{"id":87,"date":"2007-04-19T20:08:10","date_gmt":"2007-04-20T01:08:10","guid":{"rendered":"http:\/\/raffy.ch\/blog\/2007\/04\/19\/standard-logging-format-common-event-exchange-cee\/"},"modified":"2007-04-23T17:57:22","modified_gmt":"2007-04-23T22:57:22","slug":"standard-logging-format-common-event-exchange-cee","status":"publish","type":"post","link":"https:\/\/raffy.ch\/blog\/2007\/04\/19\/standard-logging-format-common-event-exchange-cee\/","title":{"rendered":"Standard Logging Format &#8211; Common Event Expression (CEE)"},"content":{"rendered":"<p>As <a href=\"http:\/\/chuvakin.blogspot.com\/2007\/04\/finally-common-event-expression-cee-is.html\">Anton<\/a> mentioned, there is a new event logging standard in the works. What Anton did not mention is the four areas that you need to talk about when you talk about a logging standard. Well, here they are:<\/p>\n<ol>\n<li>Common Event Syntax, like <a href=\"http:\/\/www.arcsight.com\/solutions_cef.htm\">CEF<\/a><\/li>\n<li>Common Event Taxonomy. This is where you attach &#8220;meaning&#8221; or &#8220;semantics&#8221; to an event. There are a few proprietary ones, nothing standardized though.<\/li>\n<li>Common Event Transport<\/li>\n<li>Common Event Representation, defining what a device should log. An operating system should log user logins for example.<\/li>\n<\/ol>\n<p>And don&#8217;t mix these things. The transport has nothing to do with the syntax! I don&#8217;t want to implement a SOAP environment to transport some events. Unfortunately a few companies and even standards have made that mistake! I don&#8217;t want to mention anyone here&#8230;<br \/>\nStay tuned for http:\/\/cee.mitre.org to go live and learn more about all of this.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>As Anton mentioned, there is a new event logging standard in the works. What Anton did not mention is the four areas that you need to talk about when you talk about a logging standard. Well, here they are: Common Event Syntax, like CEF Common Event Taxonomy. This is where you attach &#8220;meaning&#8221; or &#8220;semantics&#8221; [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[],"class_list":["post-87","post","type-post","status-publish","format-standard","hentry","category-log-analysis"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/raffy.ch\/blog\/wp-json\/wp\/v2\/posts\/87","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/raffy.ch\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/raffy.ch\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/raffy.ch\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/raffy.ch\/blog\/wp-json\/wp\/v2\/comments?post=87"}],"version-history":[{"count":0,"href":"https:\/\/raffy.ch\/blog\/wp-json\/wp\/v2\/posts\/87\/revisions"}],"wp:attachment":[{"href":"https:\/\/raffy.ch\/blog\/wp-json\/wp\/v2\/media?parent=87"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/raffy.ch\/blog\/wp-json\/wp\/v2\/categories?post=87"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/raffy.ch\/blog\/wp-json\/wp\/v2\/tags?post=87"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}