Traps Endpoint Security Manager Administrator's Guide
    : Syslog (RFC5424) Format
    Focus
    Focus
    1. Home
    2. Traps
    3. Traps Endpoint Security Manager Administrator's Guide
    4. Reports and Logging
    5. Forward Logs to an External Logging Platform
    6. Syslog (RFC5424) Format

    Traps Endpoint Security Manager Administrator's Guide

    Syslog (RFC5424) Format

    Table of Contents

    Syslog (RFC5424) Format

    The following table lists the events in Syslog (RFC5424) format.
    Event
    Syslog Format
    AccessViolation
    <134>1 @Model["Rfc5424Time"] @Model["EsmIp"] - - - @Model["Time"],Traps Agent,@Model["ProductVersion"], Threat,Access Violation,@Model["host"], @Model["user"],@Model["user"], @Model["TargetValue"],@Model.ExternalSeverity, @Model["EPM"],,,,@Model["AgentIp"],,
    AgentAuthenticationFailed
    <134>1 @Model["Rfc5424Time"] @Model["EsmIp"] - - - @Model["Time"],Traps Agent,@Model["ProductVersion"], Agent,Agent Authentication Failed,,, @Model["AgentIp"] authentication failed - @Model["FailureReason"],@Model.ExternalSeverity,,,, @Model["AgentIp"],,@Model["AgentIp"],,
    AgentContentUpdate
    <134>1 @Model["Rfc5424Time"] @Model["EsmIp"] - - - @Model["Time"],Traps Agent,@Model["ProductVersion"], Agent,Agent Content Update,@Model["host"], @Model["user"],@Model["user"], @Model["ContentVersion"],@Model.ExternalSeverity,,,,, ,
    AgentPolicyChange
    <134>1 @Model["Rfc5424Time"] @Model["EsmIp"] - - - @Model["Time"],Traps Agent,@Model["ProductVersion"], Agent,Agent Policy Changed,@Model["host"], @Model["user"],Policy changed, @Model.ExternalSeverity,,,,,,
    AgentPolicyChangesFailed
    <134>1 @Model["Rfc5424Time"] @Model["esmHost"] - - - @Model["Time"],Traps Agent,@Model["ProductVersion"], Agent,Agent Policy Changes failed,@Model["host"], @Model["user"],New Policy Changes Failed, @Model.ExternalSeverity,,,,,,
    ArchivedPreventionsFailure
    <134>1 @Model["Rfc5424Time"] @Model["EsmIp"] - - - @Model["Time"],Traps ESM,@Model["ProductVersion"], System,Preventions Archived Failed,@Model["esmHost"], @Model["user"],,,Archived preventions failed, @Model.ExternalSeverity,,,,,
    ArchivedPreventions
    <134>1 @Model["Rfc5424Time"] @Model["EsmIp"] - - - @Model["Time"],Traps ESM,@Model["ProductVersion"], System,Preventions Archived,@Model["esmHost"], @Model["user"],@Model["host"],, @Model["totalPreventions"] preventions been archived, @Model.ExternalSeverity,,,,,
    ClientInstall
    <134>1 @Model["Rfc5424Time"] @Model["EsmIp"] - - - @Model["Time"],Traps Agent,@Model["ProductVersion"], Agent,Agent Install,@Model["host"],@Model["user"], Agent installed,@Model.ExternalSeverity,,,,,,
    ClientLicenseInvalid
    <134>1 @Model["Rfc5424Time"] @Model["EsmIp"] - - - @Model["Time"],Traps Agent,@Model["ProductVersion"], Agent,Client License Invalid,@Model["host"], @Model["user"],Invalid license , @Model.ExternalSeverity,,,,,,
    ClientLicenseRequest
    <134>1 @Model["Rfc5424Time"] @Model["EsmIp"] - - - @Model["Time"],Traps Agent,@Model["ProductVersion"], Agent,Client License Request,@Model["host"], @Model["user"],New license request, @Model.ExternalSeverity,,,,,,
    ClientUninstall
