qnd:common_event_format

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision		 Previous revision
qnd:common_event_format [2021/10/05 16:06] mguptonqnd:common_event_format [2021/10/05 16:16] (current) mgupton
Line 1: Line 1:
 ====== Common Event Format (CEF) ====== ====== Common Event Format (CEF) ======
 +
 +==== General Form ====
  
 <code> <code>
Line 5: Line 7:
 </code> </code>
  
 +
 +  * signature id: a integer or string that is a unique identifier for the event
   * severity: integer value 0-10   * severity: integer value 0-10
   * extension: any number of key-value pairs in the form of key=value separated by spaces.   * extension: any number of key-value pairs in the form of key=value separated by spaces.
 +
 +==== Example ====
 +
 +<code>
 +CEF:0|Red Hat|RHEL|8.0.0|100|SSH login|5
 +</code>
  • qnd/common_event_format.1633449989.txt.gz
  • Last modified: 2021/10/05 16:06
  • by mgupton