Audit events are logged in standard format if audit event logging is enabled in Audit Log settings.
Information about each detected audit event is relayed as a separate syslog message in the standard format with UTF-8 encoding. The event logging category is specified in the Settings → Logs and events → Syslog → Standard format → Syslog facility section.
A message in standard format looks like this:
<date and time of the event> <IP address and port of the node> KSMG: <event information>
The date and time of the event follows the time zone of the node on which the event was initiated. The date and time format is determined by Syslog protocol settings in the operating system.
Syslog event message fields defined by the application settings have the <key>="<value>" format. If a key has multiple values, these values are separated with semicolons (";").
The keys and their values contained in a message depend on the group of the event.
Example: Aug 15 09:09:15 host.domain.com 10.16.32.64:9045 KSMG: event-type="authentication": event="authentication_attempt": event-guid="51b06b47-6a47-4349-ae03-7ea0559b683f": event-result="Success": event-part="1": event-total-parts="1": user-account-type="Local": user-ip="0.0.0.0": user-login="Administrator": user-roles="Superuser": auth-type="Local" |
The maximum size of a syslog message about a detected event depends on the values of syslog settings on the server on which KSMG is installed.
Page top