The syslog header should not be defined in the base profile.
However, there is considerable overlap between the information contained in
the syslog header and that contained in the CEE event header: such as the
time and the information regarding the source.
Within an event, we want to identify the source that created the event
record. In Syslog and other transports, we need to identify the source that
sent the event record.
Hopefully, this distinction will be made more clear in the updated
The MITRE Corporation
>From: [hidden email] [mailto:[hidden email]]
>Sent: Thursday, 02 February, 2012 00:29
>To: cee-discussion-list CEE-Related Discussion
>Subject: [CEE-DISCUSSION-LIST] Syslog Header in Base Profile??
>I have a few questions about the base profile:
>Why is the syslog header defined in the base profile? Isn't it a design
>principle to separate the transport from the log message itself? So,
>wondering why it would be defined?