Hi,
I see a lot of answers using the cef-codes plugin to parse CEF output from i.e. ARCsight.
I need the other way around: generate CEF output (from syslog but probably also from other formats) to use as input for ARCsight.
I saw a similar question here unanswered (Need to config codec-cef as output).
Forgive me if this is a dumb question...
Kind regards,
Oscar.
Hi,
I just understood ARCsight can listen for syslog messages.
When ARCsight wants to pull data it wants CEF..
I guess this answers my question, thanks anyway, correct my if I'm wrong.
Kind regards,
Oscar.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.