An opinionated and simple implementation for writing Log files in the ArcSight Common Event Format (CEF), in Go, with ingestion of logs into indexing backends in mind.
An opinionated and simple implementation for writing Log files in the ArcSight Common Event Format (CEF), in Go, with ingestion of logs into indexing backends in mind.
Based on Version 24 of the format dated August 22, 2017 found at ArcSight Common Event Format (CEF) Guide [1]. The direct link to the specification at the time is at [2]. The specification document is also included with this source for persistence.
package mainimport "github.com/new23d/logacef"func main() {/* Instantiating a new logger,with NewLogACEF(device_vendor string, device_product string, device_version string, filepath string, min_severity int) */myAppLog := logacef.NewLogACEF("AcmeInc", "myApp", "2.1.4", "/var/log/myApp/myApp.log", 5)/* Writing a new event into the log file,with WriteEvent(Device_Event_Class_ID/deci string, Name/desc string, Severity/sevr int, Extension/extn CEFExtn/map[string]string) *//* This event will NOT be written since the minimum severity level set in the instance is 5 */myAppLog.WriteEvent("-", "config file parsed", 3, logacef.CEFExtn{"spt": "8080"})/* This event will be written since the severity level of 7 is greater than or equal to the minimum severity level set in the instance */myAppLog.WriteEvent("-", "user authentication failed", 7, logacef.CEFExtn{"duser": "joe.bloggs", "dpriv": "guest"})}
0640.