#[non_exhaustive]pub struct Logger {Show 17 fields
pub device: Option<Box<Device>>,
pub event_uid: Option<String>,
pub is_truncated: Option<bool>,
pub log_format: Option<String>,
pub log_level: Option<String>,
pub log_name: Option<String>,
pub log_provider: Option<String>,
pub log_version: Option<String>,
pub logged_time: Option<i64>,
pub logged_time_dt: Option<String>,
pub name: Option<String>,
pub product: Option<Box<Product>>,
pub transmit_time: Option<i64>,
pub transmit_time_dt: Option<String>,
pub uid: Option<String>,
pub untruncated_size: Option<i64>,
pub version: Option<String>,
}Expand description
Logger
The Logger object represents the device and product where events are stored with times for receipt and transmission. This may be at the source device where the event occurred, a remote scanning device, intermediate hops, or the ultimate destination.
[] Category: | Name: logger
Constraints:
- at_least_one:
[name,uid]
Fields (Non-exhaustive)§
This struct is marked as non-exhaustive
Struct { .. } syntax; cannot be matched against without a wildcard ..; and struct update syntax will not work.device: Option<Box<Device>>Device
The device where the events are logged.
recommended
event_uid: Option<String>Event UID
The unique identifier of the event assigned by the logger.
optional
is_truncated: Option<bool>Is Truncated
Indicates whether the OCSF event data has been truncated due to size limitations. When true, some event data may have been omitted to fit within system constraints.
optional
log_format: Option<String>Log Format
The format of data in the log. For example JSON, syslog or CSV.
optional
log_level: Option<String>Log Level
The level at which an event was logged. This can be log provider specific. For example the audit level.
optional
log_name: Option<String>Log Name
The log name for the logging provider log, or the file name of the system log. This may be an intermediate store-and-forward log or a vendor destination log. For example /archive/server1/var/log/messages.0 or /var/log/.
recommended
log_provider: Option<String>Log Provider
The logging provider or logging service that logged the event. This may be an intermediate application store-and-forward log or a vendor destination log.
recommended
log_version: Option<String>Log Version
The event log schema version of the original event. For example the syslog version or the Cisco Log Schema version
optional
logged_time: Option<i64>Logged Time
The time when the logging system collected and logged the event.
This attribute is distinct from the event time in that event time typically contain the time extracted from the original event. Most of the time, these two times will be different.recommended
logged_time_dt: Option<String>Logged Time
The time when the logging system collected and logged the event.
This attribute is distinct from the event time in that event time typically contain the time extracted from the original event. Most of the time, these two times will be different.optional
name: Option<String>Name
The name of the logging product instance.
recommended
product: Option<Box<Product>>Product
The product logging the event. This may be the event source product, a management server product, a scanning product, a SIEM, etc.
recommended
transmit_time: Option<i64>Transmission Time
The time when the event was transmitted from the logging device to it’s next destination.
recommended
transmit_time_dt: Option<String>Transmission Time
The time when the event was transmitted from the logging device to it’s next destination.
optional
uid: Option<String>Unique ID
The unique identifier of the logging product instance.
recommended
untruncated_size: Option<i64>Untruncated Size
The original size of the OCSF event data in kilobytes before any truncation occurred. This field is typically populated when is_truncated is true to indicate the full size of the original event.
optional
version: Option<String>Version
The version of the logging provider.
optional