Javascript is required for MOREAL Online Documentation to function properly. Please enable Javascript by adjusting your browser settings.

FireEye Syslog Structure

FireEye EX appliances produce two categories of logs, each with it’s own respective format.

System logs, which contain information about various modules and processes, formatted as

<module>[<pid>]: <thread-id>: [<module>:<severity-level>] free text log details

Alert logs, which contain incident details and support the following formats: CEF, LEEF, CSV, JSON, XML, PLAINTEXT with optional verbosity levels for specific formats.

MOREAL currently supports CEF-formatted Alert logs that follow the below structure

CEF:0|<vendor>|<product name>|<version>|<cef event type>|<event-name>|<severity>|<extension>