{"id":16634151,"url":"https://github.com/jcustenborder/cef-parser","last_synced_at":"2025-06-15T20:03:21.127Z","repository":{"id":57720422,"uuid":"89083131","full_name":"jcustenborder/cef-parser","owner":"jcustenborder","description":"Parser for Common Event Format messages","archived":false,"fork":false,"pushed_at":"2021-10-14T19:42:05.000Z","size":37,"stargazers_count":6,"open_issues_count":1,"forks_count":6,"subscribers_count":2,"default_branch":"master","last_synced_at":"2023-07-26T21:58:46.186Z","etag":null,"topics":["cef","logging","syslog"],"latest_commit_sha":null,"homepage":null,"language":"Java","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/jcustenborder.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2017-04-22T16:21:45.000Z","updated_at":"2023-04-18T15:35:50.000Z","dependencies_parsed_at":"2022-09-02T13:02:01.196Z","dependency_job_id":null,"html_url":"https://github.com/jcustenborder/cef-parser","commit_stats":null,"previous_names":[],"tags_count":0,"template":null,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jcustenborder%2Fcef-parser","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jcustenborder%2Fcef-parser/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jcustenborder%2Fcef-parser/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jcustenborder%2Fcef-parser/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/jcustenborder","download_url":"https://codeload.github.com/jcustenborder/cef-parser/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":219856675,"owners_count":16556082,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cef","logging","syslog"],"created_at":"2024-10-12T05:29:53.224Z","updated_at":"2024-10-12T05:29:53.885Z","avatar_url":"https://github.com/jcustenborder.png","language":"Java","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Introduction\n\n[![Maven Central](https://maven-badges.herokuapp.com/maven-central/com.github.jcustenborder/cef-parser/badge.svg)](https://maven-badges.herokuapp.com/maven-central/com.github.jcustenborder/cef-parser)\n\nThis library is used to parse the [ArcSight Common Event Format (CEF)](https://www.protect724.hpe.com/docs/DOC-1072). \nCEF is a logging protocol that is typically sent over syslog. Messages will be formatted similar to this:\n \n ```text\nSep 19 08:26:10 host CEF:0|security|threatmanager|1.0|100|detected a \\| in message|10|src=10.0.0.1 act=blocked a | dst=1.1.1.1\nSep 19 08:26:10 host CEF:0|security|threatmanager|1.0|100|detected a \\\\ in packet|10|src=10.0.0.1 act=blocked a \\\\ dst=1.1.1.1\nCEF:0|security|threatmanager|1.0|100|detected a \\\\ in packet|10|src=10.0.0.1 act=blocked a \\\\ dst=1.1.1.1\n```\n\nThis is over the standard [Syslog](https://en.wikipedia.org/wiki/Syslog) protocol. A typical syslog message will include\nthe timestamp, host, and the message for the event. This library can parse entries that contain that have the timestamp and host,\nor will also work if they are missing.\n\n# Example\n\nBelow is a simple example of how to use the parser.\n\n```java\nimport com.github.jcustenborder.cef.CEFParserFactory;\nimport com.github.jcustenborder.cef.CEFParser;\nimport com.github.jcustenborder.cef.Message;\n\nclass Foo {\n  static void main(String... args) throws Exception {\n    CEFParser f = CEFParserFactory.create();\n    Message message = f.parse(\"Sep 19 08:26:10 host CEF:0|security|threatmanager|1.0|100|detected a \\| in message|10|src=10.0.0.1 act=blocked a | dst=1.1.1.1\");\n  }\n}\n```\n\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjcustenborder%2Fcef-parser","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fjcustenborder%2Fcef-parser","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjcustenborder%2Fcef-parser/lists"}