Health events
A description of health events in common event format (CEF).
Health events
<131>Oct 10 2019 15:57:48 local-sg-19.x n2osevents[0]: CEF:0|Nozomi
Networks|N2OS|19.0.3-10201846_FD825|HEALTH|Health problem|0|
dvchost=local-sg-19.x
cs6=1
cs6Label=n2os_schema
msg=LINK_DOWN_on_port_em0
Note the highlighted part of the health message. This is the health type identifier (ID). This should be used as the key for performing searches once Nozomi Networks syslog events have been ingested into the integration platform.
Best practice
Make sure that your parsing logic extracts the appropriate data. If you are integrating with common event format (CEF) messages, a CEF parser must be used. Do not use regular expressions. This will ensure the integration integrity in the future. When using the correct parser for the data that is expected, be sure to test different inputs to ensure that data is correctly extracted from the messages.