cef

package module
v0.3.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 26, 2024 License: Apache-2.0 Imports: 6 Imported by: 0

README

CEF

CEF builder generated from CEF implementation standard.

Usage

go get go.m8.ru/cef

package main

import (
	"fmt"
	"net"

	"go.m8.ru/cef"
)

func main() {
	l1 := new(cef.CEF)
	l1.SetCEFVersion(0)
	l1.SetDeviceVendor("Security")
	l1.SetDeviceProduct("threatmanager")
	l1.SetDeviceVersion("1.0")
	l1.SetDeviceEventClassID("100")
	l1.SetName("worm successfully stopped")
	l1.SetAgentSeverity(cef.AgentSeverityVeryHigh10)
	l1.SetSrc(net.ParseIP("10.0.0.1"))
	l1.SetDst(net.ParseIP("2.1.2.2"))
	l1.SetSpt(1232)

	text, err1 := l1.MarshalText()

	fmt.Printf("%s\n", text)
	fmt.Println(err1)

	l2 := new(cef.CEF)
	err2 := l2.UnmarshalText(text)

	fmt.Println(l2.CEFVersion())
	fmt.Println(l2.DeviceVendor())
	fmt.Println(l2.DeviceProduct())
	fmt.Println(l2.DeviceVersion())
	fmt.Println(l2.DeviceEventClassID())
	fmt.Println(l2.Name())
	fmt.Println(l2.AgentSeverity())
	fmt.Printf("dst=%v spt=%v src=%v\n", l2.Dst(), l2.Spt(), l2.Src())
	fmt.Println(err2)
}

See example for more info.

Reference

Documentation

Index

Examples

Constants

This section is empty.

Variables

View Source 
var (
	ErrBadCEFVersion    = errors.New("cef: bad CEF version")
	ErrBadAgentSeverity = errors.New("cef: bad agent severity")
	ErrBadExtension     = errors.New("cef: bad extension")
)
View Source 
var ErrHeaderFieldsNum = errors.New("cef: number of header fields less than 7")

Functions

This section is empty.

Types

type AgentSeverity 

type AgentSeverity int

AgentSeverity is a string or integer and it reflects the importance of the event. 

The valid string values are: Unknown, Low, Medium, High, and Very-High.
The valid integer values are: 0-3=Low, 4-6=Medium, 7- 8=High, and 9- 10=Very-High

const (
	AgentSeverityLow0 AgentSeverity = iota
	AgentSeverityLow1
	AgentSeverityLow2
	AgentSeverityLow3
	AgentSeverityMedium4
	AgentSeverityMedium5
	AgentSeverityMedium6
	AgentSeverityHigh7
	AgentSeverityHigh8
	AgentSeverityVeryHigh9
	AgentSeverityVeryHigh10
)

func (AgentSeverity) String 

func (s AgentSeverity) String() string

type CEF 

type CEF struct {
	// contains filtered or unexported fields
}

func (*CEF) AHost added in v0.3.0 

func (cef *CEF) AHost() string

The hostname of the ArcSight connector that processed the event.

func (*CEF) AID added in v0.3.0 

func (cef *CEF) AID() string

The agent ID of the ArcSight connector that processed the event.

func (*CEF) AMAC added in v0.3.0 

func (cef *CEF) AMAC() net.HardwareAddr

The MAC address of the ArcSight connector that processed the event.

func (*CEF) AT added in v0.3.0 

func (cef *CEF) AT() string

The agent type of the ArcSight connector that processed the event

func (*CEF) ATZ added in v0.3.0 

func (cef *CEF) ATZ() string

The agent time zone of the ArcSight connector that processed the event.

func (*CEF) AV added in v0.3.0 

func (cef *CEF) AV() string

The version of the ArcSight connector that processed the event.

func (*CEF) Act 

func (cef *CEF) Act() string

Action taken by the device.

func (*CEF) AgentDNSDomain 

func (cef *CEF) AgentDNSDomain() string

The DNS domain name of the ArcSight connector that processed the event.

func (*CEF) AgentNtDomain 

func (cef *CEF) AgentNtDomain() string

func (*CEF) AgentSeverity 

func (cef *CEF) AgentSeverity() AgentSeverity

agentSeverity is a string or integer and it reflects the importance of the event. l The valid string values are: Unknown, Low, Medium, High, and Very-High. l The valid integer values are: 0-3=Low, 4-6=Medium, 7- 8=High, and 9- 10=Very-High

func (*CEF) AgentTranslatedAddress 

func (cef *CEF) AgentTranslatedAddress() net.IP

func (*CEF) AgentTranslatedZoneExternalID 

func (cef *CEF) AgentTranslatedZoneExternalID() string

func (*CEF) AgentTranslatedZoneKey 

func (cef *CEF) AgentTranslatedZoneKey() int64

ID of an agentTranslatedZone resource reference.

func (*CEF) AgentTranslatedZoneURI 

func (cef *CEF) AgentTranslatedZoneURI() string

func (*CEF) AgentZoneExternalID 

func (cef *CEF) AgentZoneExternalID() string

func (*CEF) AgentZoneKey 

func (cef *CEF) AgentZoneKey() int64

ID of an agentZone resource reference.

func (*CEF) AgentZoneURI 

func (cef *CEF) AgentZoneURI() string

func (*CEF) Agt 

func (cef *CEF) Agt() net.IP

The IP address of the ArcSight connector that processed the event.

func (*CEF) App 

func (cef *CEF) App() string

Application level protocol, example: HTTP, HTTPS, SSHv2, Telnet, POP, IMPA, IMAPS, and so on.

func (*CEF) Art 

func (cef *CEF) Art() string

The time at which information about the event was received by the ArcSight connector.

func (*CEF) C6A1 added in v0.3.0 

func (cef *CEF) C6A1() net.IP

One of the four IPv6 address fields available to map fields that do not apply to any other in this dictionary. TIP: For tips on using these fields, see the guidelines defined under User-Defined Extensions.

func (*CEF) C6A1Label added in v0.3.0 

func (cef *CEF) C6A1Label() string

All custom fields have a corresponding label field. Each of these fields is a string and describes the purpose of the custom field.

func (*CEF) C6A3 added in v0.3.0 

func (cef *CEF) C6A3() net.IP

One of the four IPv6 address fields available to map fields that do not apply to any other in this dictionary. TIP: For tips on using these fields, see the guidelines defined under User-Defined Extensions.

