Common Event Format
This is the simplified log-format that most SIEM and analytics tools like splunk or arcsight. The format is simple and has required fields similar to the below.
CEF typeversion | MFG'er | Model | Version
e.g ( prefix for fortinet devices )
These fields helps in reporting and identifying the source of the log and the format is common and well support and known. It allows for a plug-play and walkaway approach with most SIEMs that support CEF
Here's a few syslog_dumps from a FGT firewall.
Various vendors support CEF
NSE ( network security expert) and Route/Switching Engineer
kfelix -----a----t---- socpuppets ---dot---com
=( @ @ )=