Additional Syslogs details in Cerberus FTP’s logs

To improve the identification and classification of log entries into SIEM products, please output the event rule type ( https://support.cerberusftp.com/hc/en-us/articles/115001954490-Creating-and-Editing-Event-Rules ) in the SYSLOG output mechanism for Cerberus logging.

The logging configuration file should be here:

C:\ProgramData\Cerberus LLC\Cerberus FTP Server\log4j.xml

We want to find this XML entry:

<appender name="syslog" class="org.apache.log4j.net.SyslogAppender">

And update the pattern to include the Event Type:

<param name="ConversionPattern" value="[SOME PATTERN HERE]"/>

The current variables seem to be default Log4J, which can be interpreted here - https://logging.apache.org/log4j/2.x/manual/layouts.html#Pattern_Layout

Example of pattern with extra (add to exisintg) fields:

<param name="ConversionPattern" value="%d log_level='%p' thread_name='%t' event_id='%X{event_id}' transaction_id='%X{transaction_id}' app_name='%X{app_name}' class_name='%c' method_name='%M(%L)' message='%m' %n"/>