Skip to main content

Syslog Variables

Overview

This article provides a comprehensive list of syslog variables available for use in custom SIEM templates with Netwrix Threat Manager. Use these variables to customize syslog messages for integration with your SIEM solution.

Instructions

To use these variables, include them in your custom SIEM template configuration within Netwrix Threat Manager. Format the variables exactly as shown in the following list to avoid errors in syslog message generation.

Available Syslog Variables

The following syslog variables are available for use in custom SIEM templates:

  • %SYSLOG_DATE%
  • %HOST%
  • %COMPANY%
  • %PRODUCT%
  • %PRODUCT_VERSION%
  • %THREAT_TIME%
  • %THREAT_TYPE%
  • %USERS%
  • %COMPUTERS%
  • %FILENAME%
  • %NEW_FILENAME%
  • %PROCESS%
  • %EVIDENCE%
  • %EVENT_SOURCE_TYPE%
  • %CLASS_NAME%
  • %EVENT_NAME%
  • %SUCCESS%
  • %BLOCKED_EVENT%
  • %SETTING_NAME%
  • %TIME_STAMP_UTC%
  • %EVENT_SOURCE_NAME%
  • %PERPETRATOR%
  • %ORIGINATING_CLIENT%
  • %FILE_PATH%
  • %ORIGINATING_SERVER%
  • %ATTRIBUTE_NAME%
  • %ATTRIBUTE_VALUE%
  • %OLD_ATTRIBUTE_VALUE%
  • %OPERATION%