[syslog-ng] Is there a standard for naming tag/value pairs when parsing
Scheidler, Balázs
balazs.scheidler at balabit.com
Sat Jun 11 20:45:27 CEST 2016
There's common information model at splunk or the field dictionary of CEF,
of arcsight fame.
I would probably use the splunk one, except if you plan to use arcsight at
the end.
On Jun 11, 2016 18:32, "Evan Rempel" <erempel at uvic.ca> wrote:
> There was a project by Mitre (https://www.mitre.org/) called the Common
> Event Expression (https://cee.mitre.org/) that was going to be the
> official standard for metadata names for events, but that project has
> been stopped.
>
> Other than the two references that the CEE project has for logging
> standardization efforts, does anyone know of any major efforts by any
> group to define a standard for metadata naming?
>
> Evan.
>
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation:
> http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20160611/7057186f/attachment.htm
More information about the syslog-ng
mailing list