Content and properties of syslog messages in CEF format

4 July 2024

ID 151684

Information about each detected event is relayed as a separate syslog message in CEF format with UTF-8 encoding.

A message in CEF format consists of a message body and header. The message header contains the CEF format version and general information about the event, including the vendor, name and version of the program, the name, importance and class of the detected event, and the time when the event was detected. The message body consists of a sequence of <key>=<value> pairs.


July 16, 2017 10:34:23 \

CEF:0|AO Kaspersky Lab|Kaspersky Linux \


task settings changed|Low|cn1=taskId \

cn1Label=TaskId cs1=taskName csLabel=TaskName \


The maximum size of a syslog message about a detected event depends on the values of syslog settings on the server on which Kaspersky Security 8 for Linux Mail Server is installed. You can configure forwarding of syslog messages to only one external syslog server simultaneously.

Did you find this article helpful?
What can we do better?
Thank you for your feedback! You're helping us improve.
Thank you for your feedback! You're helping us improve.