Output CEF

saad · November 27, 2017, 5:30pm

Hi
I created conf file in logstash to receive cef input and then send this event by using output cef. I got the cef event successfully as input. however, I found that the output is sent to acrsight connector but only with the following data

0|Elasticsearch|Logstash|1.0|Logstash|Logstash|6|

Why the fields in the input event is not included??

Below is the conf file

input
{
stdin{
codec => cef
}
}

output
{
udp
{
host => ["x.x.x.x"]
port => "516"
codec => cef
}
}

x.x.x.x is the arcsight connector listen on port 516 udp

system · December 25, 2017, 5:30pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Sending logs from Logstash to ArcSight via Syslog CEF Logstash	3	2526	March 28, 2019
Logstash CEF output 5.x vs 2.x Logstash	3	760	April 18, 2017
ArcSight module CEF input parsing (over TCP) [SOLVED] Logstash	1	533	August 8, 2019
Plugin to generate CEF output for ARCsight Logstash	2	1304	November 29, 2017
Arcsight Logs do not Ouput to Kibana Logstash	2	628	August 8, 2017

Output CEF

Related topics