cef-parser

A pom for deploying to maven central.

License	License Apache License 2.0
Categories	Categories Graylog Application Layer Libs Logging
GroupId	GroupId org.graylog.cef
ArtifactId	ArtifactId cef-parser
Last Version	Last Version 0.0.1.10
Release Date	Release Date Nov 15, 2017
Type	Type jar
Description	Description cef-parser A pom for deploying to maven central.
Project URL	Project URL https://github.com/graylog-labs/cef-parser
Source Code Management	Source Code Management https://github.com/graylog-labs/cef-parser

Download cef-parser

Filename	Size
cef-parser-0.0.1.10.pom
cef-parser-0.0.1.10.jar	15 KB
cef-parser-0.0.1.10-sources.jar	13 KB
cef-parser-0.0.1.10-javadoc.jar	49 KB
Browse

How to add to project

Apache Maven

<!-- https://jarcasting.com/artifacts/org.graylog.cef/cef-parser/ -->
<dependency>
    <groupId>org.graylog.cef</groupId>
    <artifactId>cef-parser</artifactId>
    <version>0.0.1.10</version>
</dependency>

Gradle Groovy

// https://jarcasting.com/artifacts/org.graylog.cef/cef-parser/
implementation 'org.graylog.cef:cef-parser:0.0.1.10'

Gradle Kotlin

// https://jarcasting.com/artifacts/org.graylog.cef/cef-parser/
implementation ("org.graylog.cef:cef-parser:0.0.1.10")

Apache Buildr

'org.graylog.cef:cef-parser:jar:0.0.1.10'

Apache Ivy

<dependency org="org.graylog.cef" name="cef-parser" rev="0.0.1.10">
  <artifact name="cef-parser" type="jar" />
</dependency>

Groovy Grape

@Grapes(
@Grab(group='org.graylog.cef', module='cef-parser', version='0.0.1.10')
)

Scala SBT

libraryDependencies += "org.graylog.cef" % "cef-parser" % "0.0.1.10"

Leiningen

[org.graylog.cef/cef-parser "0.0.1.10"]

Dependencies

provided (1)

Group / Artifact	Type	Version
org.slf4j : slf4j-api	jar	1.7.25

test (7)

Group / Artifact	Type	Version
com.fasterxml.jackson.core : jackson-databind	jar	2.9.2
org.junit.jupiter : junit-jupiter-engine	jar	5.0.2
org.junit.jupiter : junit-jupiter-api	jar	5.0.2
org.mockito : mockito-core	jar	2.12.0
ch.qos.logback : logback-classic	jar	1.2.3
org.reflections : reflections	jar	0.9.11
com.google.guava : guava	jar	23.4-jre

Project Modules

There are no modules declared in this project.

Introduction

This library is used to parse the ArcSight Common Event Format (CEF). CEF is a logging protocol that is typically sent over syslog. Messages will be formatted similar to this:

Sep 19 08:26:10 host CEF:0|security|threatmanager|1.0|100|detected a \| in message|10|src=10.0.0.1 act=blocked a | dst=1.1.1.1
Sep 19 08:26:10 host CEF:0|security|threatmanager|1.0|100|detected a \\ in packet|10|src=10.0.0.1 act=blocked a \\ dst=1.1.1.1
CEF:0|security|threatmanager|1.0|100|detected a \\ in packet|10|src=10.0.0.1 act=blocked a \\ dst=1.1.1.1

This is over the standard Syslog protocol. A typical syslog message will include the timestamp, host, and the message for the event. This library can parse entries that contain that have the timestamp and host, or will also work if they are missing.

Example

Below is a simple example of how to use the parser.

import com.github.jcustenborder.cef.CEFParserFactory;
import com.github.jcustenborder.cef.CEFParser;
import com.github.jcustenborder.cef.Message;

class Foo {
  static void main(String... args) throws Exception {
    CEFParser f = CEFParserFactory.create();
    Message message = f.parse("Sep 19 08:26:10 host CEF:0|security|threatmanager|1.0|100|detected a \\| in message|10|src=10.0.0.1 act=blocked a | dst=1.1.1.1");
  }
}

Graylog Labs

Graylog related repositories that are not officially supported yet

Versions

Version
0.0.1.10 Nov 15, 2017
0.0.1.9 Sep 26, 2017
0.0.1.8 Sep 25, 2017

cef-parser

License

Categories

GroupId

ArtifactId

Last Version

Release Date

Type

Description

Project URL

Source Code Management