<p dir="ltr">There's common information model at splunk or the field dictionary of CEF, of arcsight fame.</p>
<p dir="ltr">I would probably use the splunk one, except if you plan to use arcsight at the end.</p>
<div class="gmail_quote">On Jun 11, 2016 18:32, "Evan Rempel" <<a href="mailto:erempel@uvic.ca">erempel@uvic.ca</a>> wrote:<br type="attribution"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">There was a project by Mitre (<a href="https://www.mitre.org/" rel="noreferrer" target="_blank">https://www.mitre.org/</a>) called the Common<br>
Event Expression (<a href="https://cee.mitre.org/" rel="noreferrer" target="_blank">https://cee.mitre.org/</a>) that was going to be the<br>
official standard for metadata names for events, but that project has<br>
been stopped.<br>
<br>
Other than the two references that the CEE project has for logging<br>
standardization efforts, does anyone know of any major efforts by any<br>
group to define a standard for metadata naming?<br>
<br>
Evan.<br>
______________________________________________________________________________<br>
Member info: <a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" rel="noreferrer" target="_blank">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a><br>
Documentation: <a href="http://www.balabit.com/support/documentation/?product=syslog-ng" rel="noreferrer" target="_blank">http://www.balabit.com/support/documentation/?product=syslog-ng</a><br>
FAQ: <a href="http://www.balabit.com/wiki/syslog-ng-faq" rel="noreferrer" target="_blank">http://www.balabit.com/wiki/syslog-ng-faq</a><br>
<br>
</blockquote></div>