CYBERSECEVENTS
Cyber-security events
This sequenced log provides a list of the cyber-security events logged by the receiver.
Message ID: 2608
Log type: Polled
Recommended input:
LOG CYBERSECEVENTS
ASCII example:
#CYBERSECEVENTSA,COM1,0,67.0,FINESTEERING,2371,246719.000,02000020,dbd9,32768;9,9,9,WIFI_AP_PASSKEY_CHANGED,TRUE,2025,6,17,0,12,6,ADMIN_PASSWORD_REINITIALIZED,TRUE,2025,6,17,0,12,24,BRUTE_FORCE_ATTACK_DETECTED,TRUE,2025,6,17,0,16,1,ADMIN_PASSWORD_CHANGE_SAVED,TRUE,2025,6,17,0,16,12,ADMIN_PASSWORD_CHANGE_SAVED,TRUE,2025,6,17,0,16,13,WIFI_AP_PASSKEY_CHANGED,TRUE,2025,6,17,0,16,14,WIFI_AP_PASSKEY_CHANGED,TRUE,2025,6,17,0,16,14,WIFI_AP_PASSKEY_SAVED,TRUE,2025,6,17,0,16,14,WIFI_AP_PASSKEY_REINITIALIZED,TRUE,2025,6,17,0,16,14*206b00f3
Abbreviated ASCII example:
<CYBERSECEVENTS COM1 0 65.5 FINESTEERING 2371 245958.000 02000020 dbd9 32768
< 9 9 9
< WIFI_AP_PASSKEY_CHANGED TRUE 2025 6 17 0 12 6
< ADMIN_PASSWORD_REINITIALIZED TRUE 2025 6 17 0 12 24
< BRUTE_FORCE_ATTACK_DETECTED TRUE 2025 6 17 0 16 1
< ADMIN_PASSWORD_CHANGE_SAVED TRUE 2025 6 17 0 16 12
< ADMIN_PASSWORD_CHANGE_SAVED TRUE 2025 6 17 0 16 13
< WIFI_AP_PASSKEY_CHANGED TRUE 2025 6 17 0 16 14
< WIFI_AP_PASSKEY_CHANGED TRUE 2025 6 17 0 16 14
< WIFI_AP_PASSKEY_SAVED TRUE 2025 6 17 0 16 14
< WIFI_AP_PASSKEY_REINITIALIZED TRUE 2025 6 17 0 16 14
|
Field |
Field type |
Description |
Format |
Binary bytes |
Binary offset |
|
1 |
Log header |
CYBERSECEVENTS header For information about log headers, see ASCII, Abbreviated ASCII or Binary. |
– |
H |
0 |
|
2 |
total_number_of_events |
Total number of cyber-security events in non-volatile storage |
Ulong |
4 |
H |
|
3 |
number_of_events_logged |
Number of cyber-security events logged in this log sequence. |
Ulong |
4 |
H+4 |
|
4 |
number_of_cybersec_events |
Number of cyber-security events to follow (0 to 30). Each record consists of the following 8 fields (fields 5 through 12). |
Ulong |
4 |
H+8 |
|
5 |
event |
Type of cyber-security event. See Table: Cyber-Security event type. |
Enum |
4 |
H+12+ (N*16) |
|
6 |
timestamp_status |
If TRUE, the following timestamp is an accurate representation of the UTC time at which the event occurred. If FALSE, the following timestamp is an estimate of the earliest possible UTC time at which the event occurred. The actual time could be any time prior to the next accurate time in the log or the time at which the log was captured. |
Bool |
4 |
H+16+ (N*16) |
|
7 |
timestamp_year |
UTC year at which the event occurred. |
Ushort |
2 |
H+20+ (N*16) |
|
8 |
timestamp_month |
UTC month at which the event occurred. |
Uchar |
1 |
H+22+ (N*16) |
|
9 |
timestamp_day |
UTC day at which the event occurred. |
Uchar |
1 |
H+23+ (N*16) |
|
10 |
timestamp_hour |
UTC hour at which the event occurred. |
Uchar |
1 |
H+24+ (N*16) |
|
11 |
timestamp_minute |
UTC minute at which the event occurred. |
Uchar |
1 |
H+25+ (N*16) |
|
12 |
timestamp_second |
UTC second at which the event occurred. |
Ushort |
2 |
H+26+ (N*16) |
|
13 |
* |
Delimiter separating log information from the CRC (ASCII only) |
– |
– |
– |
|
14 |
xxxx |
32-bit CRC (ASCII and Binary only) |
Hex |
4 |
H+28+(N * 16) |
|
15 |
[CR][LF] |
Sentence terminator (ASCII only) |
- |
- |
- |