Risk profile syslog messages

Whenever a risk profile undergoes creation, modification, or deletion within ASMS, a corresponding log entry is automatically generated in the /var/log/messages directory..

Risk profile syslog message contents

Syslog entries for Risk profile events include the following details:

• Date and time

• ASMS build version

• Event name, consisting of both the Event ID and Event name

• Severity level: 0

• The domain ID. This should always appear as NONE.

• Event description: consisting of:

  • The username.
  • The IP address of the browsing computer. Internal events do not include the IP address, because it will always be the localhost.
  • Other relevant attributes

risk profile syslog event reference

The following table lists basic risk profile events that generate Syslog messages. Your system may generate additional messages depending on your configuration.

Sample risk profile Syslog messages

Create Risk Profile Event

Jan 31 11:03:26 algosec CEF:0|AlgoSec|Suite|v3300.0.0-b399|Create Risk Profile|Create Risk Profile|0|NONE|user=admin ip=192.168.12.42 Created risk profile /home/afa/.fa/risk_profiles/RiskProfileForCheck.xml (Risk profile was not imported from spreadsheet)

Modify Risk Profile Event

Jan 31 11:11:47 algosec CEF:0|AlgoSec|Suite|v3300.0.0-b399|Modify Risk Profile|Modify Risk Profile|0|NONE|user=admin ip=192.168.12.42 Modified risk profile /home/afa/.fa/risk_profiles/llll.xml (Risk profile was not imported from spreadsheet)

Delete Risk Profile Event

Jan 31 11:06:37 algosec CEF:0|AlgoSec|Suite|v3300.0.0-b399|Delete Risk Profile|Delete Risk Profile|0|NONE|user=admin ip=192.168.12.42 Deleted risk profile /home/afa/.fa/risk_profiles/RiskProfileForCheck.xml (File was originally not imported from spreadsheet)