Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

List of Data Loss Prevention (DLP) log fields being sent to the syslog server from Control Manager (TMCM)

    • Updated:
    • 1 Oct 2018
    • Product/Version:
    • Control Manager 6.0
    • Control Manager 7.0
    • Platform:
    • Windows 2003 Server R2
    • Windows 2008
    • Windows 2008 Datacenter
    • Windows 2008 Datacenter R2
    • Windows 2008 Enterprise
    • Windows 2008 Enterprise 64-bit
    • Windows 2008 Enterprise R2
    • Windows 2008 R2
    • Windows 2008 Server
    • Windows 2008 Server R2
    • Windows 2008 Standard
    • Windows 2008 Standard 64-bit
    • Windows 2012 Datacenter
    • Windows 2012 Datacenter R2
    • Windows 2012 Enterprise
    • Windows 2012 Server
    • Windows 2012 Server Essentials
    • Windows 2012 Server R2
    • Windows 2012 Standard
    • Windows 2012 Standard R2
    • Windows 2012 Web Server Edition
    • Windows 2016
    • Windows 2016 Datacenter
    • Windows 2016 Server
    • Windows 2016 Standard
Summary

This article lists the fields on the DLP logs that are sent to the syslog server of TMCM.

The list provided in this article can be used as reference for instances where some fields of DLP logs exists on TMCM, but missing on syslog server.

Details
Public

Below is the list of fields on the DLP logs that are sent to the syslog server of TMCM:

  • CM UI="Host Name" CEFKey="cs3"
  • CM UI="Managing Server" CEFKey="dvchost"
  • CM UI="Product Entity GUID" CEFKey="cs1"
  • CM UI="Policy" CEFKey="cs2"
  • CM UI="Product" CEFKey="cn1"
  • CM UI="Generated" CEFKey="rt"
  • CM UI="Product/Endpoint IP" CEFKey="src"
  • CM UI="Product/Endpoint MAC" CEFKey="smac"
  • CM UI="Endpoint" CEFKey="shost"
  • CM UI="Incident Source (AD Account)" CEFKey="cs4"
  • CM UI="Incident Source (Sender)" CEFKey="suser"
  • CM UI="WebSite" CEFKey="request"
  • CM UI="Recipient" CEFKey="duser"
  • CM UI="Subject" CEFKey="msg"
  • CM UI="Fileocation" CEFKey="filePath"
  • CM UI="File" CEFKey="fname"
  • CM UI="Rule" CEFKey="cs5"
  • CM UI="Template" CEFKey="cs6"
  • CM UI="Channel" CEFKey="cn3"
  • CM UI="Action" CEFKey="cn2"
  • CM UI="ProductName" CEFKey="deviceFacility"
Premium
Internal
Rating:
Category:
Configure
Solution Id:
1121168
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.