Skip to content

Connectwise Control

Product Name


Remote access and support software. Anywhere. Anytime. Any Device.

Product Details

Vendor URL: Connectwise Control

Product Type: Remote Access

Product Tier: Tier I

Integration Method: Syslog

Parser Details

Log Format: Syslog

Expected Normalization Rate: 100%


UDM Fields (list of all UDM fields leveraged in the Parser):

Log File Field UDM Field
Connectwise metadata.vendor_name
Control metadata.product_name
type metadata.product_event_type
filter metadata.description
isPublic additional.fields["isPublic"]
guest additional.fields["guest"]
name target.hostname
name target.asset.hostname
sessionid network.session_id

Product Event Types

Event UDM Event Classification
all others GENERIC_EVENT

Log Sample

<134>1 2022-12-14T12:55:01.7174777-06:00 ConnectwiseCont ScreenConnect - - [sessionid=aaabbca-ab31-4a9f-8091-bd704827df85 name=hostname1 host=<none> guest=<none> isPublic=False type=Access] A session was disconnected from

Sample Parsing

metadata.event_type = "GENERIC_EVENT"
metadata.vendor_name = "Connectwise"
metadata.product_name = "Control"
metadata.product_event_type = "Access"
metadata.description = "A session was disconnected from"
additional.fields["isPublic"] = "False"
additional.fields["guest"] = "<none>"
target.hostname = "hostname1"
target.asset.hostname = "hostname1"
network.session_id = "aaabbca-ab31-4a9f-8091-bd704827df85"

Parser Alerting

This product currently does not have any Parser-based Alerting


Coming Soon