func (*CEF) C6A3Label added in v0.3.0 

func (cef *CEF) C6A3Label() string

All custom fields have a corresponding label field. Each of these fields is a string and describes the purpose of the custom field.

func (*CEF) C6A4 added in v0.3.0 

func (cef *CEF) C6A4() net.IP

One of the four IPv6 address fields available to map fields that do not apply to any other in this dictionary. TIP: For tips on using these fields, see the guidelines defined under User-Defined Extensions.

func (*CEF) C6A4Label added in v0.3.0 

func (cef *CEF) C6A4Label() string

All custom fields have a corresponding label field. Each of these fields is a string and describes the purpose of the custom field.

func (*CEF) CEFVersion 

func (cef *CEF) CEFVersion() int

CEF Version is an integer and identifies the version of the CEF format. Event consumers use this information to determine what the following fields represent. The current CEF format versions are: l 0 (CEF:0) - for CEF Specification version 0.1 l 1 (CEF:1)- for CEF Specification version 1.x For example, for CEF Specification version 1.2, the value of the CEF Version header field will be "1".

func (*CEF) CFP1 added in v0.3.0 

func (cef *CEF) CFP1() float32

One of our floating point fields available to map fields that do not apply to any other in this dictionary.

func (*CEF) CFP1Label added in v0.3.0 

func (cef *CEF) CFP1Label() string

All custom fields have a corresponding label field. Each of these fields is a string and describes the purpose of the custom field.

func (*CEF) CFP2 added in v0.3.0 

func (cef *CEF) CFP2() float32

One of the four floating point fields available to map fields that do not apply to any other in this dictionary.

func (*CEF) CFP2Label added in v0.3.0 

func (cef *CEF) CFP2Label() string

All custom fields have a corresponding label field. Each of these fields is a string and describes the purpose of the custom field.

func (*CEF) CFP3 added in v0.3.0 

func (cef *CEF) CFP3() float32

One of the four floating point fields available to map fields that do not apply to any other in this dictionary.

func (*CEF) CFP3Label added in v0.3.0 

func (cef *CEF) CFP3Label() string

All custom fields have a corresponding label field. Each of these fields is a string and describes the purpose of the custom field.

func (*CEF) CFP4 added in v0.3.0 

func (cef *CEF) CFP4() float32

One of the four floating point fields available to map fields that do not apply to any other in this dictionary.

func (*CEF) CFP4Label added in v0.3.0 

func (cef *CEF) CFP4Label() string

All custom fields have a corresponding label field. Each of these fields is a string and describes the purpose of the custom field.

func (*CEF) CN1 added in v0.3.0 

func (cef *CEF) CN1() int64

One of the three number fields available to map fields that do not apply to any other in this dictionary. Use sparingly and seek a more specific, dictionary supplied field when possible.

func (*CEF) CN1Label added in v0.3.0 

func (cef *CEF) CN1Label() string

All custom fields have a corresponding label field. Each of these fields is a string and describes the purpose of the custom field.

func (*CEF) CN2 added in v0.3.0 

func (cef *CEF) CN2() int64

One of the three number fields available to map fields that do not apply to any other in this dictionary. Use sparingly and seek a more specific, dictionary supplied field when possible.

func (*CEF) CN2Label added in v0.3.0 

func (cef *CEF) CN2Label() string

All custom fields have a corresponding label field. Each of these fields is a string and describes the purpose of the custom field. Implementing ArcSight Common Event Format (CEF) - Version 26 ArcS

func (*CEF) CN3 added in v0.3.0 

func (cef *CEF) CN3() int64

One of the three number fields available to map fields that do not apply to any other in this dictionary. Use sparingly and seek a more specific, dictionary supplied field when possible.

func (*CEF) CN3Label added in v0.3.0 

func (cef *CEF) CN3Label() string

All custom fields have a corresponding label field. Each of these fields is a string and describes the purpose of the custom field.

func (*CEF) CS1 added in v0.3.0 

func (cef *CEF) CS1() string

One of the six strings available to map fields that do not apply to any other in this dictionary. Use sparingly and seek a more specific, dictionary supplied field when possible. TIP : For tips on using these fields, see the guidelines defined under User- Defined Extensions

func (*CEF) CS1Label added in v0.3.0 

func (cef *CEF) CS1Label() string

All custom fields have a corresponding label field. Each of these fields is a string and describes the purpose of the custom field.

func (*CEF) CS2 added in v0.3.0 

func (cef *CEF) CS2() string

One of the six strings available to map fields that do not apply to any other in this dictionary. Use sparingly and seek a more specific, dictionary supplied field when possible. TIP: For tips on using these fields, see the guidelines defined under User-Defined Extensions.

func (*CEF) CS2Label added in v0.3.0 

func (cef *CEF) CS2Label() string

All custom fields have a corresponding label field. Each of these fields is a string and describes the purpose of the custom field

func (*CEF) CS3 added in v0.3.0 

func (cef *CEF) CS3() string

One of the six strings available to map fields that do not apply to any other in this dictionary. Use sparingly and seek a more specific, dictionary supplied field when possible. TIP: For tips on using these fields, see the guidelines defined under User-Defined Extensions.

func (*CEF) CS3Label added in v0.3.0 

func (cef *CEF) CS3Label() string

All custom fields have a corresponding label field. Each of these fields is a string and describes the purpose of the custom field.

func (*CEF) CS4 added in v0.3.0 

func (cef *CEF) CS4() string

One of the six strings available to map fields that do not apply to any other in this dictionary. Use sparingly and seek a more specific, dictionary supplied field when possible. TIP : For tips on using these fields, see the guidelines defined under User- Defined Extensions

func (*CEF) CS4Label added in v0.3.0 

func (cef *CEF) CS4Label() string

All custom fields have a corresponding label field. Each of these fields is a string and describes the purpose of the custom field.

func (*CEF) CS5 added in v0.3.0 

func (cef *CEF) CS5() string

One of six strings available to map fields that do not apply to any other in this dictionary. Use sparingly and seek a more specific, dictionary supplied field when possible. TIP : For tips on using these fields, see the guidelines defined under User- Defined Extensions.

func (*CEF) CS5Label added in v0.3.0 

func (cef *CEF) CS5Label() string

All custom fields have a corresponding label field. Each of these fields is a string and describes the purpose of the custom field

func (*CEF) CS6 added in v0.3.0 

func (cef *CEF) CS6() string

One of six strings available to map fields that do not apply to any other in this dictionary. Use sparingly and seek a more specific, dictionary supplied field when possible. TIP : For tips on using these fields, see the guidelines defined under User- Defined Extensions.

func (*CEF) CS6Label added in v0.3.0 

func (cef *CEF) CS6Label() string

All custom fields have a corresponding label field. Each of these fields is a string and describes the purpose of the custom field.

func (*CEF) Cat 

func (cef *CEF) Cat() string

Represents the category assigned by the originating device. Devices often use their own categorization schema to classify event. Example: “/Monitor/Disk/Read”

func (*CEF) Cnt 

func (cef *CEF) Cnt() int

A count associated with this event. How many times was this same event observed? Count can be omitted if it is 1.

func (*CEF) CustomerExternalID 

func (cef *CEF) CustomerExternalID() string

func (*CEF) CustomerKey 

func (cef *CEF) CustomerKey() int64

ID of a customer resource reference.

func (*CEF) CustomerURI 

func (cef *CEF) CustomerURI() string

func (*CEF) DHost added in v0.3.0 

func (cef *CEF) DHost() string

Identifies the destination that an event refers to in an IP network. The format must be a fully qualified domain name (FQDN) associated with the destination node, when a node is available. Examples: “host.domain.com” or “host”.

func (*CEF) DLat added in v0.3.0 

func (cef *CEF) DLat() float64

The latitudinal value from which the destination’s IP address belongs.

func (*CEF) DLong added in v0.3.0 

func (cef *CEF) DLong() float64

The longitudinal value from which the destination’s IP address belongs.

func (*CEF) DPID added in v0.3.0 

func (cef *CEF) DPID() int

Provides the ID of the destination process associated with the event. For example, if an event contains process ID 105, “105” is the process ID

func (*CEF) DPriv added in v0.3.0 

func (cef *CEF) DPriv() string

The typical values are “Administrator”, “User”, and “Guest”. This identifies the destination user’s privileges. In UNIX, for example, activity executed on the root user would be identified with destinationUser Privileges of “Administrator”.

func (*CEF) DProc added in v0.3.0 

func (cef *CEF) DProc() string

The name of the event’s destination process. Example: “telnetd” or “sshd”.

func (*CEF) DPt added in v0.3.0 

func (cef *CEF) DPt() int

The valid port numbers are between 0 and 65535.

func (*CEF) DTZ added in v0.3.0 

func (cef *CEF) DTZ() string

The timezone for the device generating the event.

func (*CEF) DUID added in v0.3.0 

func (cef *CEF) DUID() string

Identifies the destination user by ID. For example, in UNIX, the root user is generally associated with user ID 0

func (*CEF) DUser added in v0.3.0 

func (cef *CEF) DUser() string

Identifies the destination user by name. This is the user associated with the event’s destination. Email addresses are often mapped into the UserName fields. The recipient is a candidate to put into this field.

func (*CEF) DZoneKey 

func (cef *CEF) DZoneKey() int64

ID of a destinationZone resource reference.

func (*CEF) DestinatioTranslatedZoneExternalID 

func (cef *CEF) DestinatioTranslatedZoneExternalID() string

func (*CEF) DestinationDNSDomain 

func (cef *CEF) DestinationDNSDomain() string

The DNS domain part of the complete fully qualified domain name (FQDN).

func (*CEF) DestinationServiceName 

func (cef *CEF) DestinationServiceName() string

The service targeted by this event. Example: “sshd”

func (*CEF) DestinationTranslatedAddress 

func (cef *CEF) DestinationTranslatedAddress() net.IP

Identifies the translated destination that the event refers to in an IP network. The format is an IPv4 address. Example: “192.168.10.1”

func (*CEF) DestinationTranslatedPort 

func (cef *CEF) DestinationTranslatedPort() int

Port after it was translated; for example, a firewall. Valid port numbers are 0 to 65535

func (*CEF) DestinationTranslatedZoneKey 

func (cef *CEF) DestinationTranslatedZoneKey() int64

ID of a destinationTranslate dZone resource reference.

func (*CEF) DestinationTranslatedZoneURI 

func (cef *CEF) DestinationTranslatedZoneURI() string

The URI for the Translated Zone that the destination asset has been assigned to in ArcSight.

func (*CEF) DestinationZoneExternalID 

func (cef *CEF) DestinationZoneExternalID() string

func (*CEF) DestinationZoneURI 

func (cef *CEF) DestinationZoneURI() string

The URI for the Zone that the destination asset has been assigned to in ArcSight.

func (*CEF) DeviceCustomDate1 

func (cef *CEF) DeviceCustomDate1() string

One of two timestamp fields available to map fields that do not apply to any other in this dictionary. Use sparingly and seek a more specific, dictionary supplied field when possible. TIP : For tips on using these fields, see the guidelines defined under User- Defined Extensions.

func (*CEF) DeviceCustomDate1Label 

func (cef *CEF) DeviceCustomDate1Label() string

All custom fields have a corresponding label field. Each of these fields is a string and describes the purpose of the custom field.

func (*CEF) DeviceCustomDate2 

func (cef *CEF) DeviceCustomDate2() string

One of the two timestamp fields available to map fields that do not apply to any other in this dictionary. Use sparingly and seek a more specific, dictionary supplied field when possible. TIP: For tips on using these fields, see the guidelines defined under User-Defined Extensions

func (*CEF) DeviceCustomDate2Label 

func (cef *CEF) DeviceCustomDate2Label() string

All custom fields have a corresponding label field. Each of these fields is a string and describes the purpose of the custom field.

func (*CEF) DeviceDNSDomain 

func (cef *CEF) DeviceDNSDomain() string

The DNS domain part of the complete fully qualified domain name (FQDN).

func (*CEF) DeviceDirection 

func (cef *CEF) DeviceDirection() int

Any information about what direction the observed communication has taken. The following values are supported: “0” for inbound or “1” for outbound

func (*CEF) DeviceEventClassID 

func (cef *CEF) DeviceEventClassID() string

deviceEventClassId is a unique identifier for each event-type. This can be a string or an integer. deviceEventClassId identifies the type of event reported. In the intrusion detection system (IDS) world, each signature or rule that detects certain activity has a unique deviceEventClassId assigned. This is a requirement for other types of devices as well, and helps correlation engines process the events. It is also known as Signature ID. Note: The ‘=’, ‘%’ , and ‘#’characters must be escaped in the vulnerability string that are mapped to deviceEventClassId , and if they are present in the description or name of the vulnerability. However, these characters must not be escaped when used as a delimiter

func (*CEF) DeviceExternalID 

func (cef *CEF) DeviceExternalID() string

A name that uniquely identifies the device generating this event.

