Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/jcustenborder/cef-parser

Parser for Common Event Format messages
https://github.com/jcustenborder/cef-parser

cef logging syslog

Last synced: 4 months ago
JSON representation

Parser for Common Event Format messages

Host: GitHub
URL: https://github.com/jcustenborder/cef-parser
Owner: jcustenborder
License: apache-2.0
Created: 2017-04-22T16:21:45.000Z (almost 8 years ago)
Default Branch: master
Last Pushed: 2021-10-14T19:42:05.000Z (over 3 years ago)
Last Synced: 2023-07-26T21:58:46.186Z (over 1 year ago)
Topics: cef, logging, syslog
Language: Java
Size: 36.1 KB
Stars: 6
Watchers: 2
Forks: 6
Open Issues: 1
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

README

        # Introduction

[![Maven Central](https://maven-badges.herokuapp.com/maven-central/com.github.jcustenborder/cef-parser/badge.svg)](https://maven-badges.herokuapp.com/maven-central/com.github.jcustenborder/cef-parser)

This library is used to parse the [ArcSight Common Event Format (CEF)](https://www.protect724.hpe.com/docs/DOC-1072). 

CEF is a logging protocol that is typically sent over syslog. Messages will be formatted similar to this:

 

 ```text

Sep 19 08:26:10 host CEF:0|security|threatmanager|1.0|100|detected a \| in message|10|src=10.0.0.1 act=blocked a | dst=1.1.1.1

Sep 19 08:26:10 host CEF:0|security|threatmanager|1.0|100|detected a \\ in packet|10|src=10.0.0.1 act=blocked a \\ dst=1.1.1.1

CEF:0|security|threatmanager|1.0|100|detected a \\ in packet|10|src=10.0.0.1 act=blocked a \\ dst=1.1.1.1

```

This is over the standard [Syslog](https://en.wikipedia.org/wiki/Syslog) protocol. A typical syslog message will include

the timestamp, host, and the message for the event. This library can parse entries that contain that have the timestamp and host,

or will also work if they are missing.

# Example

Below is a simple example of how to use the parser.

```java

import com.github.jcustenborder.cef.CEFParserFactory;

import com.github.jcustenborder.cef.CEFParser;

import com.github.jcustenborder.cef.Message;

class Foo {

  static void main(String... args) throws Exception {

    CEFParser f = CEFParserFactory.create();

    Message message = f.parse("Sep 19 08:26:10 host CEF:0|security|threatmanager|1.0|100|detected a \| in message|10|src=10.0.0.1 act=blocked a | dst=1.1.1.1");

  }

}

```