It is NOT "CEF", rather it is "traditional" syslog format. You have included the format in your post (the example from the manual) that identifies the fields and expected values, which should be enough for your application developers to work with.
The closest thing to a standard would probably be RFC 3164 (which they should be using anyway, since it is (was?) the LCD for syslog on Linux systems)
If you need something fancier, please contact your account rep and open an enhancement request.
Original Message:
Sent: Jun 28, 2022 03:09 PM
From: Julian Rendon
Subject: Remote Syslog event format type
Hello
We are currently configuring the sending of events to a remote syslog from Symantec Messging Gateway, but the developers ask us what type of format it is, for example if it is CEF, in the administration manual it does not appear, it only shows the way it is sent:
Does anyone know the type of format? thanks
example from manual:
https://techdocs.broadcom.com/us/en/symantec-security-software/email-security/messaging-gateway/10-7-3/Status_1/log-format-of-mail-transfer-agent-for-remote-syslo-v20272630-d440e3880.html
01-15-2009 11:40:34 Mail.Debug 10.217.32.13 Jan 15 11:39:23scanner1 ecelerity: [21911] THPL-00150: Defer_queue_suspect_bad_messagethread -1696945232 starting
| | | | |
---|
Date, time, facility, log level, and IP address | | | | THPL-00150: Defer_queue_suspect_bad_message thread -1696945232 starting |
The facility for MTA messages is always mail . | Date in the format month date. Time in the format hour:minute. The time is in 24-hour clock notation. The date and time is the date and time that the log message was recorded on the Scanner. | Name of the Scanner on which the log message was created. | Name and process ID of the process that generated the log message. The name is always the MTA name: ecelerity . | |