The syslog settings are configured under Logs → Configuration:

images/download/attachments/1933768/syslog.png

Setting	Description	Default Value
Address	Where the syslog messages are sent
Port	The open port for accepting syslog messages	514
Protocol	Select between using UDP or TCP	UDP
Enabled	Enables usage of the syslog server	Enabled
Facility Level	How Kiosk appears in syslog messages	User-level
Log Level	Determines which messages get sent to the syslog server, it filters out any message less important than that selected	All
Event Monitoring	Determines which types of events are logged	Application File Session
Output Format	Select the format of the message between standard "syslog" or "CEF"	syslog

images/download/attachments/1933768/server_setting_buttons.png

Select new server to add a new syslog server to the list; remove to delete a server.
Select reset to revert the settings back to how Kiosk is currently configured.
Select apply to set Kiosk settings to how they appear on this page.

syslog Message Format

Example: MDM[12752] eventCode='000000', logType='databaseLog', Configuration reloaded

Component	Description	Value(s)
Product ID	Short product ID	MDM
Kiosk Process ID	The process ID of Kiosk	[#]
eventCode	6 digit code to indicate the type of event	000000 - Unclassified 100000 - Allowed file found 100001 - Blocked file found 100002 - User successful login event 100003 - Configuration changed 100004 - UI event 100005 - Service event 100006 - Authentication event (error or failure) 100007 - Database event 100008 - Device event 100009 - HTTP event 100010 - Session event 100011 - File event 100012 - Low disk space event 100013 - CimTrak deny event 200000 - Session ended
logType	Event monitoring log type	databaseLog - Application Events fileLog - File Events sessionLog - Session Events windowsEventLog - Windows Events serviceLog - Debugging Info
Message	The content of the message	Text or JSON formatted content

CEF Message Format