Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

<Hostname>    TelemetryLog    <SeverityLevel>   <TimeCreated> <TimeCreated(YYYY-MM-DD HH:MM)>   <MetricType> <InstanceName> <EventName>  <Value>

SNARE V2

<Hostname>    TelemetryLog    <SeverityLevel>    {"Event":{"Data":{"MetricType":"<MetricType>","InstanceName":"<InstanceName>","EventName":"<EventName>","Value":"<Value>"},"System":{"TimeCreated":{"SystemTime":"

...

<SystemTime(YYYY-MM-DDTHH:MM.ssssssZ)>","LocalTime":"

...

<LocalTime(YYYY-MM-DDThh:mm:ss.ssssss±hh:mm)>"}}}} 

SYSLOG (RFC3164)

<<S>><TimeCreated (MMM DD HH:MM:SS)> <Hostname> TelemetryLog <SeverityLevel> <TimeCreated><TimeCreated(YYYY-MM-DD HH:MM)> <MetricType> <InstanceName> <EventName> <Value>

...

<<S>><TimeCreated (MMM DD HH:MM:SS)> <Hostname> TelemetryLog[<SeverityLevel>]:<TimeCreated><TimeCreated(YYYY-MM-DD HH:MM)> <MetricType> <InstanceName> <EventName> <Value>

...

<<S>><SyslogVersion> <Time Created (YYYY-MM-DDThh:mm:ss.ssssss±hh:mm)> <Hostname> <ProductName> - TelemetryLog - <SeverityLevel> <TimeCreated><TimeCreated(YYYY-MM-DD HH:MM)> <MetricType> <InstanceName> <EventName> <Value>

CEF

<TimeCreated (MMM DD HH:MM:SS)> <Hostname> CEF:<CEFVersion>|<CompanyName>|<ProductName>|<ProductVersion>|TelemetryLog|<EventName>|<CEFSeverity>|value=<Value> dvchost=<Hostname> msg=<YYYY-MM-DD>|<hh:mm:ss>|<MetricType>|<InstanceName>|<EventName>|<Value>

LEEF

<TimeCreated (MMM DD HH:MM:SS)> <Hostname> LEEF:<LEEFVersion>|<CompanyName>|<ProductName>|<ProductVersion>|TelemetryLog|URL=TelemetryLog sev=<LEEFSeverity> resource=<Hostname> value=<Value> msg=<TimeCreated><TimeCreated(YYYY-MM-DD HH:MM)> <MetricType> <InstanceName> <EventName> <Value>

...