Red Hat NETWORK BASIC - USER REFERENCE GUIDE 4.0 Guida Utente Scaricare il pdf (Pagina 75)

Appendix 2: Syslog Message Formats

PVS provides options to send real-time and vulnerability data as syslog messages. There are four formats of syslog files

sent from PVS as described here.

1. Syslog message format for syslog generated by real-time PRMs:

<priority>timestamp pvs:

rent_packet|matched_text_previous_packet|risk

2. Syslog message format for syslog generated by real-time PASL or vuln PRM or PASL:

<priority>timestamp pvs:

on|risk

3. Syslog message format for Open Port alert, Service Connection alert, Client and Server Connection alerts, Tracked

Sessions alert, New Host alert, and Accepts External Connection alert:

<priority>timestamp pvs:

ata|risk

4. Encrypted/Interactive session alert:

<priority>timestamp pvs:

The following table describes each field.

Name

Description

priority

The syslog facility level of the message.

timestamp

This field provides the date and time of the syslog message.

src_ip

This field is the source IP address reported for the traffic.

src_port

This field is the source port for the reported traffic.

dst_ip

This field is the destination IP address for the reported traffic.

dst_port

This field is the destination port for the reported traffic.

protocol

This reports the protocol used for the reported traffic.

1 2 ... 70 71 72 73 74 75 76 77 78 79

Nessun commento

Red Hat NETWORK BASIC - USER REFERENCE GUIDE 4.0 Guida Utente Pagina 75