Overview#Common Event Format (CEF) is a Logging and Auditing file format from ArcSight and is an extensible, text-based format designed to support multiple device types by offering the most relevant information.
Message syntaxes are reduced to work with ESM normalization. Specifically, Common Event Format defines a syntax for log records comprised of a standard header and a variable extension, formatted as key-value pairs.
Common Event Format can be used with on-premise devices by implementing the ArcSight Syslog SmartConnector.
Common Event Format is probably the widest used format.