Class: Logger
The Logger object represents the device and product where events are stored
with times for receipt and transmission. This may be at the source device
where the event occurred, a remote scanning device, intermediate hops, or the
ultimate destination.
URI: ocsf:Logger
classDiagram
class Logger
click Logger href "../Logger/"
Entity <|-- Logger
click Entity href "../Entity/"
Logger : device
Logger --> "0..1 _recommended_" Device : device
click Device href "../Device/"
Logger : event_uid
Logger : is_truncated
Logger : log_format
Logger : log_level
Logger : log_name
Logger : log_provider
Logger : log_version
Logger : logged_time
Logger : name
Logger : product
Logger --> "0..1 _recommended_" Product : product
click Product href "../Product/"
Logger : transmit_time
Logger : uid
Logger : untruncated_size
Logger : version
Inheritance
Slots
| Name | Cardinality and Range | Description | Inheritance |
|---|---|---|---|
| device | 0..1 recommended Device |
The device where the events are logged | direct |
| event_uid | 0..1 String |
The unique identifier of the event assigned by the logger | direct |
| is_truncated | 0..1 Boolean |
Indicates whether the OCSF event data has been truncated due to size | direct |
| log_format | 0..1 String |
The format of data in the log | direct |
| log_level | 0..1 String |
The level at which an event was logged | direct |
| log_name | 0..1 recommended String |
The log name for the logging provider log, or the file name of the system log | direct |
| log_provider | 0..1 recommended String |
The logging provider or logging service that logged the event | direct |
| log_version | 0..1 String |
The event log schema version of the original event | direct |
| logged_time | 0..1 recommended TimestampT |
The time when the logging system collected and logged the event |
direct |
| name | 0..1 recommended String |
The name of the logging product instance | direct |
| product | 0..1 recommended Product |
The product logging the event | direct |
| transmit_time | 0..1 recommended TimestampT |
The time when the event was transmitted from the logging device to it's next | direct |
| uid | 0..1 recommended String |
The unique identifier of the logging product instance | direct |
| untruncated_size | 0..1 Integer |
The original size of the OCSF event data in kilobytes before any truncation | direct |
| version | 0..1 String |
The version of the logging provider | direct |
Usages
| used by | used in | type | used |
|---|---|---|---|
| Metadata | loggers | range | Logger |
In Subsets
Aliases
- Logger
Identifier and Mapping Information
Schema Source
- from schema: https://w3id.org/lmodel/ocsf
Mappings
| Mapping Type | Mapped Value |
|---|---|
| self | ocsf:Logger |
| native | ocsf:Logger |
LinkML Source
Direct
name: Logger
description: 'The Logger object represents the device and product where events are
stored
with times for receipt and transmission. This may be at the source device
where the event occurred, a remote scanning device, intermediate hops, or the
ultimate destination.'
in_subset:
- objects_subset
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Logger
is_a: Entity
slots:
- device
- event_uid
- is_truncated
- log_format
- log_level
- log_name
- log_provider
- log_version
- logged_time
- name
- product
- transmit_time
- uid
- untruncated_size
- version
slot_usage:
device:
name: device
description: The device where the events are logged.
recommended: true
event_uid:
name: event_uid
description: The unique identifier of the event assigned by the logger.
is_truncated:
name: is_truncated
description: 'Indicates whether the OCSF event data has been truncated due to
size
limitations. When <code>true</code>, some event data may have been omitted to
fit within system constraints.'
log_format:
name: log_format
description: The format of data in the log. For example JSON, syslog or CSV.
log_level:
name: log_level
description: 'The level at which an event was logged. This can be log provider
specific. For
example the audit level.'
log_name:
name: log_name
description: 'The log name for the logging provider log, or the file name of the
system log.
This may be an intermediate store-and-forward log or a vendor destination log.
For example /archive/server1/var/log/messages.0 or /var/log/.'
recommended: true
log_provider:
name: log_provider
description: 'The logging provider or logging service that logged the event. This
may be an
intermediate application store-and-forward log or a vendor destination log.'
recommended: true
log_version:
name: log_version
description: 'The event log schema version of the original event. For example
the syslog
version or the Cisco Log Schema version'
logged_time:
name: logged_time
recommended: true
name:
name: name
description: The name of the logging product instance.
recommended: true
product:
name: product
description: 'The product logging the event. This may be the event source product,
a
management server product, a scanning product, a SIEM, etc.'
recommended: true
transmit_time:
name: transmit_time
description: 'The time when the event was transmitted from the logging device
to it''s next
destination.'
recommended: true
uid:
name: uid
description: The unique identifier of the logging product instance.
recommended: true
untruncated_size:
name: untruncated_size
description: 'The original size of the OCSF event data in kilobytes before any
truncation
occurred. This field is typically populated when <code>is_truncated</code> is
<code>true</code> to indicate the full size of the original event.'
version:
name: version
description: The version of the logging provider.
