SIEM Connector Sample Logs, Log Taxonomy, and Data Fields
Understanding Data Fields in the PreVeil SIEM Connector Export
This article explains the data fields included when exporting events from the PreVeil SIEM Connector. Attached are sample files: a pv_syslog file from an internal test organization and a sample NXlog configuration file, which helps determine how logs are sent to a remote server or saved locally.
Overview
The PreVeil SIEM Connector delivers events to your SIEM using standard syslog transport. Each syslog message includes consistent metadata fields (added by the syslog transport layer) and a Message payload containing the actual PreVeil event data.
Syslog Metadata Fields
Every event delivered through the SIEM Connector includes the following syslog-level data points:
Field | Description |
|---|---|
MessageSourceAddress | Source IP address from which the syslog message was received. |
EventReceivedTime | Timestamp indicating when the SIEM or syslog collector received the event. |
SourceModuleName | Name of the input module used by the syslog receiver. |
SourceModuleType | Module type used by the syslog receiver (e.g., |
SyslogFacilityValue | Numeric syslog facility value. |
SyslogFacility | Text representation of the syslog facility. |
SyslogSeverityValue | Numeric syslog severity value. |
SyslogSeverity | Text representation of the syslog severity. |
SeverityValue | Normalized severity value assigned by the syslog system. |
Severity | Normalized severity label assigned by the syslog system. |
EventTime | Timestamp embedded in the event itself. |
Hostname | Hostname or IP address associated with the event. |
Message | The raw event payload. |
PreVeil Event Payload
The Message field contains the actual PreVeil SIEM Connector event. Depending on your configuration, this payload may be formatted as:
Syslog
Structured Text
JSON
CEF (Common Event Format)
Key-value pairs
This is where PreVeil-specific audit data appears, such as:
User actions
Devices
Mailboxes
Folder access
Administrative activity
Note:
The syslog envelope fields listed above are always present. The specific contents of the Message field depend on the type of PreVeil event being exported.
Additional Resources
See attached sample syslog file, NX log file, and the log event type taxonomy.
If you have further questions about configuring or interpreting PreVeil SIEM Connector exports, please contact PreVeil Support.