Traps Endpoint Security Manager Administrator's Guide
    : ESM Configuration Change Event Variables
    Focus
    Focus
    1. Home
    2. Traps
    3. Traps Endpoint Security Manager Administrator's Guide
    4. Reports and Logging
    5. Common Variables Used in Events
    6. ESM Configuration Change Event Variables

    Traps Endpoint Security Manager Administrator's Guide

    ESM Configuration Change Event Variables

    Table of Contents

    ESM Configuration Change Event Variables

    ESM configuration change events include system-wide changes to licensing, administrative users and roles, processes, restriction settings, and conditions. The ESM Console lists these events under the following Logging Events categories:
    • Policies - Process Management
    • Policies - Restriction Settings
    • Settings - Administration
    • Settings Conditions
    The following table displays the most commonly specified variables in ESM configuration-related events.
    Name
    Meaning
    shost
    Machine name of the ESM Console server
    suser
    User who is logged in to the ESM Console
    msg
    Free text description
    dhost
    Machine name of the endpoint
    deviceProcessName
    Process name
    For example, consider the output for a Role Added/Edited event in CEF format:
    Sep 28 2016 17:42:04 ESM CEF:0|Palo Alto Networks|Traps ESM|3.4.1.16709|Role
Edited|Config|3|rt=Sep 28 2016 17:42:04 shost=ESM suser=administrator
msg=Role TechWriter was added\changed
    Notice that this event uses several common variables, namely: shost, suser, and msg.

    © 2024 Palo Alto Networks, Inc. All rights reserved.