AnsweredAssumed Answered

Linux syslog and msg.id

Question asked by RSA Admin Employee on Oct 30, 2014
Latest reply on Oct 30, 2014 by RSA Admin

Where does Security Analytics get the msg.id from a Linux syslog.

 

Here is an example:

sessionid    =    758292139
time    =    2014-10-30T13:38:01.0
size    =    130
device.ip    =   

medium    =    32
device.type    =   

device.class    =   

header.id    =    "0016"
client    =   

user.dst    =   

username.grp.alt    =   

username.grp.alt    =   

action    =   

alias.host    =   

level    =    6
msg.id    =   

event.cat.name    =   

 

Is msg.id "00091" coming from the syslog event? 

 

 

Here is the raw log:

Oct 30 17:38:01 log-vlc1 CROND[10436]: (root) CMD (/etc/netwitness/ng/logcollector/lctwin)

 

Is there a chart or reference of these message IDs?

Outcomes