    <134>1 @Model["Rfc5424Time"] @Model["EsmIp"] - - - @Model["Time"],Traps Agent,@Model["ProductVersion"], Agent,Agent Uninstall,@Model["host"],@Model["user"], Agent uninstalled,@Model.ExternalSeverity,,,,,,
    ClientUpgrade
    <134>1 @Model["Rfc5424Time"] @Model["EsmIp"] - - - @Model["Time"],Traps Agent,@Model["ProductVersion"], Agent,Agent Upgrade,@Model["host"],@Model["user"], Agent upgraded,@Model.ExternalSeverity,,,,,,
    CommunicationsCheckWithProxy
    <134>1 @Model["Rfc5424Time"] @Model["EsmIp"] - - - @Model["Time"],Traps ESM,@Model["ProductVersion"], System,Communications Check With Proxy, @Model["esmHost"],@Model["user"],,, Communications check with Proxy on host '@Model["host"]'. Status: '@Model["message"]', @Model.ExternalSeverity,,,,,
    ConditionDeleted
    <134>1 @Model["Rfc5424Time"] @Model["EsmIp"] - - - @Model["Time"],Traps ESM,@Model["ProductVersion"], Config,Condition Deleted,@Model["esmHost"], @Model["user"],,@Model["user"],, @Model.ExternalSeverity,,,,
    ConditionEdited
    <134>1 @Model["Rfc5424Time"] @Model["EsmIp"] - - - @Model["Time"],Traps ESM,@Model["ProductVersion"], Config,Condition Edited,@Model["esmHost"], @Model["user"],,@Model["user"],, @Model.ExternalSeverity,,,,
    ConfigurationChange
    <134>1 @Model["Rfc5424Time"] @Model["EsmIp"] - - - @Model["Time"],Traps ESM,@Model["ProductVersion"], Config,Settings Change,@Model["esmHost"], @Model["user"],,@Model["user"],, @Model["OldValue"] to @Model["NewValue"]., @Model.ExternalSeverity,,,,
    DisabledProtection
    <134>1 @Model["Rfc5424Time"] @Model["EsmIp"] - - - @Model["Time"],Traps ESM,@Model["ProductVersion"], Policy,Protection Disabled,@Model["esmHost"], @Model["user"],Protection disabled on all agents, @Model.ExternalSeverity,,,,
    EPMInitFailed
    <134>1 @Model["Rfc5424Time"] @Model["EsmIp"] - - - @Model["Time"],Traps Agent,@Model["ProductVersion"], Agent,EPM Init Failed,@Model["host"],@Model["user"], EPM @Model["EPM"] failed to initialize, @Model.ExternalSeverity,@Model["EPM"],,,,,
    EnabledProtection
    <134>1 @Model["Rfc5424Time"] @Model["EsmIp"] - - - @Model["Time"],Traps ESM,@Model["ProductVersion"], Policy,Protection Enabled,@Model["esmHost"], @Model["user"],Protection restored on all agents, @Model.ExternalSeverity,,,,
    EsmConfigurationChange
    <134>1 @Model["Rfc5424Time"] @Model["EsmIp"] - - - @Model["Time"],Traps ESM,@Model["ProductVersion"], System,ESM Configuration Change,@Model["esmHost"], @Model["user"],,,@Model["user"],,, @Model.ExternalSeverity,,,,,
    EsmStatusChange
    <134>1 @Model["Rfc5424Time"] @Model["EsmIp"] - - - @Model["Time"],Traps ESM,@Model["ProductVersion"], System,ESM Status Change,@Model["esmHost"], @Model["user"],,,ESM status changed, @Model.ExternalSeverity,,,,,
    FileUploadFailure
    <134>1 @Model["Rfc5424Time"] @Model["EsmIp"] - - - @Model["Time"],Traps ESM,@Model["ProductVersion"], System,File Upload Failure,@Model["esmHost"],, @Model["host"],@Model["user"],File failed to upload, @Model.ExternalSeverity,@Model["fileName"],,,,
    HashesImport
    <134>1 @Model["Rfc5424Time"] @Model["EsmIp"] - - - @Model["Time"],Traps ESM,@Model["ProductVersion"], Policy,Hashes Import,@Model["esmHost"], @Model["user"],@Model["Amount"] hashes were imported, @Model.ExternalSeverity,@Model["Hash"],,,
    Heartbeat
    <134>1 @Model["Rfc5424Time"] @Model["EsmIp"] - - - @Model["Time"],Traps Agent,@Model["ProductVersion"], Agent,Heartbeat,@Model["host"],@Model["user"], Service is alive,@Model.ExternalSeverity,,,, @Model["AgentIp"],,@Model["AgentIp"],,
    LicenseExpiration
    <134>1 @Model["Rfc5424Time"] @Model["EsmIp"] - - - @Model["Time"],Traps ESM,@Model["ProductVersion"], System,License Expiration,@Model["esmHost"], @Model["user"],,,@Model["user"],,, @Model["days"] days,@Model.ExternalSeverity,,,,,
    LicensePoolAdded
    <134>1 @Model["Rfc5424Time"] @Model["EsmIp"] - - - @Model["Time"],Traps ESM,@Model["ProductVersion"], System,License Pool Added,@Model["esmHost"], @Model["user"],,,@Model["user"],,, @Model["licenseType"] have been added, @Model.ExternalSeverity,,,,,
    LicenseQuantity
    <134>1 @Model["Rfc5424Time"] @Model["EsmIp"] - - - @Model["Time"],Traps ESM,@Model["ProductVersion"], System,License Quantity,@Model["esmHost"], @Model["user"],,,Agent Licenses are running low, @Model.ExternalSeverity,,,,,
    LicenseRevoked
    <134>1 @Model["Rfc5424Time"] @Model["EsmIp"] - - - @Model["Time"],Traps ESM,@Model["ProductVersion"], Config,License Revoked,@Model["esmHost"], @Model["user"] ,@Model["host"],Licenses revoked, @Model.ExternalSeverity,,,,
    LocalAnalysisFeatureExtractionFailed
    <134>1 @Model["Rfc5424Time"] @Model["EsmIp"] - - - @Model["Time"],Traps Agent,@Model["ProductVersion"], Agent,Local Analysis Extraction Failed, @Model["host"],@Model["user"], Local Analysis Feature Extraction Failed, @Model.ExternalSeverity,,@Model["ContentVersion"],,,,
    LocalAnalysisModelUnavailable
    <134>1 @Model["Rfc5424Time"] @Model["EsmIp"] - - - @Model["Time"],Traps ESM,@Model["ProductVersion"], System,Local Analysis Model Unavailable, @Model["esmHost"],@Model["user"],@Model["host"],, Local Analysis Model Unavailable, @Model.ExternalSeverity,,,,,
    LocalAnalysisModuleFailed
    <134>1 @Model["Rfc5424Time"] @Model["EsmIp"] - - - @Model["Time"],Traps Agent,@Model["ProductVersion"], Agent,Local Analysis Module Failed,@Model["host"], @Model["user"],@Model["user"], @Model.ExternalSeverity,,,,,,
    LocalAnalysisModuleSucceeded
    <134>1 @Model["Rfc5424Time"] @Model["EsmIp"] - - - @Model["Time"],Traps Agent,@Model["ProductVersion"], Agent,Local Analysis Module Succeeded,@Model["host"], @Model["user"],@Model["user"], @Model.ExternalSeverity,,,@Model["ModuleVersion"],,,
    MachineLicenseValidationFailed
    <134>1 @Model["Rfc5424Time"] @Model["EsmIp"] - - - @Model["Time"],Traps ESM,@Model["ProductVersion"], System,Machine License Validation Failed, @Model["esmHost"],@Model["user"],@Model["host"],, License Validation Failed,@Model.ExternalSeverity,,,, ,,
    NewHash
    <134>1 @Model["Rfc5424Time"] @Model["EsmIp"] - - - @Model["Time"],Traps ESM,@Model["ProductVersion"], Policy,New Hash Added,@Model["esmHost"], @Model["user"],New hash added, @Model.ExternalSeverity,@Model["Hash"],, @Model["NewVerdict"],@Model["NewVerdict"],
    NotificationEvent
    <134>1 @Model["Rfc5424Time"] @Model["EsmIp"] - - - @Model["Time"],Traps Agent,@Model["ProductVersion"], Threat,Notification Event,@Model["host"], @Model["user"],@Model["user"], @Model["preventionKey"],@Model.ExternalSeverity, @Model["EPM"],@Model["ProcessName"],@Model["Hash"], @Model["ContentVersion"],@Model["AgentIp"],,
    OneTimeActionComplete
    <134>1 @Model["Rfc5424Time"] @Model["EsmIp"] - - - @Model["Time"],Traps Agent,@Model["ProductVersion"], Agent,One Time Action Complete,@Model["host"], @Model["user"],@Model["user"], Type=@Model["ActionType"]. Action ID=@Model["ActionID"],@Model.ExternalSeverity,,,,,,
    OneTimeActionFailed
    <134>1 @Model["Rfc5424Time"] @Model["EsmIp"] - - - @Model["Time"],Traps Agent,@Model["ProductVersion"], Agent,One Time Action Failed,@Model["host"], @Model["user"],@Model["user"], Type=@Model["ActionType"],@Model.ExternalSeverity,,,, ,,
    PostDetectionEvent
    <134>1 @Model["Rfc5424Time"] @Model["EsmIp"] - - - @Model["Time"],Traps Agent,@Model["ProductVersion"], Threat,Post Detection Event,@Model["host"], @Model["user"],@Model["user"], @Model["preventionKey"],@Model.ExternalSeverity, @Model["EPM"],@Model["ProcessName"],@Model["Hash"], @Model["ContentVersion"],@Model["AgentIp"],,
    PreventionEvent
    <134>1 @Model["Rfc5424Time"] @Model["EsmIp"] - - - @Model["Time"],Traps Agent,@Model["ProductVersion"], Threat,Prevention Event,@Model["host"], @Model["user"],@Model["user"], @Model["preventionKey"],@Model.ExternalSeverity, @Model["EPM"],@Model["ProcessName"],@Model["Hash"], @Model["ContentVersion"],@Model["AgentIp"],,
    ProcessCrashed
    <134>1 @Model["Rfc5424Time"] @Model["EsmIp"] - - - @Model["Time"],Traps Agent,@Model["ProductVersion"], Agent,Process Crashed,@Model["host"],@Model["user"], Process @Model["ProcessName"] had crashed, @Model.ExternalSeverity,,,,,,
    ProcessDeleted
    <134>1 @Model["Rfc5424Time"] @Model["EsmIp"] - - - @Model["Time"],Traps ESM,@Model["ProductVersion"], Config,Process Deleted,@Model["esmHost"], @Model["user"],,Process was deleted, @Model.ExternalSeverity,@Model["Name"],,,
    ProcessEdited
    <134>1 @Model["Rfc5424Time"] @Model["EsmIp"] - - - @Model["Time"],Traps ESM,@Model["ProductVersion"], Config,Process Edited,@Model["esmHost"], @Model["user"],,Process was added/edited, @Model.ExternalSeverity,@Model.Data.ProcessFilename,, ,,
    ProcessInjectionTimedOut
    <134>1 @Model["Rfc5424Time"] @Model["EsmIp"] - - - @Model["Time"],Traps Agent,@Model["ProductVersion"], Agent,Process Injection Time Out,@Model["host"], @Model["user"],Injection Timeout, @Model.ExternalSeverity,,,,,,
    ProvisionalEvent
    <134>1 @Model["Rfc5424Time"] @Model["EsmIp"] - - - @Model["Time"],Traps Agent,@Model["ProductVersion"], Threat,Provisional Event,@Model["host"], @Model["user"],@Model["user"], @Model["preventionKey"],@Model.ExternalSeverity, @Model["EPM"],@Model["ProcessName"],@Model["Hash"], @Model["ContentVersion"],@Model["AgentIp"],,
    PublisherChanged
    <134>1 @Model["Rfc5424Time"] @Model["EsmIp"] - - - @Model["Time"],Traps ESM,@Model["ProductVersion"], Policy,Trusted Signer Changed,@Model["esmHost"], @Model["user"],@Model["user"], automatically from @Model["OldPublisher"] to @Model["NewPublisher"],@Model.ExternalSeverity, @Model["Hash"],,,
    QuarantineFailed
    <134>1 @Model["Rfc5424Time"] @Model["EsmIp"] - - - @Model["Time"],Traps Agent,@Model["ProductVersion"], Agent,Quarantine Failed,@Model["host"], @Model["user"],@Model["user"], Reason: @Model["FailureReason"], @Model.ExternalSeverity,,,,,,
    QuarantineQuotaExceeded
    <134>1 @Model["Rfc5424Time"] @Model["EsmIp"] - - - @Model["Time"],Traps Agent,@Model["ProductVersion"], Agent,Quarantine Quota Exceeded,@Model["host"], @Model["user"],@Model["user"], the quarantine folder because quota was exceeded, @Model.ExternalSeverity,,,,,,
    QuarantineSucceeded
    <134>1 @Model["Rfc5424Time"] @Model["EsmIp"] - - - @Model["Time"],Traps Agent,@Model["ProductVersion"], Agent,Quarantine Succeed,@Model["host"], @Model["user"],@Model["user"], @Model.ExternalSeverity,,,,,,
    ReportingServiceStartFailed
    <134>1 @Model["Rfc5424Time"] @Model["EsmIp"] - - - @Model["Time"],Traps Agent,@Model["ProductVersion"], Agent,Reporting Service Start Failed,@Model["host"], @Model["user"],@Model["user"], @Model["host"].,@Model.ExternalSeverity,,,,,,
    RestoreFailed
    <134>1 @Model["Rfc5424Time"] @Model["EsmIp"] - - - @Model["Time"],Traps Agent,@Model["ProductVersion"], Agent,Restore Failed,@Model["host"],@Model["user"], File @Model["fileName"] could not be restored. Reason: @Model["FailureReason"], @Model.ExternalSeverity,,,,,,
    RestoreSucceeded
    <134>1 @Model["Rfc5424Time"] @Model["EsmIp"] - - - @Model["Time"],Traps Agent,@Model["ProductVersion"], Agent,Restore Succeeded,@Model["host"], @Model["user"],@Model["user"], @Model.ExternalSeverity,,,,,,
    RestrictionSettingsEdited
    <134>1 @Model["Rfc5424Time"] @Model["EsmIp"] - - - @Model["Time"],Traps ESM,@Model["ProductVersion"], Config,Restriction Settings Edited,@Model["esmHost"], @Model["user"],,@Model["user"],, @Model.ExternalSeverity,,,,
    RoleDeleted
    <134>1 @Model["Rfc5424Time"] @Model["EsmIp"] - - - @Model["Time"],Traps ESM,@Model["ProductVersion"], Config,Role Deleted,@Model["esmHost"],@Model["user"], ,Role @Model["Name"] was deleted, @Model.ExternalSeverity,,,,
    RoleEdited
    <134>1 @Model["Rfc5424Time"] @Model["EsmIp"] - - - @Model["Time"],Traps ESM,@Model["ProductVersion"], Config,Role Edited,@Model["esmHost"],@Model["user"],, Role @Model.Data.Name was added\changed, @Model.ExternalSeverity,,,,
    RoleStatusChanged
    <134>1 @Model["Rfc5424Time"] @Model["EsmIp"] - - - @Model["Time"],Traps ESM,@Model["ProductVersion"], Config,Role Status Changed,@Model["esmHost"], @Model["user"],,@Model["user"],, @Model["Status"],@Model.ExternalSeverity,,,,
    RuleDeleted
    <134>1 @Model["Rfc5424Time"] @Model["EsmIp"] - - - @Model["Time"],Traps ESM,@Model["ProductVersion"], Policy,Rule Deleted,@Model["esmHost"],@Model["user"], Rule @Model["id"]: Deleted,@Model.ExternalSeverity,, @Model["id"],,@Model["id"],,
    RuleEdited
    <134>1 @Model["Rfc5424Time"] @Model["EsmIp"] - - - @Model["Time"],Traps ESM,@Model["ProductVersion"], Policy,Rule Edited,@Model["esmHost"],@Model["user"], Rule @Model.Data.Id: Edited,@Model.ExternalSeverity,, @Model.Data.Id,,@Model.Data.Id,,
    SendingLicenseToClient
    <134>1 @Model["Rfc5424Time"] @Model["EsmIp"] - - - @Model["Time"],Traps ESM,@Model["ProductVersion"], Config,Sending License To Client,@Model["esmHost"], @Model["user"] ,@Model["host"],New license sent, @Model.ExternalSeverity,,,,
    ServerContentRevertFailure
    <134>1 @Model["Rfc5424Time"] @Model["EsmIp"] - - - @Model["Time"],Traps ESM,@Model["ProductVersion"], Policy,Server Content Revert Failure, @Model["esmHost"],@Model["user"], Content version failed to revert to @Model["ContentVersion"]. Error: @Model["Error"], @Model.ExternalSeverity,,,,
    ServerContentRevertSuccess
    <134>1 @Model["Rfc5424Time"] @Model["EsmIp"] - - - @Model["Time"],Traps ESM,@Model["ProductVersion"], Policy,Server Content Revert Success, @Model["esmHost"],@Model["user"], Content version was reverted to @Model["ContentVersion"] successfully, @Model.ExternalSeverity,,,,
    ServerContentUpdateFailure
    <134>1 @Model["Rfc5424Time"] @Model["EsmIp"] - - - @Model["Time"],Traps ESM,@Model["ProductVersion"], Policy,Server Content Update Failed, @Model["esmHost"],@Model["user"], Content version failed to update to @Model["ContentVersion"]. Error: @Model["Error"], @Model.ExternalSeverity,,,,
    ServerContentUpdateSuccess
    <134>1 @Model["Rfc5424Time"] @Model["EsmIp"] - - - @Model["Time"],Traps ESM,@Model["ProductVersion"], Policy,Server Content Update Success, @Model["esmHost"],@Model["user"], Content version was updated to @Model["ContentVersion"] successfully, @Model.ExternalSeverity,,,,
    ServerHeartbeat
    <134>1 @Model["Rfc5424Time"] @Model["EsmIp"] - - - @Model["Time"],Traps ESM,@Model["ProductVersion"], System,ESM Heartbeat,@Model["esmHost"], @Model["user"],,,ESM heartbeat, @Model.ExternalSeverity,,,,,
    ServiceAlive
    <134>1 @Model["Rfc5424Time"] @Model["EsmIp"] - - - @Model["Time"],Traps Agent,@Model["ProductVersion"], Agent,Service Alive,@Model["host"],@Model["user"], Service start,@Model.ExternalSeverity,,,,,,
    ServiceStartFailed
    <134>1 @Model["Rfc5424Time"] @Model["EsmIp"] - - - @Model["Time"],Traps Agent,@Model["ProductVersion"], Agent,Service Start Failed,@Model["host"], @Model["user"],Service start failed, @Model.ExternalSeverity,,,,,,
    ServiceStopped
    <134>1 @Model["Rfc5424Time"] @Model["EsmIp"] - - - @Model["Time"],Traps Agent,@Model["ProductVersion"], Agent,Service Stopped,@Model["host"],@Model["user"], Service stopped,@Model.ExternalSeverity,,,,,,
    ServiceWarning
    <134>1 @Model["Rfc5424Time"] @Model["EsmIp"] - - - @Model["Time"],Traps Agent,@Model["ProductVersion"], Threat,Service Warning,@Model["host"],@Model["user"], Warning- Java sandboxed file access to @Model["TargetValue"],@Model.ExternalSeverity, @Model["EPM"],,,,@Model["AgentIp"],,
    SystemShutdown
    <134>1 @Model["Rfc5424Time"] @Model["EsmIp"] - - - @Model["Time"],Traps Agent,@Model["ProductVersion"], Agent,System Shutdown,@Model["host"],@Model["user"], Service shutdown,@Model.ExternalSeverity,,,,,,
    TechSupportFileStatus
    <134>1 @Model["Rfc5424Time"] @Model["EsmIp"] - - - @Model["Time"],Traps ESM,@Model["ProductVersion"], System,Tech Support File,@Model["esmHost"],,,, Tech Support File: Status:@Model["Status"], @Model.ExternalSeverity,,,,,
    TrapsServiceStatusChange
    <134>1 @Model["Rfc5424Time"] @Model["EsmIp"] - - - @Model["Time"],Traps Agent,@Model["ProductVersion"], Agent,Traps Service Status Change,@Model["host"], @Model["user"],@Model["user"], @Model["NewStatus"],@Model.ExternalSeverity,,,,,,
    UserDeleted
    <134>1 @Model["Rfc5424Time"] @Model["EsmIp"] - - - @Model["Time"],Traps ESM,@Model["ProductVersion"], Config,User Deleted,@Model["esmHost"],@Model["user"], ,User @Model["Name"] was deleted., @Model.ExternalSeverity,,,,
    UserEdited
    <134>1 @Model["Rfc5424Time"] @Model["EsmIp"] - - - @Model["Time"],Traps ESM,@Model["ProductVersion"], Config,User Edited,@Model["esmHost"],@Model["user"],, User @Model.Data.Name was added\changed., @Model.ExternalSeverity,,,,
    UserLogin
    <134>1 @Model["Rfc5424Time"] @Model["EsmIp"] - - - @Model["Time"],Traps ESM,@Model["ProductVersion"], System,User Login,@Model["esmHost"],@Model["user"],,, User @Model.Data.Username logged in to ESM console, @Model.ExternalSeverity,,,,,
    UserStatusChanged
    <134>1 @Model["Rfc5424Time"] @Model["EsmIp"] - - - @Model["Time"],Traps ESM,@Model["ProductVersion"], Config,User Status Changed,@Model["esmHost"], @Model["user"],,@Model["user"],, @Model["Status"],@Model.ExternalSeverity,,,,
    VerdictChangeAnyToMalware
    <134>1 @Model["Rfc5424Time"] @Model["EsmIp"] - - - @Model["Time"],Traps ESM,@Model["ProductVersion"], Policy,Verdict Changed Any To Malware, @Model["esmHost"],@Model["user"], Hash verdict changed to Malware. @Model["OldVerdict"] -> @Model["NewVerdict"], @Model.ExternalSeverity,@Model["Hash"],, @Model["NewVerdict"],@Model["NewVerdict"],
    VerdictChangeMalwareToAny
    <134>1 @Model["Rfc5424Time"] @Model["EsmIp"] - - - @Model["Time"],Traps ESM,@Model["ProductVersion"], Policy,Verdict Change Malware To Any, @Model["esmHost"],@Model["user"], Hash verdict changed from Malware. Awaiting to restore: @Model["QuarantineStatus"]. @Model["OldVerdict"] -> @Model["NewVerdict"], @Model.ExternalSeverity,@Model["Hash"],, @Model["NewVerdict"],@Model["NewVerdict"],
    VerdictChangeNoconnectionToAny
    <134>1 @Model["Rfc5424Time"] @Model["EsmIp"] - - - @Model["Time"],Traps ESM,@Model["ProductVersion"], Policy,Verdict Change No Connection To Any, @Model["esmHost"],@Model["user"], Hash verdict changed from No Connection. @Model["OldVerdict"] -> @Model["NewVerdict"], @Model.ExternalSeverity,@Model["Hash"],, @Model["NewVerdict"],@Model["NewVerdict"],
    VerdictChangeUnknownToAny
    <134>1 @Model["Rfc5424Time"] @Model["EsmIp"] - - - @Model["Time"],Traps ESM,@Model["ProductVersion"], Policy,Verdict Change Unknown To Any, @Model["esmHost"],@Model["user"], Hash verdict changed from Unknown. @Model["OldVerdict"] -> @Model["NewVerdict"], @Model.ExternalSeverity,@Model["Hash"],, @Model["NewVerdict"],@Model["NewVerdict"],
    VerdictChangeAwaitingAnalysisToAny
    <134>1 @Model["Rfc5424Time"] @Model["EsmIp"] - - - @Model["Time"],Traps ESM,@Model["ProductVersion"], Policy,Verdict Change Awaiting Analysis To Any, @Model["esmHost"],@Model["user"], Hash verdict changed from Awaiting Analysis. @Model["OldVerdict"] -> @Model["NewVerdict"], @Model.ExternalSeverity,@Model["Hash"],, @Model["NewVerdict"],@Model["NewVerdict"],
    VerdictChange
