The following table lists the syslog fields and data types used when mapping to Q1Labs Log Event Enhanced Format.
App Control Event Mapping to Q1Labs Log Event Enhanced Format (RFC 3164 and Q1Labs LEEF)
| Syslog field | Data Type | Note |
|---|---|---|
| Facility | INTEGER | Syslog facility; always “user-level”
Note: Facility and Severity are coded into one number per Syslog specification.
|
| Severity | INTEGER | Severity mapped from App Control event severity (see App Control Event Types)
Note: Facility and Severity are coded into one number per Syslog specification
|
| Timestamp | DATETIME | Timestamp when the Syslog event was sent (without the year, according to RFC 3164) |
| Hostname | NVARCHAR(256) | App Control Server hostname |
| Message | Message encoded according to Q1Labs LEEF specification |
