There's common information model at splunk or the field dictionary of CEF, of arcsight fame. I would probably use the splunk one, except if you plan to use arcsight at the end. On Jun 11, 2016 18:32, "Evan Rempel" <erempel@uvic.ca> wrote:
There was a project by Mitre (https://www.mitre.org/) called the Common Event Expression (https://cee.mitre.org/) that was going to be the official standard for metadata names for events, but that project has been stopped.
Other than the two references that the CEE project has for logging standardization efforts, does anyone know of any major efforts by any group to define a standard for metadata naming?
Evan.
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq