To enable the additional field(s):
- On the computer running the DSM, enter the following command to enable the feature:
./dsm_c -action changesetting -name settings.configuration.syslogNotificationsHostInfoEnricherEnabled -value true
If the Deep Security Manager version is 20.0.725+, use this command instead:
./dsm_c -action changesetting -name settings.configuration.addHostDeviceCloudExternalIDInSyslogMessage -value true
- Verify the syslog message forwarded by Deep security Manager. Look for the new field "deviceCloudExternalId", containing the AWS instance id. For example:
CEF: 0|Trend Micro|Deep Security Manager|20.0.517|720|Policy Sent|3|suser=System target=<target host> msg=<message> TrendMicroDsTenant=Primary TrendMicroDsTenantId=0 deviceCloudExternalId=<instance id>
- On the computer running the DSM, enter the following command to enable the feature:
./dsm_c -action changesetting -name settings.configuration.addPlatformInSyslogMessage -value true
- Verify the syslog message forwarded by Deep security Manager. Look for the new field "OS", containing the OS Platform. For example:
CEF: 0|Trend Micro|Deep Security Manager|20.0.725|720|Policy Sent|3|suser=System target=<target host> msg=<message> TrendMicroDsTenant=Primary TrendMicroDsTenantId=0 OS=<Platform>