qnd:common_event_format

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
qnd:common_event_format [2021/10/05 16:12] mguptonqnd:common_event_format [2021/10/05 16:16] (current) mgupton
Line 1: Line 1:
 ====== Common Event Format (CEF) ====== ====== Common Event Format (CEF) ======
 +
 +==== General Form ====
  
 <code> <code>
 CEF:Version|Device Vendor|Device Product|Device Version|Signature ID|Name|Severity|Extension CEF:Version|Device Vendor|Device Product|Device Version|Signature ID|Name|Severity|Extension
 </code> </code>
 +
  
   * signature id: a integer or string that is a unique identifier for the event   * signature id: a integer or string that is a unique identifier for the event
Line 9: Line 12:
   * extension: any number of key-value pairs in the form of key=value separated by spaces.   * extension: any number of key-value pairs in the form of key=value separated by spaces.
  
 +==== Example ====
 +
 +<code>
 +CEF:0|Red Hat|RHEL|8.0.0|100|SSH login|5
 +</code>
  • qnd/common_event_format.1633450363.txt.gz
  • Last modified: 2021/10/05 16:12
  • by mgupton