Skip to main content Link Menu Expand (external link) Document Search Copy Copied

Configure a remote Syslog server

Once configured, Cyberwatch will send hourly the latest CVEs detected to the remote Syslog server

  1. Click on Admin
  2. Click on External tools
  3. Click on Remote Syslog server

Basic elements

  • Address: Address of the remote Syslog server
  • Port: Port used to communicate with the remote syslog server
  • Protocol: Protocol used to communicate with the remote syslog server

Advanced settings

  • Packet size: Maximal size of the packet send to the remote Syslog server

Example log

Log generated from the Test button in the syslog configuration menu.

Oct  3 12:02:32 Cyberwatch Detection: active='true',computer_category='desktop',computer_criticality='criticality_medium',
computer_id='0',computer_name='test_syslog',computer_os='',computer_os_arch='',computer_os_name='',
created_at='2022-10-03 14:02:32 +0200',cve_code='CVE-XXXX-XXXX',cve_level='high',cve_published_at='2022-10-03 14:02:32 +0200'
,cve_score='10.0',cve_status='ignored',cvss_AC='access_complexity_low',cvss_AV='access_vector_network',cvss_Au='authentication_none',
cvss_A='availability_impact_complete',cvss_C='confidentiality_impact_complete',cvss_I='integrity_impact_complete',fixed_at='',
groups='berlin,development',ignored='true',ip='127.0.0.1',source_node='cyberwatch',updated_at='2022-10-03 14:02:32 +0200'

Content of the log

The log contains the following information:

field Description Examples of possible values
active Indicates the current presence of the vulnerability on the asset. true
computer_category Differentiates servers and workstations server, desktop
computer_criticality Criticality of the asset as defined in Cyberwatch Medium
computer_id Computer Id in Cyberwatch 255
computer_name Hostname of the asset server01
computer_os OS unique name for Cyberwatch. debian_9_64, windows_2008 ...
computer_os_arch OS Architecture AMD64, x86_64, i3686...
computer_os_name Operating system as communicated by the asset Debian GNU /Linux 9 (stretch), Microsoft® Windows Server® 2008 Standard ...
created_at Creation of the asset in Cyberwatch 2022-10-05 14:30:07 +0200
cve_code Unique identifier of the vulnerability CVE-2020-0850
cve_level Severity level of the vulnerability as configured in Cyberwatch level_medium
cve_published_at CVE Publication Date 2022-10-05 14:30:07 +0200
cve_score CVSS score of the vulnerability 7.6
cve_status Vulnerability status on the affected asset active, active_with_exploits, fixed, ignored
cvss_access_complexity (cvss_AC) Vulnerability exploitability metric: access complexity access_complexity_medium
cvss_access_vector (cvss_AV) Vulnerability exploitability metric: access vector access_vector_network
cvss_access_authentication (cvss_Au) Vulnerability exploitability metric: authentication authentication_none
cvss_availability_impact (cvss_A) Vulnerability impact metric: availability availability_impact_partial
cvss_configentiality_impact (cvss_C) Vulnerability impact metric: confidentiality confidentiality_impact_partial
cvss_integrity_impact (cvss_I) Vulnerability impact metric: integrity integrity_impact_partial
epss Exploit Prediction Scoring System 0.7850
fixed_at Vulnerability corrected on the asset on 2022-10-05 14:30:07 +0200
groups Lists of groups production, Paris
ignored Indicates whether the vulnerability has been ignored on the asset or not false
ip Computer's IP address 127.0.0.1
source_node Name of the node supervising the asset cyberwatch
updated_at Last update 2022-10-05 14:30:07 +0200