UNPKG

nsyslog

Version:

Modular new generation log agent. Reads, transform, aggregate, correlate and send logs from sources to destinations

github.com/solzimer/nsyslog

solzimer/nsyslog

64 lines (54 loc) 1.43 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
## CEF Out Converts log entries into Common Event Format (CEF) strings. ## Examples Basic CEF output configuration: ```json "processors": { "cef": { "type": "cefout", "config": { "input": "${originalMessage}", "output": "cefMessage", "headers": { "DeviceVendor": "MyVendor", "DeviceProduct": "MyProduct", "DeviceVersion": "1.0", "SignatureID": "12345", "Name": "MyEvent", "Severity": "5" } } } } ``` ### Input Example ```json { "originalMessage": { "eventId": "1001", "source": "Application", "message": "An error occurred", "timestamp": "2023-10-01T12:00:00Z" } } ``` ### Output Example ```json { "cefMessage": "CEF:0|MyVendor|MyProduct|1.0|12345|MyEvent|5|eventId=1001 source=Application message=An error occurred timestamp=2023-10-01T12:00:00Z" } ``` ## Configuration parameters * **input**: Input field containing the data to convert to CEF format. Default: `${originalMessage}`. * **output**: Output field to store the resulting CEF string. Default: `cef`. * **headers**: Optional. Custom headers for the CEF message. If not provided, default headers will be used. Default headers: - **CEFVersion**: `0` - **DeviceVendor**: `localdomain` - **DeviceProduct**: `localdomain` - **DeviceVersion**: `0` - **SignatureID**: `0` - **Name**: `localdomain` - **Severity**: `0`