Security events

Security messages in CEF format consists of the body and a header.

You cannot change the format of CEF messages by adding, modifying, or removing fields.

The header of each event has seven required fields, separated by | characters:

All fields of the CEF message body have the <key>=<value> format. If a key has multiple values, these values are separated by commas. Colons separate keys.

Keys and values contained in a message depend on the type of event.

For more information about the data model of the normalized event in KUMA, see the KUMA Help.

In the session log for ICMP traffic, the spc and dpt keys show the ICMP ID value.

In this section

Firewall events

Web Control events

DNS Security events

URL Anti-Virus events

Stream and Object Anti-Virus events

SSL inspection events

IDPS log

Service events

Page top