What exactly are you trying to do?
Are you trying to send the alert data directly from the sensor to a Syslog server or do you want the NSM manager to forward all alert data to a syslog server?
You can see the default Syslog Message by going to Devices > <DEVICE_NAME> > Setup > Logging > IPS Event Logging
Select the Enable Logging option to see the default message.
I want to send Syslogs messages from NS9200 IPS device to the Syslog-NG server and from there to the SIEM. We have our custom SIEM where we do basics monitoring of devices. Hence I am looking forward for the raw syslog format of NS9200 IPS device if you can help me with.
From the Manager, you can follow the steps as Peter mentioned above to view the default syslog message.
Here is what I see for our NS9200:
"$IV_SENSOR_NAME$ detected $IV_DIRECTION$ attack $IV_ATTACK_NAME$ (severity = $IV_ATTACK_SEVERITY$). $IV_SOURCE_IP$:$IV_SOURCE_PORT$ -> $IV_DESTINATION_IP$:$IV_DESTINATION_PORT$ (result = $IV_RESULT_STATUS$)"
If this has been changed, there is also a button to 'Reset to System Default'.
The device may be configured to directly send to Syslog-NG using the page on the manager: 'Devices > <DEVICE_NAME> > Setup > Logging > IPS Event Logging'.
The message on the page reads " Devices forward all alerts to the Manager, which can be configured to send IPS event notification via syslog, SNMP, SMTP and pager. Use this page to additionally send syslog notification directly from the device. "
This page has configuration options that will apply only to this sensor.
If you have multiple devices, and you wish to configure all at once to send to Syslog-NG, navigate to 'Devices > Global > IPS Device Settings > IPS Event Logging' and configure from this page. This will apply to all your sensors.
Finally, if you wish to configure the manager for logging events, go to 'Manage(r) > Setup > Notification > IPS Events > Syslog'. This page will allow you to configure the manager to send events to Syslog-NG, which will reduce load on the sensors.
Please review the Manager Administration Guide, beginning on pg 97 for details of the fields and variables that may be set on each of these pages.