Standard Syslog Message Types
Message Types
-
Syslog message format for real-time Syslog entries generated by realtimeonly PRMs:
<priority>timestamp nnm: src_ip:src_port|dst_ip:dst_port|protocol|plugin_id|plugin_name|matched_text_current_packet|matched_text_previous_packet|risk
-
Syslog message format for vulnerability and real-time Syslog entries generated by PASLs, PRMs, and internal plugins:
<priority>timestamp nnm: src_ip:src_port|dst_ip:dst_port|protocol|plugin_id|plugin_name|plugin_description|plugin_output|risk
Message Fields
Name |
Description |
---|---|
dst_ip |
Displays the destination IP address for reported traffic. |
dst_port |
Displays the destination port for reported traffic. |
matched_text_current_packet |
Reports the payload, causing a match in the packet to trigger the Tenable Nessus Network Monitor event. |
matched_text_previous_packet |
Reports the payload that was observed prior to the payload in the |
plugin_id |
Displays the reported Tenable Nessus Network Monitor plugin or PASL ID triggered by reported traffic. |
plugin_name |
Displays the name of the Tenable Nessus Network Monitor plugin or PASL ID triggered by reported traffic. |
plugin_output |
Displays dynamic data for a given vulnerability or event. This field may be empty if there is no plugin-specific data. |
priority |
Displays the Syslog facility level of the message. |
protocol |
Reports the integer value for the protocol used for the reported traffic. |
risk |
Displays the associated risk level of the reported vulnerability. This can be NONE, LOW, MEDIUM, HIGH, CRITICAL, or INFO. |
src_ip |
Displays the source IP address reported for the traffic. |
src_port |
Displays the source port for the reported traffic. |
timestamp |
Displays the date and time of the Syslog message. |