CEF Formatter
- Noga Aviram (Unlicensed)
Owned by Noga Aviram (Unlicensed)
Description | Config Example |
|---|---|
Delivering the data in a CEF format - A known syntax for log records. | {"configuration":"{\n "headers": {\n "vendor": "cef device vendor",\n "product": "cef device product",\n "version": "cef device version",\n "id": "cef id",\n "name": "cef name1",\n "severity": "cef severity",\n "cefversion": "cef format version",\n "header": ""\n },\n "extensions": {}\n}","name":"filebeatceftrans","type":"transform"} |
CEF Format
The data flow should be defined with the ‘CEF Formatter’ condition, inside the relevant forwarder:
Add Original Event - Adds the original event as a string into the result.
Add CEF Headers.
Output: The target receives the logs as as key-value pairs.
Â