Expanding the system events description when forwarding to the syslog server

- Updated:
- 13 Apr 2020
- Product/Version:
- Deep Security 10.0
- Deep Security 11.0
- Deep Security 12.0
- Deep Security 9.6
- Platform:
- N/A

Summary

Deep Security Manager (DSM) has been configured to send events to the syslog server. However, a particular event may show "Description Omitted", instead of the event description.

By default, Deep Security Manager omits the description of system events being sent to a syslog server if the entry is too long. Below is a sample screenshot of a system event from the Deep Security Manager console.

System event full description

On the syslog server, "msg=Description Omitted" is displayed instead of showing the full description.

Details

To display the full system event description:

This procedure is also applicable for Deep Security Manager installed on Linux server with default installation directory located in /opt/dsm.

Open the command prompt and change the directory to the Deep Security Manager installation path.
Run the command below to check the current value of the switch settings.configuration.systemEventNotificationsExtendedDescription.
```
dsm_c -action viewsetting -name settings.configuration.systemEventNotificationsExtendedDescriptions
```

Change the value of settings.configuration.systemEventNotificationsExtendedDescriptions to "true".

dsm_c -action changesetting - name settings.configuration.systemEventNotificationsExtendedDescriptions -value true

Execute the following to confirm that the new value has been applied.
```
dsm_c -action viewsetting -name settings.configuration.systemEventNotificationsExtendedDescriptions
```
The syslog entry should now display the full description of the system event.

If you have deployed a multi-tenant Deep Security setup, go to Tenant Properties > Features and enable Extended Description for Events Forwarding.