Document toolboxDocument toolbox

cef0.dell.nsa5600

Owned by Juan Tomás Alonso Nieto (Unlicensed)
Last updated: Jan 10, 2022Version comment
2 min read

Introduction

The table cef0.dell.nsa5600 identifies events in CEF format generated by Dell SonicWall NSA series.

Tag structure

Events in CEF format don't have a specific tag structure, as explained in Technologies supported in CEF syslog format. They are always sent to a table with the structure cef0.deviceVendor.deviceProduct.

In this case, the valid data tables are:

  • cef0.dell.nsa5600

How is the data sent to Devo?

Learn more about CEF syslog format and how Devo tags these events in Technologies supported in CEF syslog format.

Log samples

The following are sample logs sent to cef0.dell.nsa5600. Find how the information will be parsed in your data table under each sample log.

Extra columns

Fields marked as Extra in the table below are not shown by default in data tables and need to be explicitly requested in the query. You can find them marked as Extra when you perform a query so they can be easily identified. Learn more about this in Selecting unrevealed columns.

cef0.dell.nsa5600

2021-09-01 11:44:52.717 localhost=127.0.0.1 14 CEF: 0|Dell|NSA 5600|6.1.1.9-30n|597|ICMP Allow|Medium| eventId=2765470785 type=1 customerURI=/var/artist/huge/agency/indonesia/board/finish.jpg Customers/etc/change.html/07 Polaris/var/push/choice/rather.mov art=1629676146937 cat=512 deviceSeverity=4 rt=1629676146937 c6a4Label=Brazil ahost=noahost agt=41.205.123.15 agentZoneURI=/var/artist/huge/agency/indonesia/board/finish.jpg Zones/bin/will/voice.jpg System/etc/day/brianna74/throughout/start.jpg Address Space Zones/var/poor/Democrat/bank/individual/behavior/however.wav1918: 87.203.163.10-155.34.148.26 amac=02-01-01-01-01-A0 av=95.9.5.15622.0 atz=America/bin/page/juanrocha/strategy/take/carry.odp at=syslog dvc=14.198.31.45 deviceZoneURI=/var/artist/huge/agency/indonesia/board/finish.jpg Zones/bin/will/voice.jpg System/etc/day/brianna74/throughout/start.jpg Address Space Zones/var/poor/Democrat/bank/individual/behavior/however.wav1918: 132.70.124.62-221.74.225.221 dtz=America/bin/page/juanrocha/strategy/take/carry.odp geid=123496967382350145 _cefVer=0.1 ad.goodTxBytes=0 ad.goodRxBytes=16777216 ad.station=0 ad.radio=0 aid=30s96omeIDBDYgbf6avq2Ww\\=\\=

And this is how the log would be parsed:

Field

Value

Type

Extra fields

Source field name

eventdate

2021-09-01 11:44:52.717

timestamp



hostname

localhost

str



priorityCode

14

str



cefTag

CEF

str



cefVersion

0

str



embDeviceVendor

Dell

str



embDeviceProduct

NSA 5600

str



deviceVersion

6.1.1.9-30n

str



signatureID

597

str



name

ICMP Allow

str



severity

Medium

str



_cefVer

0.1

str



cat

512

str



c6a4Label

Brazil

str



dvc

/14.198.31.45

ip4



msg

None

str



rt

2021-08-22 23:49:06.937

timestamp



adGoodRxBytes

16777216

str



adGoodTxBytes

0

str



adRadio

0

str



adStation

0

str



agentZoneURI

/var/artist/huge/agency/indonesia/board/finish.jpg Zones/bin/will/voice.jpg System/etc/day/brianna74/throughout/start.jpg Address Space Zones/var/poor/Democrat/bank/individual/behavior/however.wav1918: 87.203.163.10-155.34.148.26

str



agt

41.205.123.15

str



ahost

noahost

str



aid

30s96omeIDBDYgbf6avq2Ww\=\=

str



amac

02-01-01-01-01-A0

str



art

1629676146937

str



at

syslog

str



atz

America/bin/page/juanrocha/strategy/take/carry.odp

str



av

95.9.5.15622.0

str



customerURI

/var/artist/huge/agency/indonesia/board/finish.jpg Customers/etc/change.html/07 Polaris/var/push/choice/rather.mov

str



deviceSeverity

4

str



deviceZoneURI

/var/artist/huge/agency/indonesia/board/finish.jpg Zones/bin/will/voice.jpg System/etc/day/brianna74/throughout/start.jpg Address Space Zones/var/poor/Democrat/bank/individual/behavior/however.wav1918: 132.70.124.62-221.74.225.221

str



dtz

America/bin/page/juanrocha/strategy/take/carry.odp

str



eventId

2765470785

str



geid

123496967382350145

str



type

1

str



hostchain

localhost=127.0.0.1

str

✓


tag

CEF

str

✓

cefTag

rawMessage

CEF: 0|Dell|NSA 5600|6.1.1.9-30n|597|ICMP Allow|Medium| eventId=2765470785 type=1 customerURI=/var/artist/huge/agency/indonesia/board/finish.jpg Customers/etc/change.html/07 Polaris/var/push/choice/rather.mov art=1629676146937 cat=512 deviceSeverity=4 rt=1629676146937 c6a4Label=Brazil ahost=noahost agt=41.205.123.15 agentZoneURI=/var/artist/huge/agency/indonesia/board/finish.jpg Zones/bin/will/voice.jpg System/etc/day/brianna74/throughout/start.jpg Address Space Zones/var/poor/Democrat/bank/individual/behavior/however.wav1918: 87.203.163.10-155.34.148.26 amac=02-01-01-01-01-A0 av=95.9.5.15622.0 atz=America/bin/page/juanrocha/strategy/take/carry.odp at=syslog dvc=14.198.31.45 deviceZoneURI=/var/artist/huge/agency/indonesia/board/finish.jpg Zones/bin/will/voice.jpg System/etc/day/brianna74/throughout/start.jpg Address Space Zones/var/poor/Democrat/bank/individual/behavior/however.wav1918: 132.70.124.62-221.74.225.221 dtz=America/bin/page/juanrocha/strategy/take/carry.odp geid=123496967382350145 _cefVer=0.1 ad.goodTxBytes=0 ad.goodRxBytes=16777216 ad.station=0 ad.radio=0 aid=30s96omeIDBDYgbf6avq2Ww\=\=

str

✓