ODIX

ODI integrated Knowledge Base Providing community based support.

CEF configuration

Follow

CEF format for syslog message is:
Date RemoteIP/Host CEF:Version|Device Vendor|Device Product|Device Version|Signature ID|Name|Severity|Extension

The extension field is a collection of key-value pairs predefined by the CEF format.

Example to use it in the MGMT:
CEF:0|odix|<platform_name>|6.2.2|100|blocked file by odix system|8|src=<notifier_ip> suser=<username> oldFileHash=<hash_before_scan> fileHash=<hash_after_odixing> filePath=<file_path> fileId=<file_id> rt=<timestamp> msg=status: <status> description: <description> scan id: <scan_id> fileType=<file_mime>

-> will become:
Mar 12 17:22:50 10.0.0.133 CEF:0|odix|Station-Demo|6.2.2|100|blocked file by odix system|8|src=10.0.0.79 suser=einav oldFileHash=49d4be00afde4f773366b671fbf422c7a39faa9a fileHash= filePath=/media/Transcend/Testing/FINAL TESTING/EXETESTS/large file over 1gb/OSCE11_1028_GM.exe fileId=133 rt=Mar 12 2018 17:20:47 msg=status: Blocked description: File Was Blocked By Policy scan id: b47383588c10d0dd847d4d6154af33b7 fsize=984.61 MB fileType=application/x-ms-dos-executable

Was this article helpful?
0 out of 0 found this helpful

Comments

Powered by Zendesk