Configuring export of events in CEF format

You can enable the export of messages in CEF format only after configuring the syslog service to save CEF messages locally or to publish them to a SIEM system.

To configure export of events in CEF format:

1. In the application web interface window, select the Settings → Logs and events → Syslog section.
2. On the CEF format tab, turn on the Enable the CEF log format switch.
3. If you want to select the syslog facility to which the events will be exported, in the Syslog facility drop-down list, select one of the following values:
   • Auth
   • Authpriv
   • Cron
   • Daemon
   • Ftp
   • Lpr
   • Mail
   • News
   • Syslog
   • User
   • Uucp
   • Local0
   • Local1
   • Local2
   • Local3
   • Local4
   • Local5
   • Local6
   • Local7

   We recommend specifying a syslog facility that is not used by other programs on the server.

   By default, the value is set to Local2.

4. In the Event level field, configure the export detail level:
   • Error to export events that involve errors.
   • Info to export all events.

Export of events in CEF format is now configured.