Induced
name: Logger
description: 'The Logger object represents the device and product where events are
stored
with times for receipt and transmission. This may be at the source device
where the event occurred, a remote scanning device, intermediate hops, or the
ultimate destination.'
in_subset:
- objects_subset
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Logger
is_a: Entity
slot_usage:
device:
name: device
description: The device where the events are logged.
recommended: true
event_uid:
name: event_uid
description: The unique identifier of the event assigned by the logger.
is_truncated:
name: is_truncated
description: 'Indicates whether the OCSF event data has been truncated due to
size
limitations. When <code>true</code>, some event data may have been omitted to
fit within system constraints.'
log_format:
name: log_format
description: The format of data in the log. For example JSON, syslog or CSV.
log_level:
name: log_level
description: 'The level at which an event was logged. This can be log provider
specific. For
example the audit level.'
log_name:
name: log_name
description: 'The log name for the logging provider log, or the file name of the
system log.
This may be an intermediate store-and-forward log or a vendor destination log.
For example /archive/server1/var/log/messages.0 or /var/log/.'
recommended: true
log_provider:
name: log_provider
description: 'The logging provider or logging service that logged the event. This
may be an
intermediate application store-and-forward log or a vendor destination log.'
recommended: true
log_version:
name: log_version
description: 'The event log schema version of the original event. For example
the syslog
version or the Cisco Log Schema version'
logged_time:
name: logged_time
recommended: true
name:
name: name
description: The name of the logging product instance.
recommended: true
product:
name: product
description: 'The product logging the event. This may be the event source product,
a
management server product, a scanning product, a SIEM, etc.'
recommended: true
transmit_time:
name: transmit_time
description: 'The time when the event was transmitted from the logging device
to it''s next
destination.'
recommended: true
uid:
name: uid
description: The unique identifier of the logging product instance.
recommended: true
untruncated_size:
name: untruncated_size
description: 'The original size of the OCSF event data in kilobytes before any
truncation
occurred. This field is typically populated when <code>is_truncated</code> is
<code>true</code> to indicate the full size of the original event.'
version:
name: version
description: The version of the logging provider.
attributes:
device:
name: device
description: The device where the events are logged.
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Device
rank: 1000
alias: device
owner: Logger
domain_of:
- AuthFactor
- Evidences
- Logger
- ManagedEntity
- HostProfile
- ConfigState
- DeviceConfigStateChange
- EvidenceInfo
- InventoryInfo
- PatchState
- SoftwareInfo
- DataSecurityFinding
- Finding
- RdpActivity
- TunnelActivity
- SystemEvent
- EventLogActvity
range: Device
recommended: true
event_uid:
name: event_uid
description: The unique identifier of the event assigned by the logger.
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Event UID
rank: 1000
alias: event_uid
owner: Logger
domain_of:
- Observable
- Logger
range: string
is_truncated:
name: is_truncated
description: 'Indicates whether the OCSF event data has been truncated due to
size
limitations. When <code>true</code>, some event data may have been omitted to
fit within system constraints.'
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Is Truncated
rank: 1000
alias: is_truncated
owner: Logger
domain_of:
- Logger
- LongString
- Metadata
range: boolean
log_format:
name: log_format
description: The format of data in the log. For example JSON, syslog or CSV.
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Log Format
rank: 1000
alias: log_format
owner: Logger
domain_of:
- Logger
- Metadata
range: string
log_level:
name: log_level
description: 'The level at which an event was logged. This can be log provider
specific. For
example the audit level.'
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Log Level
rank: 1000
alias: log_level
owner: Logger
domain_of:
- Logger
- Metadata
range: string
log_name:
name: log_name
description: 'The log name for the logging provider log, or the file name of the
system log.
This may be an intermediate store-and-forward log or a vendor destination log.
For example /archive/server1/var/log/messages.0 or /var/log/.'
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Log Name
rank: 1000
alias: log_name
owner: Logger
domain_of:
- Logger
- Metadata
- EventLogActvity
range: string
recommended: true
log_provider:
name: log_provider
description: 'The logging provider or logging service that logged the event. This
may be an
intermediate application store-and-forward log or a vendor destination log.'
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Log Provider
rank: 1000
alias: log_provider
owner: Logger
domain_of:
- Logger
- Metadata
- EventLogActvity
range: string
recommended: true
log_version:
name: log_version
description: 'The event log schema version of the original event. For example
the syslog
version or the Cisco Log Schema version'
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Log Version
rank: 1000
alias: log_version
owner: Logger
domain_of:
- Logger
- Metadata
range: string
logged_time:
name: logged_time
description: '<p>The time when the logging system collected and logged the event.</p>This
attribute is distinct from the event time in that event time typically contain
the time extracted from the original event. Most of the time, these two times
will be different.'
