Syslog
Required fields are in bold.
Syslog parser for the RFC3164 format (ie. BSD-syslog messages) Reference: https://tools.ietf.org/html/rfc3164​
Column | Type | Description |
|
| Priority is calculated by (Facility * 8 + Severity). The lower this value, the higher importance of the log message. |
|
| Facility value helps determine which process created the message. Eg: 0 = kernel messages, 3 = system daemons. |
|
| Severity indicates how severe the message is. Eg: 0=Emergency to 7=Debug. |
|
| Timestamp of the syslog message in UTC. |
|
| Hostname identifies the machine that originally sent the syslog message. |
|
| Appname identifies the device or application that originated the syslog message. |
|
| ProcID is often the process ID, but can be any value used to enable log analyzers to detect discontinuities in syslog reporting. |
|
| MsgID identifies the type of message. For example, a firewall might use the MsgID 'TCPIN' for incoming TCP traffic. |
|
| Message contains free-form text that provides information about the event. |
|
| Panther added field with type of log |
|
| Panther added field with unique id (within table) |
|
| Panther added standardize event time (UTC) |
|
| Panther added standardize log parse time (UTC) |
|
| Panther added field with the source id |
|
| Panther added field with the source label |
|
| Panther added field with collection of ip addresses associated with the row |
|
| Panther added field with collection of domain names associated with the row |
|
| Panther added field with collection of SHA1 hashes associated with the row |
|
| Panther added field with collection of MD5 hashes associated with the row |
|
| Panther added field with collection of SHA256 hashes of any algorithm associated with the row |
Syslog parser for the RFC5424 format. Reference: https://tools.ietf.org/html/rfc5424​
Column | Type | Description |
|
| Priority is calculated by (Facility * 8 + Severity). The lower this value, the higher importance of the log message. |
|
| Facility value helps determine which process created the message. Eg: 0 = kernel messages, 3 = system daemons. |
|
| Severity indicates how severe the message is. Eg: 0=Emergency to 7=Debug. |
|
| Version of the syslog message protocol. RFC5424 mandates that version cannot be 0, so a 0 value signals no version. |
|
| Timestamp of the syslog message in UTC. |
|
| Hostname identifies the machine that originally sent the syslog message. |
|
| Appname identifies the device or application that originated the syslog message. |
|
| ProcID is often the process ID, but can be any value used to enable log analyzers to detect discontinuities in syslog reporting. |
|
| MsgID identifies the type of message. For example, a firewall might use the MsgID 'TCPIN' for incoming TCP traffic. |
|
| StructuredData provides a mechanism to express information in a well defined and easily parsable format. |
|
| Message contains free-form text that provides information about the event. |
|
| Panther added field with type of log |
|
| Panther added field with unique id (within table) |
|
| Panther added standardize event time (UTC) |
|
| Panther added standardize log parse time (UTC) |
|
| Panther added field with the source id |
|
| Panther added field with the source label |
|
| Panther added field with collection of ip addresses associated with the row |
|
| Panther added field with collection of domain names associated with the row |
|
| Panther added field with collection of SHA1 hashes associated with the row |
|
| Panther added field with collection of MD5 hashes associated with the row |
|
| Panther added field with collection of SHA256 hashes of any algorithm associated with the row |
