Logging in AppWall operates under UDP protocol and the maximum expected message size is 1024 bytes.
In addition to the standardized syslog format the AppWall Event is described as a key-value event representation. Within the produced event each Key is followed by an equal sign (=) in order to depict the event respective Key value. Pairs themselves are delimited with a space character
[syslog_pri] [datetime] [syslog-level] [host] [key-value pair event]
MOREAL currently supports events generated by the following modules, with the following event-specific fields defined:
Security | Management | System |
---|---|---|
AppPath | Description | Description |
Description | Object | Object |
Host | Priority | Priority |
IsPassive | ReportingIP | ReportingIP |
Object | Resource | Resource |
ParamName | ServerName | ServerName |
ParamType | SourceIP | SyslogType |
ParamValue | SyslogType | timestamp |
Priority | timestamp | Title |
ReportingIP | Title | Type |
Resource | Type | |
Role | ||
RuleID | ||
ServerName | ||
SourceIP | ||
SourcePort | ||
SyslogType | ||
timestamp | ||
Title | ||
TransID | ||
Tunnel | ||
Type | ||
URI | ||
WebApp | ||
WebUser |