Standard Syslog Message Types

Message Types

  • Syslog message format for real-time Syslog entries generated by realtimeonly PRMs:

    <priority>timestamp nnm: src_ip:src_port|dst_ip:dst_port|protocol|plugin_id|plugin_name|matched_text_current_packet|matched_text_previous_packet|risk

  • Syslog message format for vulnerability and real-time Syslog entries generated by PASLs, PRMs, and internal plugins:

    <priority>timestamp nnm: src_ip:src_port|dst_ip:dst_port|protocol|plugin_id|plugin_name|plugin_description|plugin_output|risk

Message Fields

Name

Description

dst_ip

Displays the destination IP address for reported traffic.

dst_port

Displays the destination port for reported traffic.

matched_text_current_packet

Reports the payload, causing a match in the packet to trigger the Tenable Nessus Network Monitor event.

matched_text_previous_packet

Reports the payload that was observed prior to the payload in the matched_text_current_packet field.

plugin_id

Displays the reported Tenable Nessus Network Monitor plugin or PASL ID triggered by reported traffic.

plugin_name

Displays the name of the Tenable Nessus Network Monitor plugin or PASL ID triggered by reported traffic.

plugin_output

Displays dynamic data for a given vulnerability or event. This field may be empty if there is no plugin-specific data.

priority

Displays the Syslog facility level of the message.

protocol

Reports the integer value for the protocol used for the reported traffic.

risk

Displays the associated risk level of the reported vulnerability. This can be NONE, LOW, MEDIUM, HIGH, CRITICAL, or INFO.

src_ip

Displays the source IP address reported for the traffic.

src_port

Displays the source port for the reported traffic.

timestamp

Displays the date and time of the Syslog message.