Manualshelf

User Manual Part 6

ManualsBrandsMojo Networks ManualsElectronicsSpectraGuard Access Point / Sensor
51525354555657585960
Appendix A2:Syslog Interface
SpectraGuard® Enterprise User Guide
325
Appendix A2:Syslog Interface
SGE also sends events as Syslog messages. Any standard Syslog receiver (e.g. Syslog watcher from snmpsoft) can be
used to monitor the Syslog messages sent by SGE.
SGE can send Syslog messages either 'Plain Text' or 'IDMEF' format based on the 'Message Format' selected while
configuring Syslog receivers on Syslog configuration screen.
The format of 'Plain Text' Syslog message is shown below.
<<HW Address of Primary Interface of SGE>><Product Name> v<SGEVersion>: <Event Summary Description>: <IP
Address>//<Location> : <Event Date-Time>: <Event Severity Level>:<Event ID>:<Event Major Type>:<Event
Intermediate Type>:<Event Minor Type>
Product Name: SpectraGuard Enterprise
SGE Version: SpectraGuard Enterprise Release
Event Summary Description: Summary description for the event
IP Address: IP Address of the SpectraGuard Enterprise Server
Location: Location in SGE console at which this event is generated.
Event Date-Time: Date-Time at which event was generated in SGE
Event Severity Level: Configured severity level of the SpectraGuard Enterprise Event e.g High, Medium or
Low
Event ID: Unique sequence number which identifies specific instance of an event. This sequence number is
always auto-incremented by 1 for every new event raised.
Event Major Type: It represents the top level category of an event.
Event Intermediate Type: It represents the sub-category within Event Major Type
Event Minor Type: It is the actual identifier of the event type
Example:
"<xx:yy:zz:aa:bb:cc>SpectraGuard Enterprise v6.5 : Start: Rogue AP [Symbol_CC:31:B0] is active. :
192.168.8.134://Locations/Unknown : 2010-06-10T05:16:28+00:00 : High : 21218 : 5 : 59 : 779"
The IDMEF message contains some additional information which is not available with 'Plain Text' format
Product Vendor: AirTight
SGE Operating System: Linux
SGE Operating System Version: Operating system version of SGE appliance
Event Short Name: Short text identifying the type of an event
The format of 'IDMEF' Syslog message is shown below.
"<HW Address of Primary Interface of SGE><?xml version=""1.0""?>
<!DOCTYPE IDMEF-Message PUBLIC ""-//IETF//DTD RFC XXXX IDMEF v1.0//EN"" ""/var/tmp/libidmef-1.0.2-
beta1-buildroot/usr/share/idmef-message.dtd"">
<IDMEF-Message version=""1.0"">
<Alert messageid="<EventID>">
<Analyzer analyzerid="<IP Address>" name="<Product Name>" manufacturer="<Product Vendor>"
model="""" version="<SGE Version>" class="""" ostype="<SGE Operating System>" osversion="<SGE Operating
System Version>">
<Node>
<location><IP Address>//<Location></location>
</Node>
</Analyzer>
<CreateTime ntpstamp="<Event Date-Time in NTP format>">Event Date Time</CreateTime>
<Classification ident="<Event Major Type><.Event Intermediate Type>.<Event Minor Type>" text="<Event
Short Description>"/>
<Assessment>
<Impact severity="<Event Severity>"></Impact>
</Assessment>