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Logged Time
rank: 1000
alias: logged_time
owner: Logger
domain_of:
- Logger
- Metadata
range: TimestampT
recommended: true
name:
name: name
description: The name of the logging product instance.
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Name
rank: 1000
alias: name
owner: Logger
domain_of:
- AnalysisTarget
- Observable
- Os
- Osint
- Package
- Parameter
- PrivilegeInfo
- San
- Scim
- Script
- ServicePrivilegeAnalysis
- SoftwareComponent
- Sso
- StartupItem
- ThreatActor
- Token
- Entity
- Resource
- Account
- Agent
- AiModel
- Aircraft
- Analytic
- ApplicationObject
- Assessment
- AutonomousSystem
- Campaign
- Check
- CisBenchmark
- CisBenchmarkResult
- CisControl
- ClassifierDetails
- Container
- D3fTactic
- D3fTechnique
- Database
- Databucket
- DomainContact
- Edge
- Endpoint
- Enrichment
- EnvironmentVariable
- Evidences
- Extension
- Feature
- File
- Graph
- Group
- HttpCookie
- HttpHeader
- Idp
- Image
- Job
- Kernel
- KeyValueObject
- LoadBalancer
- Logger
- Malware
- ManagedEntity
- MessageContext
- Metric
- Mitigation
- NetworkInterface
- Node
- Organization
- PeripheralDevice
- Policy
- ProcessEntity
- Product
- QueryInfo
- Reporter
- ResourceDetails
- Rule
- Scan
- Service
- SubTechnique
- Table
- Tactic
- Technique
- Trait
- TransformationInfo
- UnmannedAerialSystem
- User
- WebResource
- Device
- FtpActivity
- RegValue
- WinResource
- WinService
- PrefetchQuery
range: string
recommended: true
product:
name: product
description: 'The product logging the event. This may be the event source product,
a
management server product, a scanning product, a SIEM, etc.'
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Product
rank: 1000
alias: product
owner: Logger
domain_of:
- RelatedEvent
- Sbom
- Advisory
- Cve
- File
- FindingObject
- FindingInfo
- KbArticle
- Logger
- Metadata
- TransformationInfo
- SoftwareInfo
range: Product
recommended: true
transmit_time:
name: transmit_time
description: 'The time when the event was transmitted from the logging device
to it''s next
destination.'
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Transmission Time
rank: 1000
alias: transmit_time
owner: Logger
domain_of:
- Logger
- Metadata
range: TimestampT
recommended: true
uid:
name: uid
description: The unique identifier of the logging product instance.
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Unique ID
rank: 1000
alias: uid
owner: Logger
domain_of:
- Osint
- Package
- ProgrammaticCredential
- RelatedEvent
- Request
- Sbom
- Scim
- Script
- Session
- Span
- Sso
- Ticket
- Token
- Trace
- Entity
- Resource
- Account
- Advisory
- Agent
- AiModel
- Aircraft
- Analytic
- ApplicationObject
- Assessment
- Certificate
- Check
- ClassifierDetails
- Container
- Cve
- Cwe
- D3fTactic
- D3fTechnique
- DataClassification
- Database
- Databucket
- DomainContact
- Edge
- Email
- Endpoint
- Evidences
- Extension
- Feature
- File
- FindingObject
- FindingInfo
- Graph
- Group
- HttpRequest
- Idp
- Image
- KbArticle
- LoadBalancer
- Logger
- Malware
- ManagedEntity
- MessageContext
- Metadata
- Mitigation
- NetworkConnectionInfo
- NetworkEndpoint
- NetworkInterface
- Node
- Organization
- PeripheralDevice
- Policy
- ProcessEntity
- Product
- QueryInfo
- Reporter
- Rule
- Scan
- Service
- SubTechnique
- Table
- Tactic
- Technique
- Trait
- TransformationInfo
- UnmannedAerialSystem
- User
- WebResource
- Device
- WinResource
range: string
recommended: true
untruncated_size:
name: untruncated_size
description: 'The original size of the OCSF event data in kilobytes before any
truncation
occurred. This field is typically populated when <code>is_truncated</code> is
<code>true</code> to indicate the full size of the original event.'
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Untruncated Size
rank: 1000
alias: untruncated_size
owner: Logger
domain_of:
- Logger
- LongString
- Metadata
range: integer
version:
name: version
description: The version of the logging provider.
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Version
rank: 1000
alias: version
owner: Logger
domain_of:
- Os
- Package
- RpcInterface
- Sbom
- Scim
- SoftwareComponent
- Tls
- Agent
- AiModel
- Analytic
- Api
- ApplicationObject
- Attack
- Certificate
- Check
- CisControl
- CisCsc
- Cvss
- D3fend
- Databucket
- Epss
- Extension
- Feature
- File
- HttpRequest
- Logger
- ManagedEntity
- Metadata
- Policy
- Product
- ResourceDetails
- Rule
- Service
- NtpActivity
range: string