Traps Endpoint Security Manager Administrator's Guide
    : ESM Server Event Variables
    Focus
    Focus
    1. Home
    2. Traps
    3. Traps Endpoint Security Manager Administrator's Guide
    4. Reports and Logging
    5. Common Variables Used in Events
    6. ESM Server Event Variables

    Traps Endpoint Security Manager Administrator's Guide

    ESM Server Event Variables

    Table of Contents

    ESM Server Event Variables

    ESM Server events include changes related to preventions, configuration changes, ESM status, licenses, ESM Tech Support files, communication with WildFire. The ESM Console lists these events under the following logging categories:
    • Settings - ESM
    • Settings - Licenses
    • Monitor - ESM
    The following table displays the most commonly specified variables in ESM Server-related events.
    Name
    Meaning
    shost
    Machine name of the ESM Console server
    suser
    User who is logged in to the ESM Console
    dhost
    Machine name of the endpoint
    msg
    Free text description message
    duser
    User who is logged in to the endpoint
    FileName
    Executable filename
    For example, consider the following output for a Communication Check With Proxy event in CEF format:
    Sep 28 2016 17:34:50 172.16.183.173 CEF:0|Palo
Alto Networks|Traps ESM|3.4.1.16709|Communications Check With Proxy|System|9|rt=Sep
28 2016 17:34:50 shost=ESM suser= dhost=ESM msg=Communications check
with Proxy on host 'ESM'. Status: 'WildFire communication succeeded,
proxy is disabled.'
    Notice that this event uses several common variables, namely: shost, dhost, and msg.

    © 2024 Palo Alto Networks, Inc. All rights reserved.