func (*CEF) DeviceFacility 

func (cef *CEF) DeviceFacility() string

The facility generating this event. For example, Syslog has an explicit facility associated with every event.

func (*CEF) DeviceInboundInterface 

func (cef *CEF) DeviceInboundInterface() string

Interface on which the packet or data entered the device.

func (*CEF) DeviceNtDomain 

func (cef *CEF) DeviceNtDomain() string

The Windows domain name of the device address.

func (*CEF) DeviceOutboundInterface 

func (cef *CEF) DeviceOutboundInterface() string

Interface on which the packet or data left the device

func (*CEF) DevicePayloadID 

func (cef *CEF) DevicePayloadID() string

Unique identifier for the payload associated with the event.

func (*CEF) DeviceProcessName 

func (cef *CEF) DeviceProcessName() string

Process name associated with the event. An example might be the process generating the syslog entry in UNIX.

func (*CEF) DeviceProduct 

func (cef *CEF) DeviceProduct() string

deviceProduct, deviceVendor, and deviceVersion are strings that uniquely identify the type of device that sent the message. No two products might use the same deviceVendor and deviceProduct pair. There is no central authority managing these pairs. Event producers must ensure that they assign unique name pairs.

func (*CEF) DeviceTranslatedAddress 

func (cef *CEF) DeviceTranslatedAddress() net.IP

Identifies the translated device address that the event refers to in an IP network. The format is an IPv4 address. Example: “192.168.10.1”

func (*CEF) DeviceTranslatedZoneExternalID 

func (cef *CEF) DeviceTranslatedZoneExternalID() string

func (*CEF) DeviceTranslatedZoneKey 

func (cef *CEF) DeviceTranslatedZoneKey() int64

ID of a deviceTranslatedZone resource reference.

func (*CEF) DeviceTranslatedZoneURI 

func (cef *CEF) DeviceTranslatedZoneURI() string

The URI for the Translated Zone that the device asset has been assigned to in ArcSight.

func (*CEF) DeviceVendor 

func (cef *CEF) DeviceVendor() string

deviceProduct, deviceVendor, and deviceVersion are strings that uniquely identify the type of device that sent the message. No two products might use the same deviceVendor and deviceProduct pair. There is no central authority managing these pairs. Event producers must ensure that they assign unique name pairs.

func (*CEF) DeviceVersion 

func (cef *CEF) DeviceVersion() string

deviceProduct, deviceVendor, and deviceVersion are strings that uniquely identify the type of device that sent the message. No two products might use the same deviceVendor and deviceProduct pair. There is no central authority managing these pairs. Event producers must ensure that they assign unique name pairs.

func (*CEF) DeviceZoneExternalID 

func (cef *CEF) DeviceZoneExternalID() string

func (*CEF) DeviceZoneKey 

func (cef *CEF) DeviceZoneKey() int64

ID of a deviceZone resource reference.

func (*CEF) DeviceZoneURI 

func (cef *CEF) DeviceZoneURI() string

Thee URI for the Zone that the device asset has been assigned to in ArcSight.

func (*CEF) Dntdom 

func (cef *CEF) Dntdom() string

The Windows domain name of the destination address.

func (*CEF) Dst 

func (cef *CEF) Dst() net.IP

Identifies the destination address that the event refers to in an IP network. The format is an IPv4 address. Example: “192.168.10.1”

func (*CEF) Dvc 

func (cef *CEF) Dvc() net.IP

Identifies the device address that an event refers to in an IP network. The format is an IPv4 address. Example: “192.168.10.1”.

func (*CEF) DvcHost added in v0.3.0 

func (cef *CEF) DvcHost() string

The format should be a fully qualified domain name (FQDN) associated with the device node, when a node is available. Example: “host.domain.com” or “host”.

func (*CEF) DvcMAC added in v0.3.0 

func (cef *CEF) DvcMAC() net.HardwareAddr

Six colon-separated hexadecimal numbers. Example: “00:0D:60:AF:1B:61”

func (*CEF) DvcPID added in v0.3.0 

func (cef *CEF) DvcPID() int

Provides the ID of the process on the device generating the event.

func (*CEF) End 

func (cef *CEF) End() string

The time at which the activity related to the event ended. The format is MMM dd yyyy HH:mm:ss or milliseconds since epoch (Jan 1st1970). An example would be reporting the end of a session.

func (*CEF) EventID 

func (cef *CEF) EventID() int64

This is a unique ID that ArcSight assigns to each event.

func (*CEF) ExternalID 

func (cef *CEF) ExternalID() string

The ID used by an originating device. They are usually increasing numbers, associated with events.

func (*CEF) FName added in v0.3.0 

func (cef *CEF) FName() string

Name of the file only (without its path).

func (*CEF) FSize added in v0.3.0 

func (cef *CEF) FSize() int64

Size of the file.

func (*CEF) FileCreateTime 

func (cef *CEF) FileCreateTime() string

Time when the file was created.

func (*CEF) FileHash 

func (cef *CEF) FileHash() string

Hash of a file.

func (*CEF) FileID 

func (cef *CEF) FileID() string

An ID associated with a file could be the inode.

func (*CEF) FileModificationTime 

func (cef *CEF) FileModificationTime() string

Time when the file was last modified.

func (*CEF) FilePath 

func (cef *CEF) FilePath() string

Full path to the file, including file name itself. Example: C:\Program Files \WindowsNT\Access ories\ wordpad.exe or /usr/bin/zip

func (*CEF) FilePermission 

func (cef *CEF) FilePermission() string

Permissions of the file.

func (*CEF) FileType 

func (cef *CEF) FileType() string

Type of file (pipe, socket, etc.)

func (*CEF) FlexDate1 

func (cef *CEF) FlexDate1() string

A timestamp field available to map a timestamp that does not apply to any other defined timestamp field in this dictionary. Use all flex fields sparingly and seek a more specific, dictionary supplied field when possible. These fields are typically reserved for customer use and should not be set by vendors unless necessary.

func (*CEF) FlexDate1Label 

func (cef *CEF) FlexDate1Label() string

The label field is a string and describes the purpose of the flex field.

func (*CEF) FlexString1 

func (cef *CEF) FlexString1() string

One of four floating point fields available to map fields that do not apply to any other in this dictionary. Use sparingly and seek a more specific, dictionary supplied field when possible. These fields are typically reserved for customer use and should not be set by vendors unless necessary.

