Differences
This shows you the differences between two versions of the page.
| Next revision | Previous revision | ||
| qnd:common_event_format [2021/10/05 15:58] – created mgupton | qnd:common_event_format [2021/10/05 16:16] (current) – mgupton | ||
|---|---|---|---|
| Line 1: | Line 1: | ||
| ====== Common Event Format (CEF) ====== | ====== Common Event Format (CEF) ====== | ||
| + | |||
| + | ==== General Form ==== | ||
| < | < | ||
| Line 5: | Line 7: | ||
| </ | </ | ||
| + | |||
| + | * signature id: a integer or string that is a unique identifier for the event | ||
| + | * severity: integer value 0-10 | ||
| + | * extension: any number of key-value pairs in the form of key=value separated by spaces. | ||
| + | |||
| + | ==== Example ==== | ||
| + | |||
| + | < | ||
| + | CEF:0|Red Hat|RHEL|8.0.0|100|SSH login|5 | ||
| + | </ | ||