.png?width=180&height=32&name=NW%20Logo%20(2).png){kind=small}
Supported CEF Meta Keys
Supported CEF Meta KeysSupported CEF Meta Keys
This topic describes the Common Event Format (CEF) meta keys that NetWitness global audit logging supports.
Global audit logging templates that you define for a Log Decoder use Common Event Format (CEF) and must meet the following specific standard requirements:
- Include the CEF headers in the template.
- Use only the extensions and custom extensions in a (Key=Value) format from the meta key table below.
- Ensure that the extensions and custom extensions are in the key=%{string}
key=%{string} format.
For third-party syslog servers, you can define your own format (CEF or non-CEF).
Procedures related to this table are described in Define a Template for Global Audit Logging and Configure Global Audit Logging.
Supported Common Event Format (CEF) Meta KeysSupported Common Event Format (CEF) Meta Keys
The following table describes the CEF Syslog meta keys that NetWitness global audit logging supports. The Datetime and Hostname fields in the Syslog Prefix are not configurable and not included in the template, but they are prepended to every log message by default. The CEF Header is required to conform to the CEF standard and for any CEF parser. The Extensions and Custom Extensions are optional. The Default Audit CEF Template contains many of the fields in this table. You can add any of the Extensions and Custom Extensions listed to the global audit logging template that you define.