cef-0.1.4: CEF log format

Safe HaskellSafe
LanguageHaskell2010

System.Log.CEF

Contents

Description

CEF Log Format

This library implements ArcSight CEF Revision 20 released on 06052013

See: https://protect724.hp.com/servlet/JiveServlet/downloadBody/1072-102-6-4697/CommonEventFormat.pdf

Synopsis

Documentation

data CEFEvent Source

Constructors

CEFEvent 

Fields

deviceVendor :: Text
 
deviceProduct :: Text
 
deviceVersion :: Text
 
signatureId :: Text

Is a unique identifier per event-type.

name :: Text

Is a string representing a human-readable and understandable description of the event.

severity :: Int

Reflects the importance of the event. Must be in range [0..10].

extensions :: Extensions
 

log :: CEFEvent -> Builder Source

>>> :set -XOverloadedStrings
>>> let exampleEvent = CEFEvent "Acme Corp" "Acmetorazor" "2.1" "cool" "MyNameIsCool" 10 (applicationProtocol "PUT")
>>> toLazyByteString $ log exampleEvent
"CEF:0|Acme Corp|Acmetorazor|2.1|cool|MyNameIsCool|10|app=PUT\n"

Extensions

data Extensions Source

Instances

emptyExtensions :: Extensions Source

extensionsBuilder :: Extensions -> Builder Source

>>> :set -XOverloadedStrings
>>> toLazyByteString $ extensionsBuilder (applicationProtocol "PUT" <> deviceCustomIPv6Address1 "localnet" "::1")
"app=PUT c6a1Label=localnet c6a1=::1"

customExtension :: Text -> Text -> Extensions Source

See Chapter 4: User-Defined Extensions from the reference

Predefined Extensions

See Chapter 2: ArcSight Extension Dictionary from the reference

type IPv6Address = Text Source

type IPv4Address = Text Source

type MACAddress = Text Source

type TimeStamp = UTCTime Source

deviceAction :: Text -> Extensions Source

deviceCustomIPv6Address1 :: Text -> IPv6Address -> Extensions Source

deviceCustomIPv6Address2 :: Text -> IPv6Address -> Extensions Source

deviceCustomIPv6Address3 :: Text -> IPv6Address -> Extensions Source

deviceCustomIPv6Address4 :: Text -> IPv6Address -> Extensions Source

applicationProtocol :: Text -> Extensions Source

deviceEventCategory :: Text -> Extensions Source

deviceCustomFloatingPoint1 :: Text -> Double -> Extensions Source

deviceCustomFloatingPoint2 :: Text -> Double -> Extensions Source

deviceCustomFloatingPoint3 :: Text -> Double -> Extensions Source

deviceCustomFloatingPoint4 :: Text -> Double -> Extensions Source

deviceCustomNumber1 :: Text -> Int -> Extensions Source

deviceCustomNumber2 :: Text -> Int -> Extensions Source

deviceCustomNumber3 :: Text -> Int -> Extensions Source

deviceCustomNumber4 :: Text -> Int -> Extensions Source

baseEventCount :: Int -> Extensions Source

deviceCustomString1 :: Text -> Text -> Extensions Source

deviceCustomString2 :: Text -> Text -> Extensions Source

deviceCustomString3 :: Text -> Text -> Extensions Source

deviceCustomString4 :: Text -> Text -> Extensions Source

deviceCustomString5 :: Text -> Text -> Extensions Source

deviceCustomString6 :: Text -> Text -> Extensions Source

destinationDnsDomain :: Text -> Extensions Source

destinationServiceName :: Text -> Extensions Source

destinationTranslatedAddress :: IPv4Address -> Extensions Source

destinationTranslatedPort :: Int -> Extensions Source

deviceCustomDate1 :: Text -> TimeStamp -> Extensions Source

deviceCustomDate2 :: Text -> TimeStamp -> Extensions Source

deviceDirectionInbound :: Extensions Source

deviceDirectionOutbound :: Extensions Source

deviceDnsDomain :: Text -> Extensions Source

deviceExternalId :: Text -> Extensions Source

deviceFacility :: Text -> Extensions Source

deviceInboundInterface :: Text -> Extensions Source

deviceMacAddress :: MACAddress -> Extensions Source

deviceNtDomain :: Text -> Extensions Source

deviceOutboundInterface :: Text -> Extensions Source

deviceProcessName :: Text -> Extensions Source

deviceTranslatedAddress :: IPv4Address -> Extensions Source

destinationHostName :: Text -> Extensions Source

destinationMacAddress :: MACAddress -> Extensions Source

destinationNtDomain :: Text -> Extensions Source

destinationProcessId :: Text -> Extensions Source

destinationUserPrivileges :: Text -> Extensions Source

destinationProcessName :: Text -> Extensions Source

destinationPort :: Int -> Extensions Source

destinationAddress :: IPv4Address -> Extensions Source

destinationUserId :: Text -> Extensions Source

destinationUserName :: Text -> Extensions Source

deviceAddress :: IPv4Address -> Extensions Source

deviceHostName :: Text -> Extensions Source

deviceProcessId :: Text -> Extensions Source

endTime :: TimeStamp -> Extensions Source

externalId :: Text -> Extensions Source

fileCreateTime :: TimeStamp -> Extensions Source

fileHash :: Text -> Extensions Source

fileId :: Text -> Extensions Source

fileModificationTime :: TimeStamp -> Extensions Source

filePath :: Text -> Extensions Source

filePermission :: Text -> Extensions Source

fileType :: Text -> Extensions Source

fileName :: Text -> Extensions Source

fileSize :: Int -> Extensions Source

bytesIn :: Int -> Extensions Source

message :: Text -> Extensions Source

oldFileCreateTime :: TimeStamp -> Extensions Source

oldFileHash :: Text -> Extensions Source

oldFileId :: Text -> Extensions Source

oldFileModificationTime :: TimeStamp -> Extensions Source

oldFileName :: Text -> Extensions Source

oldFilePath :: Text -> Extensions Source

oldFilePermission :: Text -> Extensions Source

oldFileSize :: Int -> Extensions Source

oldFileType :: Text -> Extensions Source

bytesOut :: Int -> Extensions Source

eventOutcome :: Text -> Extensions Source

transportProtocol :: Text -> Extensions Source

reason :: Text -> Extensions Source

requestURL :: Text -> Extensions Source

requestClientApplication :: Text -> Extensions Source

requestCookies :: Text -> Extensions Source

requestMethod :: Text -> Extensions Source

receiptTime :: TimeStamp -> Extensions Source

sourceHostName :: Text -> Extensions Source

sourceMacAddress :: MACAddress -> Extensions Source

sourceNtDomain :: Text -> Extensions Source

sourceDnsDomain :: Text -> Extensions Source

sourceServiceName :: Text -> Extensions Source

sourceTranslatedAddress :: IPv4Address -> Extensions Source

sourceTranslatedPort :: Int -> Extensions Source

sourceProcessId :: Int -> Extensions Source

sourceUserPrivileges :: Text -> Extensions Source

sourceProcessName :: Text -> Extensions Source

sourcePort :: Int -> Extensions Source

sourceAddress :: IPv4Address -> Extensions Source

startTime :: TimeStamp -> Extensions Source

sourceUserId :: Text -> Extensions Source

sourceUserName :: Text -> Extensions Source

Re-exports

(<>) :: Monoid m => m -> m -> m infixr 6

An infix synonym for mappend.

Since: 4.5.0.0