Hi,
I see a lot of answers using the cef-codes plugin to parse CEF output from i.e. ARCsight.
I need the other way around: generate CEF output (from syslog but probably also from other formats) to use as input for ARCsight.
I saw a similar question here unanswered (Need to config codec-cef as output).
Forgive me if this is a dumb question...
Kind regards,
Oscar.
Hi,
I just understood ARCsight can listen for syslog messages.
When ARCsight wants to pull data it wants CEF..
I guess this answers my question, thanks anyway, correct my if I'm wrong.
Kind regards,
Oscar.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.