JarCastingConfiguration
CEFTransformation
Transformation to convert a standard Syslog message to a Common Event Format (CEF) Syslog struct.
transforms=ceftransformation
transforms.ceftransformation.type=com.github.jcustenborder.kafka.connect.transform.cef.CEFTransformation
# Set these required values
| Name | Description | Type | Default | Valid Values | Importance |
|---|---|---|---|---|---|
| field.message | The field that stores the message. | string | message | high | |
| topic.cef.suffix | The suffix to append to the topic when CEF data is detected. | string | .cef | high |
Schemas
com.github.jcustenborder.kafka.connect.transform.cef.CEFMessage
The parsed representation of a CEF Message.
| Name | Optional | Schema | Default Value | Documentation |
|---|---|---|---|---|
| date | true | Timestamp | The timestamp of the message. | |
| facility | true | Int32 | The facility of the message. | |
| host | true | String | The host of the message. | |
| level | true | Int32 | The level of the syslog message as defined by rfc5424 | |
| message | false | String | Unparsed version of the message. | |
| cefVersion | false | Int32 | Version of CEF the message is using. | |
| deviceVendor | false | String | Vendor of the device that logged the message. | |
| deviceProduct | false | String | The product that logged the message. | |
| deviceVersion | false | String | The version of the device that is logging the message. | |
| deviceEventClassId | false | String | The internal event id for the message. | |
| name | false | String | Name of the event. This is typically a short description. | |
| severity | false | String | The severity of the message. | |
| extensions | true | Map of <String, String> | Key value pairs of any extensions to the message. |