The following table lists the syslog fields and data types used when mapping to Syslog ArcSight Common Event Format.
App Control Event Mapping to Syslog ArcSight Common Event Format (RFC 3164 and ArcSight CEF)
| Syslog field | Data Type | Note |
|---|---|---|
| Facility | INTEGER | Syslog facility; always “user-level”
Note: Facility and Severity are coded into one number per Syslog specification.
|
| Severity | INTEGER | Severity mapped from event severity (see App Control Event Types)
Note: Facility and Severity are coded into one number per Syslog specification.
|
| Timestamp | DATETIME | Timestamp when the Syslog event was sent (without the year, according to RFC 3164) |
| Hostname | NVARCHAR(256) | App Control Server hostname |
| Message | Message encoded according to ArcSight CEF specification |