    <134>1 @Model["Rfc5424Time"] @Model["EsmIp"] - - - @Model["Time"],Traps ESM,@Model["ProductVersion"], Policy,Verdict Changed,@Model["esmHost"], @Model["user"],@Model["user"], @Model["NewVerdict"],@Model.ExternalSeverity, @Model["Hash"],,@Model["NewVerdict"],
    VerdictManualOverride
    <134>1 @Model["Rfc5424Time"] @Model["EsmIp"] - - - @Model["Time"],Traps ESM,@Model["ProductVersion"], Policy,Verdict Manual Override,@Model["esmHost"], @Model["user"],@Model["user"], @Model["OldVerdict"] -> @Model["NewVerdict"], @Model.ExternalSeverity,@Model["Hash"],, @Model["NewVerdict"],
    VerdictRevertedToWildfire
    <134>1 @Model["Rfc5424Time"] @Model["EsmIp"] - - - @Model["Time"],Traps ESM,@Model["ProductVersion"], Policy,Verdict Reverted To Wildfire, @Model["esmHost"],@Model["user"], Hash verdict reverted to WildFire. @Model["OldVerdict"] -> @Model["NewVerdict"], @Model.ExternalSeverity,@Model["Hash"],, @Model["NewVerdict"],@Model["NewVerdict"],
    WfCommunicationsStatusChanged
    <134>1 @Model["Rfc5424Time"] @Model["EsmIp"] - - - @Model["Time"],Traps ESM,@Model["ProductVersion"], System,WildFire Communications Status Changed, @Model["esmHost"],@Model["user"],,, WildFire communications status changed on host '@Model["host"]'. Status: '@Model["message"], @Model.ExternalSeverity,,,,,
    InstallationPackage
    <134>1 @Model["Rfc5424Time"] @Model["EsmIp"] - - - @Model["Time"],Traps ESM,@Model["ProductVersion"], System,Agent Package Created,@Model["esmHost"], @Model["user"],,,@Model["user"],,, @Model["AgentPackageStatus"]. Source file: @Model["SourceFile"]. Package name: @Model["AgentPackageName"] Agent Version: @Model["AgentPackageVersion"], @Model.ExternalSeverity,,,,,
    IncompatibleOs
    <134>1 @Model["Rfc5424Time"] @Model["EsmIp"] - - - @Model["Time"],Traps Agent,@Model["ProductVersion"], Agent,Agent Incompatibility Issue,@Model["host"], @Model["user"],@Model["user"], @Model["IncompatibilityReason"], @Model.ExternalSeverity,,,,@Model["host"],,
    RegistrationConflict
    <134>1 @Model["Rfc5424Time"] @Model["EsmIp"] - - - @Model["Time"],Traps ESM,@Model["ProductVersion"], System,Agent Registration Conflict Detected, @Model["esmHost"],@Model["user"],,, Agent registration conflict detected on host @Model["host"] from IP: @Model["RequestIP"]. Saved IP: @Model["AgentIp"],@Model.ExternalSeverity,,,,,
    EsmCertValidationWarning
    <134>1 @Model["Rfc5424Time"] @Model["EsmIp"] - - - @Model["Time"],Traps ESM,@Model["ProductVersion"], System,Agent-ESM Authentication Warning, @Model["esmHost"],@Model["user"],,, Agent @Model["host"] couldn't fully authenticate ESM @Model["esmHost"] using installed certificate., @Model.ExternalSeverity,,,,,
    AutoContentUpdateAvailable
    <134>1 @Model["Rfc5424Time"] @Model["EsmIp"] - - - @Model["Time"],Traps ESM,@Model["ProductVersion"], Policy,Content Update Available,@Model["esmHost"], @Model["user"],@Model["user"], @Model["ContentVersion"]) is Available, @Model.ExternalSeverity,,,,
    AgentMigration
    <134>1 @Model["Rfc5424Time"] @Model["EsmIp"] - - - @Model["Time"],Traps Agent,@Model["ProductVersion"], Agent,Agent Migration,,,Agent,Agent Migration,,, @Model.ExternalSeverity,,,,@Model["AgentIp"],,

    © 2024 Palo Alto Networks, Inc. All rights reserved.