Syslog messages can be used for centralized collection and analysis of cybersecurity events in your organization's information system. You can enable and configure sending of these messages to an external syslog server in the PT MultiScanner web interface. In this case, the system will send messages related to new objects, the start and end of work with sources, object check results, and verdicts on objects and tasks. Messages related to updates of scan engines and their databases will also be sent. All messages comply with the RFC 5424 standard and have the following format:

<100>1 <message date and time> <PT MultiScanner node name> multiscanner - <message type> - <JSON message body>

The header for all messages includes priority 100, version 1, the date and time when it was received by the syslog server, the main PT MultiScanner node name, the multiscanner tag, and the MSGID message type. The message body in JSON format contains general information about the message, and its structure depends on the message type.