jspωiki
Common Event Format

Overview#

Common Event Format (CEF) is a Logging and Auditing file format from ArcSight and is an extensible, text-based format designed to support multiple device types by offering the most relevant information.

Message syntaxes are reduced to work with ESM normalization. Specifically, Common Event Format defines a syntax for log records comprised of a standard header and a variable extension, formatted as key-value pairs.

Common Event Format can be used with on-premise devices by implementing the ArcSight Syslog SmartConnector.

Common Event Format can also be used by cloud-based service providers by implementing the SmartConnector for ArcSight Common Event Format REST.

Common Event Format is probably the widest used format.

More Information#

There might be more information for this subject on one of the following: