cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted

Not all fields on CEF format

Jump to solution

Hello everyone

I have an issue with a datasource, the device is sending logs in CEF format and is logging the events but the SIEM only grabs the basic fields and there are more fields that I would like to view. For example the event only has IP, Port, action and host. But In the log I have Interface, Profile, Category, Vlan, etc..

Does anyone knows how can I add these extra fields to the event, is it with custom parsing?

Labels (2)
1 Solution

Accepted Solutions
Reliable Contributor David1111
Reliable Contributor
Report Inappropriate Content
Message 2 of 2

Re: Not all fields on CEF format

Jump to solution

Yes.

use the ASP - Advanced Syslog Parser Interface.

if you need help with the REGEX just upload here

the "test text \ packet text"

and the REGEX you are trying to write.

i and the entire wonderful community will try helping out.

 

Best Regards👍👍👍

David.

 

1 Reply
Reliable Contributor David1111
Reliable Contributor
Report Inappropriate Content
Message 2 of 2

Re: Not all fields on CEF format

Jump to solution

Yes.

use the ASP - Advanced Syslog Parser Interface.

if you need help with the REGEX just upload here

the "test text \ packet text"

and the REGEX you are trying to write.

i and the entire wonderful community will try helping out.

 

Best Regards👍👍👍

David.

 

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community