func (*CEF) FlexString1Label 

func (cef *CEF) FlexString1Label() string

The label field is a string and describes the purpose of the flex field

func (*CEF) FlexString2 

func (cef *CEF) FlexString2() string

One of four floating point fields available to map fields that do not apply to any other in this dictionary. Use sparingly and seek a more specific, dictionary supplied field when possible. These fields are typically reserved for customer use and should not be set by vendors unless necessary.

func (*CEF) FlexString2Label 

func (cef *CEF) FlexString2Label() string

The label field is a string and describes the purpose of the flex field.

func (*CEF) In 

func (cef *CEF) In() int64

Number of bytes transferred inbound, relative to the source to destination relationship, meaning that data was flowing from source to destination.

func (*CEF) MarshalText 

func (cef *CEF) MarshalText() (text []byte, err error)
Example 
package main

import (
	"fmt"
	"net"

	"go.m8.ru/cef"
)

func main() {
	log := new(cef.CEF)
	log.SetCEFVersion(0)
	log.SetDeviceVendor("Security")
	log.SetDeviceProduct("threatmanager")
	log.SetDeviceVersion("1.0")
	log.SetDeviceEventClassID("100")
	log.SetName("worm successfully stopped")
	log.SetAgentSeverity(cef.AgentSeverityVeryHigh10)
	log.SetSrc(net.ParseIP("10.0.0.1"))
	log.SetDst(net.ParseIP("2.1.2.2"))
	log.SetSPt(1232)

	text, err := log.MarshalText()

	fmt.Printf("%s\n", text)
	fmt.Println(err)
}

Output:

CEF:0|Security|threatmanager|1.0|100|worm successfully stopped|10|dst=2.1.2.2 spt=1232 src=10.0.0.1
<nil>

func (*CEF) Msg 

func (cef *CEF) Msg() string

An arbitrary message giving more details about the event. Multi-line entries can be produced by using \n as the new line separator.

func (*CEF) Name 

func (cef *CEF) Name() string

name is a string representing a human- readable and understandable description of the event. The event name must not contain information that is specifically mentioned in other fields. For example: "Port scan from 10.0.0.1 targeting 20.1.1.1" is not a good event name. It must be: "Port scan". The other information is redundant and can be picked up from the rest of the fields

func (*CEF) OldFileCreateTime 

func (cef *CEF) OldFileCreateTime() string

Time when old file was created.

func (*CEF) OldFileHash 

func (cef *CEF) OldFileHash() string

Hash of the old file

func (*CEF) OldFileID 

func (cef *CEF) OldFileID() string

An ID associated with the old file could be the inode.

func (*CEF) OldFileModificationTime 

func (cef *CEF) OldFileModificationTime() string

Time when old file was last modified.

func (*CEF) OldFileName 

func (cef *CEF) OldFileName() string

Name of the old file.

func (*CEF) OldFilePath 

func (cef *CEF) OldFilePath() string

Full path to the old file, including the file name itself. Examples: c:\Program Files\ WindowsNT\Accesso ries \wordpad.exe or /usr/bin/zip

func (*CEF) OldFilePermission 

func (cef *CEF) OldFilePermission() string

Permissions of the old file.

func (*CEF) OldFileSize 

func (cef *CEF) OldFileSize() int64

Size of the old file.

func (*CEF) OldFileType 

func (cef *CEF) OldFileType() string

Type of the old file (pipe, socket, etc.)

func (*CEF) Out 

func (cef *CEF) Out() int

Number of bytes transferred outbound relative to the source to destination relationship. For example, the byte number of data flowing from the destination to the source.

func (*CEF) Outcome 

func (cef *CEF) Outcome() string

Displays the outcome, usually as ‘success’ or ‘failure’.

func (*CEF) Proto 

func (cef *CEF) Proto() string

Identifies the Layer-4 protocol used. The possible values are protocols such as TCP or UDP

func (*CEF) RawEvent 

func (cef *CEF) RawEvent() string

func (*CEF) Reason 

func (cef *CEF) Reason() string

The reason an audit event was generated. For example “badd password” or “unknown user”. This could also be an error or return code. Example: “0x1234”

func (*CEF) Request 

func (cef *CEF) Request() string

In the case of an HTTP request, this field contains the URL accessed. The URL should contain the protocol as well. Example: “http://www/secure. com”

func (*CEF) RequestClientApplication 

func (cef *CEF) RequestClientApplication() string

The User-Agent associated with the request.

func (*CEF) RequestContext 

func (cef *CEF) RequestContext() string

Description of the content from which the request originated (for example, HTTP Referrer)

func (*CEF) RequestCookies 

func (cef *CEF) RequestCookies() string

Cookies associated with the request.

func (*CEF) RequestMethod 

func (cef *CEF) RequestMethod() string

The method used to access a URL. Possible values: “POST”, “GET”, etc.

func (*CEF) Rt 

func (cef *CEF) Rt() string

The time at which the event related to the activity was received. The format is MMM dd yyyy HH:mm:ss or milliseconds since epoch (Jan 1st 1970)

func (*CEF) SHost added in v0.3.0 

func (cef *CEF) SHost() string

Identifies the source that an event refers to in an IP network. The format should be a fully qualified domain name (FQDN) associated with the source node, when a mode is available. Examples: “host” or “host.domain.com”.

func (*CEF) SLat added in v0.3.0 

func (cef *CEF) SLat() float64

func (*CEF) SLong added in v0.3.0 

func (cef *CEF) SLong() float64

func (*CEF) SMAC added in v0.3.0 

func (cef *CEF) SMAC() net.HardwareAddr

Six colon-separated hexadecimal numbers. Example: “00:0D:60:AF:1B:61”

func (*CEF) SNtDom added in v0.3.0 

func (cef *CEF) SNtDom() string

The Windows domain name for the source address.

func (*CEF) SPID added in v0.3.0 

func (cef *CEF) SPID() int

The ID of the source process associated with the event

func (*CEF) SPriv added in v0.3.0 

func (cef *CEF) SPriv() string

The typical values are “Administrator”, “User”, and “Guest”. It identifies the source user’s privileges. In UNIX, for example, activity executed by the root user would be identified with “Administrator”.

func (*CEF) SProc added in v0.3.0 

func (cef *CEF) SProc() string

The name of the event’s source process.

func (*CEF) SPt added in v0.3.0 

func (cef *CEF) SPt() int

The valid port numbers are 0 to 65535.

func (*CEF) STranslatedZoneKey 

func (cef *CEF) STranslatedZoneKey() int64

ID of a sourceTranslatedZon e resource reference.

func (*CEF) SUID added in v0.3.0 

func (cef *CEF) SUID() string

Identifies the source user by ID. This is the user associated with the source of the event. For example, in UNIX, the root user is generally associated with user ID 0.

func (*CEF) SUser added in v0.3.0 

func (cef *CEF) SUser() string

Identifies the source user by name. Email addresses are also mapped into the UserName fields. The sender is a candidate to put into this field.

func (*CEF) SZoneKey 

func (cef *CEF) SZoneKey() int64

ID of a sourceZone resource reference

func (*CEF) SetAHost added in v0.3.0 

func (cef *CEF) SetAHost(v string) *CEF

SetAHost sets "ahost" field.

func (*CEF) SetAID added in v0.3.0 

func (cef *CEF) SetAID(v string) *CEF

SetAID sets "aid" field.

func (*CEF) SetAMAC added in v0.3.0 

func (cef *CEF) SetAMAC(v net.HardwareAddr) *CEF

SetAMAC sets "amac" field.

func (*CEF) SetAT added in v0.3.0 

func (cef *CEF) SetAT(v string) *CEF

SetAT sets "at" field.

func (*CEF) SetATZ added in v0.3.0 

func (cef *CEF) SetATZ(v string) *CEF

SetATZ sets "atz" field.

func (*CEF) SetAV added in v0.3.0 

func (cef *CEF) SetAV(v string) *CEF

SetAV sets "av" field.

func (*CEF) SetAct 

func (cef *CEF) SetAct(v string) *CEF

SetAct sets "act" field.

func (*CEF) SetAgentDNSDomain 

func (cef *CEF) SetAgentDNSDomain(v string) *CEF

SetAgentDNSDomain sets "agentDNSDomain" field.

func (*CEF) SetAgentNtDomain 

func (cef *CEF) SetAgentNtDomain(v string) *CEF

SetAgentNtDomain sets "agentNtDomain" field.

func (*CEF) SetAgentSeverity 

func (cef *CEF) SetAgentSeverity(v AgentSeverity) *CEF

SetAgentSeverity sets "agentSeverity" field.

func (*CEF) SetAgentTranslatedAddress 

func (cef *CEF) SetAgentTranslatedAddress(v net.IP) *CEF

SetAgentTranslatedAddress sets "agentTranslatedAddress" field.

func (*CEF) SetAgentTranslatedZoneExternalID 

func (cef *CEF) SetAgentTranslatedZoneExternalID(v string) *CEF

SetAgentTranslatedZoneExternalID sets "agentTranslatedZoneExternalID" field.

func (*CEF) SetAgentTranslatedZoneKey 

func (cef *CEF) SetAgentTranslatedZoneKey(v int64) *CEF

SetAgentTranslatedZoneKey sets "agentTranslatedZoneKey" field.

func (*CEF) SetAgentTranslatedZoneURI 

func (cef *CEF) SetAgentTranslatedZoneURI(v string) *CEF

SetAgentTranslatedZoneURI sets "agentTranslatedZoneURI" field.

func (*CEF) SetAgentZoneExternalID 

func (cef *CEF) SetAgentZoneExternalID(v string) *CEF

SetAgentZoneExternalID sets "agentZoneExternalID" field.

func (*CEF) SetAgentZoneKey 

func (cef *CEF) SetAgentZoneKey(v int64) *CEF

SetAgentZoneKey sets "agentZoneKey" field.

func (*CEF) SetAgentZoneURI 

func (cef *CEF) SetAgentZoneURI(v string) *CEF

SetAgentZoneURI sets "agentZoneURI" field.

func (*CEF) SetAgt 

func (cef *CEF) SetAgt(v net.IP) *CEF

SetAgt sets "agt" field.

func (*CEF) SetApp 

func (cef *CEF) SetApp(v string) *CEF

SetApp sets "app" field.

func (*CEF) SetArt 

func (cef *CEF) SetArt(v string) *CEF

SetArt sets "art" field.

func (*CEF) SetC6A1 added in v0.3.0 

func (cef *CEF) SetC6A1(v net.IP) *CEF

SetC6A1 sets "c6a1" field.

func (*CEF) SetC6A1Label added in v0.3.0 

func (cef *CEF) SetC6A1Label(v string) *CEF

SetC6A1Label sets "c6a1Label" field.

func (*CEF) SetC6A3 added in v0.3.0 

func (cef *CEF) SetC6A3(v net.IP) *CEF

SetC6A3 sets "c6a3" field.

func (*CEF) SetC6A3Label added in v0.3.0 

func (cef *CEF) SetC6A3Label(v string) *CEF

SetC6A3Label sets "c6a3Label" field.

func (*CEF) SetC6A4 added in v0.3.0 

func (cef *CEF) SetC6A4(v net.IP) *CEF

SetC6A4 sets "c6a4" field.

func (*CEF) SetC6A4Label added in v0.3.0 

func (cef *CEF) SetC6A4Label(v string) *CEF

SetC6A4Label sets "c6a4Label" field.

func (*CEF) SetCEFVersion 

func (cef *CEF) SetCEFVersion(v int) *CEF

SetCEFVersion sets "cefVersion" field.

func (*CEF) SetCFP1 added in v0.3.0 

func (cef *CEF) SetCFP1(v float32) *CEF

SetCFP1 sets "cfp1" field.

func (*CEF) SetCFP1Label added in v0.3.0 

func (cef *CEF) SetCFP1Label(v string) *CEF

SetCFP1Label sets "cfp1Label" field.

func (*CEF) SetCFP2 added in v0.3.0 

func (cef *CEF) SetCFP2(v float32) *CEF

SetCFP2 sets "cfp2" field.

func (*CEF) SetCFP2Label added in v0.3.0 

func (cef *CEF) SetCFP2Label(v string) *CEF

SetCFP2Label sets "cfp2Label" field.

func (*CEF) SetCFP3 added in v0.3.0 

func (cef *CEF) SetCFP3(v float32) *CEF

SetCFP3 sets "cfp3" field.

func (*CEF) SetCFP3Label added in v0.3.0 

func (cef *CEF) SetCFP3Label(v string) *CEF

SetCFP3Label sets "cfp3Label" field.

func (*CEF) SetCFP4 added in v0.3.0 

func (cef *CEF) SetCFP4(v float32) *CEF

SetCFP4 sets "cfp4" field.

func (*CEF) SetCFP4Label added in v0.3.0 

func (cef *CEF) SetCFP4Label(v string) *CEF

SetCFP4Label sets "cfp4Label" field.

