I'm not sure if I ever saw something like that, however if you configure RFC 5424 or CEF, there are field names in the logs that pretty much describe what is in the log file.
Also, you configure yourself what fields are in the syslog message, so there is not really a standard log. Your SIEM vendor probably has guidance what data needs to be in the log messages to fully support your use-case.
------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check
https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
------------------------------
Original Message:
Sent: Feb 19, 2024 11:10 AM
From: alexs-nd
Subject: Docxument detailing cppm syslog Data/Format
Hi,
CPPM 6.11.7 - currently sending syslog data to a splunk setup .. problem is they dont want all of it ( trimmed down to auth and acounting) and alo want some details regarding whats in the syslog data. Just to save me time writing something, is there a cppm doc that covers all this ?
A