How do I tie a specific message to the corresponding log file entries?

The same way as usual -- you can match the message file ID to the SNF log entry and usually the message headers (depending upon the platform).

You have the option to produce classic SNF logs from the new version.  By default, the new XML based logs are used because they provide additional information.

The <s../> element contains the scan information. The attributes include the scan result code, rule ID, message file name, timestamp...

Contained within the <s../> element you can optionally include elements for scanner peformance, gbudb information, pattern matches...

The configuration file contains comments that describe how the log files can be interpreted along with the configuration switches that select the logging configuration.

Related Topics