func (*CEF) SetCN1 added in v0.3.0 

func (cef *CEF) SetCN1(v int64) *CEF

SetCN1 sets "cn1" field.

func (*CEF) SetCN1Label added in v0.3.0 

func (cef *CEF) SetCN1Label(v string) *CEF

SetCN1Label sets "cn1Label" field.

func (*CEF) SetCN2 added in v0.3.0 

func (cef *CEF) SetCN2(v int64) *CEF

SetCN2 sets "cn2" field.

func (*CEF) SetCN2Label added in v0.3.0 

func (cef *CEF) SetCN2Label(v string) *CEF

SetCN2Label sets "cn2Label" field.

func (*CEF) SetCN3 added in v0.3.0 

func (cef *CEF) SetCN3(v int64) *CEF

SetCN3 sets "cn3" field.

func (*CEF) SetCN3Label added in v0.3.0 

func (cef *CEF) SetCN3Label(v string) *CEF

SetCN3Label sets "cn3Label" field.

func (*CEF) SetCS1 added in v0.3.0 

func (cef *CEF) SetCS1(v string) *CEF

SetCS1 sets "cs1" field.

func (*CEF) SetCS1Label added in v0.3.0 

func (cef *CEF) SetCS1Label(v string) *CEF

SetCS1Label sets "cs1Label" field.

func (*CEF) SetCS2 added in v0.3.0 

func (cef *CEF) SetCS2(v string) *CEF

SetCS2 sets "cs2" field.

func (*CEF) SetCS2Label added in v0.3.0 

func (cef *CEF) SetCS2Label(v string) *CEF

SetCS2Label sets "cs2Label" field.

func (*CEF) SetCS3 added in v0.3.0 

func (cef *CEF) SetCS3(v string) *CEF

SetCS3 sets "cs3" field.

func (*CEF) SetCS3Label added in v0.3.0 

func (cef *CEF) SetCS3Label(v string) *CEF

SetCS3Label sets "cs3Label" field.

func (*CEF) SetCS4 added in v0.3.0 

func (cef *CEF) SetCS4(v string) *CEF

SetCS4 sets "cs4" field.

func (*CEF) SetCS4Label added in v0.3.0 

func (cef *CEF) SetCS4Label(v string) *CEF

SetCS4Label sets "cs4Label" field.

func (*CEF) SetCS5 added in v0.3.0 

func (cef *CEF) SetCS5(v string) *CEF

SetCS5 sets "cs5" field.

func (*CEF) SetCS5Label added in v0.3.0 

func (cef *CEF) SetCS5Label(v string) *CEF

SetCS5Label sets "cs5Label" field.

func (*CEF) SetCS6 added in v0.3.0 

func (cef *CEF) SetCS6(v string) *CEF

SetCS6 sets "cs6" field.

func (*CEF) SetCS6Label added in v0.3.0 

func (cef *CEF) SetCS6Label(v string) *CEF

SetCS6Label sets "cs6Label" field.

func (*CEF) SetCat 

func (cef *CEF) SetCat(v string) *CEF

SetCat sets "cat" field.

func (*CEF) SetCnt 

func (cef *CEF) SetCnt(v int) *CEF

SetCnt sets "cnt" field.

func (*CEF) SetCustomerExternalID 

func (cef *CEF) SetCustomerExternalID(v string) *CEF

SetCustomerExternalID sets "customerExternalID" field.

func (*CEF) SetCustomerKey 

func (cef *CEF) SetCustomerKey(v int64) *CEF

SetCustomerKey sets "customerKey" field.

func (*CEF) SetCustomerURI 

func (cef *CEF) SetCustomerURI(v string) *CEF

SetCustomerURI sets "customerURI" field.

func (*CEF) SetDHost added in v0.3.0 

func (cef *CEF) SetDHost(v string) *CEF

SetDHost sets "dhost" field.

func (*CEF) SetDLat added in v0.3.0 

func (cef *CEF) SetDLat(v float64) *CEF

SetDLat sets "dlat" field.

func (*CEF) SetDLong added in v0.3.0 

func (cef *CEF) SetDLong(v float64) *CEF

SetDLong sets "dlong" field.

func (*CEF) SetDPID added in v0.3.0 

func (cef *CEF) SetDPID(v int) *CEF

SetDPID sets "dpid" field.

func (*CEF) SetDPriv added in v0.3.0 

func (cef *CEF) SetDPriv(v string) *CEF

SetDPriv sets "dpriv" field.

func (*CEF) SetDProc added in v0.3.0 

func (cef *CEF) SetDProc(v string) *CEF

SetDProc sets "dproc" field.

func (*CEF) SetDPt added in v0.3.0 

func (cef *CEF) SetDPt(v int) *CEF

SetDPt sets "dpt" field.

func (*CEF) SetDTZ added in v0.3.0 

func (cef *CEF) SetDTZ(v string) *CEF

SetDTZ sets "dtz" field.

func (*CEF) SetDUID added in v0.3.0 

func (cef *CEF) SetDUID(v string) *CEF

SetDUID sets "duid" field.

func (*CEF) SetDUser added in v0.3.0 

func (cef *CEF) SetDUser(v string) *CEF

SetDUser sets "duser" field.

func (*CEF) SetDZoneKey 

func (cef *CEF) SetDZoneKey(v int64) *CEF

SetDZoneKey sets "dZoneKey" field.

func (*CEF) SetDestinatioTranslatedZoneExternalID 

func (cef *CEF) SetDestinatioTranslatedZoneExternalID(v string) *CEF

SetDestinatioTranslatedZoneExternalID sets "destinatioTranslatedZoneExternalID" field.

func (*CEF) SetDestinationDNSDomain 

func (cef *CEF) SetDestinationDNSDomain(v string) *CEF

SetDestinationDNSDomain sets "destinationDNSDomain" field.

func (*CEF) SetDestinationServiceName 

func (cef *CEF) SetDestinationServiceName(v string) *CEF

SetDestinationServiceName sets "destinationServiceName" field.

func (*CEF) SetDestinationTranslatedAddress 

func (cef *CEF) SetDestinationTranslatedAddress(v net.IP) *CEF

SetDestinationTranslatedAddress sets "destinationTranslatedAddress" field.

func (*CEF) SetDestinationTranslatedPort 

func (cef *CEF) SetDestinationTranslatedPort(v int) *CEF

SetDestinationTranslatedPort sets "destinationTranslatedPort" field.

