ASMS can send monitoring messages using the syslog system, which is a standard for forwarding log messages in an IP network. ASMS can send syslog messages to local or remote servers, and external systems can read ASMS's monitoring messages and act upon their content.
Supported external syslog systems include SEIM (Security Information and Event Management) or SOC (Security Operations Center) systems, such as ArcSight, Check Point Eventia, CA eTrust, NetIQ, and so on.
For more details, see:
- AFA Syslog messages
- FireFlow syslog messages
- AppViz Syslog messages
- Login and logout Syslog messages
- System metric notifications
ASMS stores syslog messages locally, in the /var/log/message directory, in CEF (Common Event Format).
Each message starts with a standard syslog prefix, including the event date and time, and the ASMS machine name. This prefix is followed by the CEF-standard, bar-delimited message format.
Syslog message headers have the following syntax:
- <Product Name>: For example: Firewall Analyzer, FireFlow, AppViz, etc.
- <Version> is the version string. For example: v3200.0.270-b132
- <Event> items are readable text that designates the message type.
- <Severity> is a number between 0-7 and varies by message.
- <Domain> is the domain name or NONE, if domains are not enabled.
- <Extension> items contain more details in a parameter=value format.
â See also: