information

Product Update Logs

Sub Rule

Agent Updated

Information

Device Key in Log Message

LogRhythm Schema

Data Type

Schema Description

Header (logVer)

N/A

N/A

CEF format version.

Header (vendor)

N/A

N/A

Appliance vendor.

Header (pname)

N/A

N/A

Appliance product.

Header (pver

<version>

Text/String

Appliance version.

Header (eventid)

<vmid>

Number

Signature ID

• 300102 (PRODUCT_UPDATE)

• 300999 (SYSTEM_EVENT)

Header (eventName)

<vendorinfo>

<tag1>

Text/String

Description

• PRODUCT_UPDATE (300102)

• SYSTEM_EVENT (300999)

Header (severity)

<severity>

Number

Severity

• 2: Unavailable

• 4: Low

• 6: Medium

• 8: High

rt

N/A

N/A

Log generation time.

dvcmac

<dmac>

Text/String

Appliance MAC address.

cn3Label

N/A

N/A

N/A

cn3

N/A

N/A

N/A

msg

<subject>

Text/String

Event description.

deviceExternalId

N/A

N/A

Appliance GUID.

dvchost

<dname>

Text/String

Appliance host name.

dvc

<dip>

IP Address

Appliance IP address.