DHCP Response from server, assigning the IP 192.168.2.3:
@cee: {
"host":"stout",
"pname":"my_appname",
"time":"2012-08-22T11:20:10.559748-04:00",
"action":"request",
"domain":"net",
"object":"interface",
"service":"dhcp_client",
"status":"success",
"ipv4":"192.168.2.3",
"event":"dhcp_client",
"interface_name":"eth0",
"profile":�http://gemds.com/cee_profile/1.0beta1.xsd
}
The body of syslog messages of type "alert" is specified using RFC 5425 type key/value pairs. A few
additional fields are also present.
8.3.2
syslog PRIVAL
The "PRIVAL" field of the syslog "HEADER" shall to be set to 113 for alerts and between 104 and 111
for editable events.
8.3.3
syslog APP-NAME
The "APP-NAME" field of the "HEADER" specified in the syslog RFC shall be set to "csmgr".
RFC5424 states: "The APP-NAME field SHOULD identify the device or application that originated the
message." The semantics of the field have changed from the application that originated the event, to the
application who should receive the event.
8.3.4
syslog MSG
For events of type audit, the msg is vendor specific, whereas events of type alert must be in a specified
format which contains a GUID, level and message. Using the CEE approach all of the requested
information would be present in all messages.
Example of message using format
Jun 7 11:10:22 ccc99 csmgr[27417]: Source=' ABCDEF0123456789AB00000000000099'
Level='5' Message='Date/Time Changed by User'
Example of message using CEE format
Jun 7 11:10:22 ccc99 systemmgr[33212]: @cee: {"host":"ccc99","guid":"
ABCDEF0123456789AB00000000000099","syslog_priority":5,
"pname":"systemmgr","time":"2012-08-23T09:16:21.335592-
04:00","action":"modify","domain":"os","object":"datetime",
"status":"success","event":"date_time_from_user","profile":"http://gemds.com/cee_profile/
1.0beta1.xsd"}
8.4 Configuring
The following shows how to configure the unit with a server to which events will be sent:
% set logging syslog server my_syslog_server ip 192.168.1.1 port 1999 protocol tls version
RFC5424 tls-options tls-ca-certificate my_ca_cert tls-client-certificate my_client_cert tls-
client-key my_client_key
MDS 05-6632A01, Rev. F
MDS Orbit MCR/ECR Technical Manual
413