Skip to main content

A small helper for formatting ArcSight Common Event Format (CEF) compliant messages

Project description

format_cef

format_cef is a little helper library for producing ArcSight Common Event Format (CEF) compliant messages from structured arguments. You can use it like this:

>>> from format_cef import format_cef
>>> format_cef(
    'acme corp', 'TNT', 1.0, '404 | not found', 'Explosives not found', 10
    oextensions={'deviceAction': 'bang = !'})
'CEF:0|acme corp|TNT|1.0|404 \| not found|Explosives not found|10|act=bang \= !'

Notice how the format format_cef takes care of escaping delimiters correctly. It will also ensure that each CEF extension complies to the restrictions outlined in the CEF documentation.

This module deliberately remains agnostic as to the log message transport protocol (as does CEF itself). It is also designed to remain stateless so as to easy to test and use as a building block in larger systems.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

format_cef-0.0.4.tar.gz (7.0 kB view hashes)

Uploaded Source

Built Distribution

format_cef-0.0.4-py2.py3-none-any.whl (9.7 kB view hashes)

Uploaded Python 2 Python 3

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page