Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
kamilazat
Collaborator

Is there a way to change the way severity level looks in the sent logs?

Hello all!

I want to know if it's possible to change the way this bit in the logs:

TenantName    TENANT
Timestamp    18.09.2024 10:41:32 :337
EndTime    18.09.2024 10:41:32 :000
DeviceAction    Detect
DeviceAddress    x.x.x.x
DeviceFacility    134
DeviceHostName    some-host-name
.

.

.

.

.

FlexString1    MAIN\
FlexString1Label    Policy Name
Severity    1
Type    Base
Extra    __policy_id_tag: product=VPN-1 & FireWall-1

I know that in sk116254 the table is given for the severity levels and it is possible to compare. But is it possible to change the numbers into actual strings, such as "Very Low" "Informational" "Critical" etc.?

 

Thank you!

0 Kudos
5 Replies
PhoneBoy
Admin
Admin

By sent you mean via Log Exporter to an external SIEM?
Not as far as I know.

0 Kudos
ShemHunter
Explorer

Hi PhoneBoy,

And if you change this setting from guidbedit?

Logs from SMB, for example, come in the form of words..

"Lastupdateseqnum: 10
Severity: Informational
Rounded Sent Bytes: 185600
Confidence Level: N/A
Rounded Bytes: 2086912"

This is the log from Application Control, URL Filtering.

Maybe I didn't just look at the logs that don't go into SIEM..

 

0 Kudos
PhoneBoy
Admin
Admin

I'm still not clear where you are seeing the numbers versus words.
Please clarify this point with a screenshot of where exactly it is seen, blurring sensitive details.

0 Kudos
ShemHunter
Explorer

Please look at the log_value lines, I think if you change them to words corresponding to severity, I will achieve the result. 

0 Kudos
PhoneBoy
Admin
Admin

In what exact UI are you seeing these logs that you're trying to change by this proposed guidbedit method?
Whether what you propose will work or not...or cause other, unintended side effects...is a different story.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events