Enabling export of events in CEF format
Enabling export of events in CEF format
4 July 2024
ID 151533
Before enabling export of events in CEF format, it is recommended to specify a category (facility) for syslog that is not used by other programs on the server.
To enable export of events in CEF format:
- Open the XML file containing the extracted settings of the klms-control utility.
- If you want to select the syslog category (facility) to which the events will be exported, in the opened file in the
<siemSettings>
section, specify one of the following values of the<facility>
parameter:Auth
Authpriv
Cron
Daemon
Ftp
Lpr
Mail
News
Syslog
User
Uucp
Local0
Local1
Local2
Local3
Local4
Local5
Local6
Local7
By default, the value is set to
Mail
.Example:
<siemSettings>
<enabled>0</enabled>
<facility>Local1</facility>
- In the opened file, in the
<siemSettings>
section, set the value of the<enabled>
parameter to1
.Example:
<siemSettings>
<enabled>1</enabled>
Did you find this article helpful?
What can we do better?
Thank you for your feedback! You're helping us improve.
Thank you for your feedback! You're helping us improve.