Generated for monitored Syslog messages.
See Wikipedia for more information about the Syslog protocol.
C: The connection record for the underlying transport-layer session/flow. Facility: The “facility” included in the message. Severity: The “severity” included in the message. Msg: The message logged.
Bro currently parses only UDP syslog traffic. Support for TCP syslog will be added soon.