Event Type Format
The LEEF format consists of a pipe ( | ) delimited syslog header and a space delimited event payload.
Aug 10 14:55:30 adonis671-184 LEEF:1.0|BCN|Adonis|6.7.1|DNS_Query|cat=A_record src=10.10.10.10 url=test.example.com
If the syslog events forwarded from your BlueCat Adonis appliances are not formatted similarly to the sample above, you must examine your device configuration. Properly formatted LEEF event messages are automatically discovered by the BlueCat Networks Adonis DSM and added as a log source to JSA.
Before You Begin
BlueCat Adonis must be configured to generate events in Log Enhanced Event Protocol (LEEF) and to redirect the event output to JSA using syslog.
BlueCat Networks provides a script on their appliances to assist you with configuring syslog. To complete the syslog redirection, you must have administrative or root access to the command-line interface of the BlueCat Adonis or your BlueCat Proteus appliance. If the syslog configuration script is not present on your appliance, contact your BlueCat Networks representative.