Content and properties of syslog messages in CEF format

Information about each detected event is relayed as a separate syslog message in CEF format with UTF-8 encoding.

A message in CEF format consists of a message body and header. Each Syslog message contains the following fields defined by the Syslog protocol settings in the operating system:

• Date and time of the event
• Name of the host where the event occurred
• Name of the application (always KSMG)

Syslog event message fields defined by the application settings have the <key>="<value>" format. If a key has multiple values, these values are separated with a comma.

The keys and their values contained in a message depend on the specific class of the event.

Example: July 16 10:34:23 host.domain.com KSMG: CEF:0|AO Kaspersky Lab|Kaspersky Secure Mail Gateway|2.1.0.1234|LMS_EV_SETTINGS_CHANGED|task settings changed|severity|cn1=taskId cn1Label=TaskId cs1=taskName csLabel=TaskName act=created/changed/deleted

The maximum size of a syslog message about a detected event depends on the values of syslog settings on the server on which KSMG is installed.

Page top