Messaging Gateway

Hello 

We are currently configuring the sending of events to a remote syslog from Symantec Messging Gateway, but  the developers ask us what type of format it is, for example if it is CEF, in the administration manual it does not appear, it only shows the way it is sent:

Does anyone know the type of format? thanks 


example from manual:

https://techdocs.broadcom.com/us/en/symantec-security-software/email-security/messaging-gateway/10-7-3/Status_1/log-format-of-mail-transfer-agent-for-remote-syslo-v20272630-d440e3880.html

01-15-2009    11:40:34    Mail.Debug    10.217.32.13    Jan  15 11:39:23
scanner1 ecelerity: [21911] THPL-00150: Defer_queue_suspect_bad_message
thread -1696945232 starting

Standard prefix	Date and time	Scanner host name	Process:[PID]	Message
Date, time, facility, log level, and IP address	Jan 15 11:39	scanner1	ecelerity: [21911]	THPL-00150: Defer_queue_suspect_bad_message thread -1696945232 starting
The facility for MTA messages is always  mail . Standard prefix for Scanner logs sent to remote syslog	Date in the format month date. Time in the format hour:minute. The time is in 24-hour clock notation. The date and time is the date and time that the log message was recorded on the Scanner.	Name of the Scanner on which the log message was created.	Name and process ID of the process that generated the log message. The name is always the MTA name:  ecelerity .	Log message.

It is NOT "CEF", rather it is "traditional" syslog format.  You have included the format in your post (the example from the manual) that identifies the fields and expected values, which should be enough for your application developers to work with.
The closest thing to a standard would probably be RFC 3164 (which they should be using anyway, since it is (was?) the LCD for syslog on Linux systems)

If you need something fancier, please contact your account rep and open an enhancement request.
Original Message:
Sent: Jun 28, 2022 03:09 PM
From: Julian Rendon
Subject: Remote Syslog event format type

Hello

We are currently configuring the sending of events to a remote syslog from Symantec Messging Gateway, but  the developers ask us what type of format it is, for example if it is CEF, in the administration manual it does not appear, it only shows the way it is sent:

Does anyone know the type of format? thanks


example from manual:

https://techdocs.broadcom.com/us/en/symantec-security-software/email-security/messaging-gateway/10-7-3/Status_1/log-format-of-mail-transfer-agent-for-remote-syslo-v20272630-d440e3880.html

01-15-2009    11:40:34    Mail.Debug    10.217.32.13    Jan  15 11:39:23scanner1 ecelerity: [21911] THPL-00150: Defer_queue_suspect_bad_messagethread -1696945232 starting

Standard prefix	Date and time	Scanner host name	Process:[PID]	Message
Date, time, facility, log level, and IP address	Jan 15 11:39	scanner1	ecelerity: [21911]	THPL-00150: Defer_queue_suspect_bad_message thread -1696945232 starting
The facility for MTA messages is always  mail . Standard prefix for Scanner logs sent to remote syslog	Date in the format month date. Time in the format hour:minute. The time is in 24-hour clock notation. The date and time is the date and time that the log message was recorded on the Scanner.	Name of the Scanner on which the log message was created.	Name and process ID of the process that generated the log message. The name is always the MTA name:  ecelerity .	Log message.

Hello Thomas 

Thanks for you answer, we send this info to developer team 

thanks
Original Message:
Sent: Jun 28, 2022 03:52 PM
From: Thomas Anderson
Subject: Remote Syslog event format type

It is NOT "CEF", rather it is "traditional" syslog format.  You have included the format in your post (the example from the manual) that identifies the fields and expected values, which should be enough for your application developers to work with.
The closest thing to a standard would probably be RFC 3164 (which they should be using anyway, since it is (was?) the LCD for syslog on Linux systems)

If you need something fancier, please contact your account rep and open an enhancement request.
Original Message:
Sent: Jun 28, 2022 03:09 PM
From: Julian Rendon
Subject: Remote Syslog event format type

Hello

We are currently configuring the sending of events to a remote syslog from Symantec Messging Gateway, but  the developers ask us what type of format it is, for example if it is CEF, in the administration manual it does not appear, it only shows the way it is sent:

Does anyone know the type of format? thanks


example from manual:

https://techdocs.broadcom.com/us/en/symantec-security-software/email-security/messaging-gateway/10-7-3/Status_1/log-format-of-mail-transfer-agent-for-remote-syslo-v20272630-d440e3880.html

01-15-2009    11:40:34    Mail.Debug    10.217.32.13    Jan  15 11:39:23scanner1 ecelerity: [21911] THPL-00150: Defer_queue_suspect_bad_messagethread -1696945232 starting

Standard prefix	Date and time	Scanner host name	Process:[PID]	Message
Date, time, facility, log level, and IP address	Jan 15 11:39	scanner1	ecelerity: [21911]	THPL-00150: Defer_queue_suspect_bad_message thread -1696945232 starting
The facility for MTA messages is always  mail . Standard prefix for Scanner logs sent to remote syslog	Date in the format month date. Time in the format hour:minute. The time is in 24-hour clock notation. The date and time is the date and time that the log message was recorded on the Scanner.	Name of the Scanner on which the log message was created.	Name and process ID of the process that generated the log message. The name is always the MTA name:  ecelerity .	Log message.