Enabling export of events in CEF format

Before enabling export of events in CEF format, it is recommended to specify a category (facility) for syslog that is not used by other programs on the server.

To enable export of events in CEF format:

1. Open the XML file containing the extracted settings of the klms-control utility.
2. If you want to select the syslog category (facility) to which the events will be exported, in the opened file in the <siemSettings> section, specify one of the following values of the <facility> parameter:
   • Auth
   • Authpriv
   • Cron
   • Daemon
   • Ftp
   • Lpr
   • Mail
   • News
   • Syslog
   • User
   • Uucp
   • Local0
   • Local1
   • Local2
   • Local3
   • Local4
   • Local5
   • Local6
   • Local7

   By default, the value is set to Mail.

   Example: <siemSettings> <enabled>0</enabled> <facility>Local0</facility>

3. In the opened file, in the <siemSettings> section, set the value of the <enabled> parameter to 1.

   Example: <siemSettings> <enabled>1</enabled>

Page top