func (*CEF) SetDestinationTranslatedZoneKey 

func (cef *CEF) SetDestinationTranslatedZoneKey(v int64) *CEF

SetDestinationTranslatedZoneKey sets "destinationTranslatedZoneKey" field.

func (*CEF) SetDestinationTranslatedZoneURI 

func (cef *CEF) SetDestinationTranslatedZoneURI(v string) *CEF

SetDestinationTranslatedZoneURI sets "destinationTranslatedZoneURI" field.

func (*CEF) SetDestinationZoneExternalID 

func (cef *CEF) SetDestinationZoneExternalID(v string) *CEF

SetDestinationZoneExternalID sets "destinationZoneExternalID" field.

func (*CEF) SetDestinationZoneURI 

func (cef *CEF) SetDestinationZoneURI(v string) *CEF

SetDestinationZoneURI sets "destinationZoneURI" field.

func (*CEF) SetDeviceCustomDate1 

func (cef *CEF) SetDeviceCustomDate1(v string) *CEF

SetDeviceCustomDate1 sets "deviceCustomDate1" field.

func (*CEF) SetDeviceCustomDate1Label 

func (cef *CEF) SetDeviceCustomDate1Label(v string) *CEF

SetDeviceCustomDate1Label sets "deviceCustomDate1Label" field.

func (*CEF) SetDeviceCustomDate2 

func (cef *CEF) SetDeviceCustomDate2(v string) *CEF

SetDeviceCustomDate2 sets "deviceCustomDate2" field.

func (*CEF) SetDeviceCustomDate2Label 

func (cef *CEF) SetDeviceCustomDate2Label(v string) *CEF

SetDeviceCustomDate2Label sets "deviceCustomDate2Label" field.

func (*CEF) SetDeviceDNSDomain 

func (cef *CEF) SetDeviceDNSDomain(v string) *CEF

SetDeviceDNSDomain sets "deviceDNSDomain" field.

func (*CEF) SetDeviceDirection 

func (cef *CEF) SetDeviceDirection(v int) *CEF

SetDeviceDirection sets "deviceDirection" field.

func (*CEF) SetDeviceEventClassID 

func (cef *CEF) SetDeviceEventClassID(v string) *CEF

SetDeviceEventClassID sets "deviceEventClassID" field.

func (*CEF) SetDeviceExternalID 

func (cef *CEF) SetDeviceExternalID(v string) *CEF

SetDeviceExternalID sets "deviceExternalID" field.

func (*CEF) SetDeviceFacility 

func (cef *CEF) SetDeviceFacility(v string) *CEF

SetDeviceFacility sets "deviceFacility" field.

func (*CEF) SetDeviceInboundInterface 

func (cef *CEF) SetDeviceInboundInterface(v string) *CEF

SetDeviceInboundInterface sets "deviceInboundInterface" field.

func (*CEF) SetDeviceNtDomain 

func (cef *CEF) SetDeviceNtDomain(v string) *CEF

SetDeviceNtDomain sets "deviceNtDomain" field.

func (*CEF) SetDeviceOutboundInterface 

func (cef *CEF) SetDeviceOutboundInterface(v string) *CEF

SetDeviceOutboundInterface sets "deviceOutboundInterface" field.

func (*CEF) SetDevicePayloadID 

func (cef *CEF) SetDevicePayloadID(v string) *CEF

SetDevicePayloadID sets "devicePayloadID" field.

func (*CEF) SetDeviceProcessName 

func (cef *CEF) SetDeviceProcessName(v string) *CEF

SetDeviceProcessName sets "deviceProcessName" field.

func (*CEF) SetDeviceProduct 

func (cef *CEF) SetDeviceProduct(v string) *CEF

SetDeviceProduct sets "deviceProduct" field.

func (*CEF) SetDeviceTranslatedAddress 

func (cef *CEF) SetDeviceTranslatedAddress(v net.IP) *CEF

SetDeviceTranslatedAddress sets "deviceTranslatedAddress" field.

func (*CEF) SetDeviceTranslatedZoneExternalID 

func (cef *CEF) SetDeviceTranslatedZoneExternalID(v string) *CEF

SetDeviceTranslatedZoneExternalID sets "deviceTranslatedZoneExternalID" field.

func (*CEF) SetDeviceTranslatedZoneKey 

func (cef *CEF) SetDeviceTranslatedZoneKey(v int64) *CEF

SetDeviceTranslatedZoneKey sets "deviceTranslatedZoneKey" field.

func (*CEF) SetDeviceTranslatedZoneURI 

func (cef *CEF) SetDeviceTranslatedZoneURI(v string) *CEF

SetDeviceTranslatedZoneURI sets "deviceTranslatedZoneURI" field.

func (*CEF) SetDeviceVendor 

func (cef *CEF) SetDeviceVendor(v string) *CEF

SetDeviceVendor sets "deviceVendor" field.

func (*CEF) SetDeviceVersion 

func (cef *CEF) SetDeviceVersion(v string) *CEF

SetDeviceVersion sets "deviceVersion" field.

func (*CEF) SetDeviceZoneExternalID 

func (cef *CEF) SetDeviceZoneExternalID(v string) *CEF

SetDeviceZoneExternalID sets "deviceZoneExternalID" field.

func (*CEF) SetDeviceZoneKey 

func (cef *CEF) SetDeviceZoneKey(v int64) *CEF

SetDeviceZoneKey sets "deviceZoneKey" field.

func (*CEF) SetDeviceZoneURI 

func (cef *CEF) SetDeviceZoneURI(v string) *CEF

SetDeviceZoneURI sets "deviceZoneURI" field.

func (*CEF) SetDntdom 

func (cef *CEF) SetDntdom(v string) *CEF

SetDntdom sets "dntdom" field.

func (*CEF) SetDst 

func (cef *CEF) SetDst(v net.IP) *CEF

SetDst sets "dst" field.

func (*CEF) SetDvc 

func (cef *CEF) SetDvc(v net.IP) *CEF

SetDvc sets "dvc" field.

func (*CEF) SetDvcHost added in v0.3.0 

func (cef *CEF) SetDvcHost(v string) *CEF

SetDvcHost sets "dvchost" field.

func (*CEF) SetDvcMAC added in v0.3.0 

func (cef *CEF) SetDvcMAC(v net.HardwareAddr) *CEF

SetDvcMAC sets "dvcmac" field.

func (*CEF) SetDvcPID added in v0.3.0 

func (cef *CEF) SetDvcPID(v int) *CEF

SetDvcPID sets "dvcpid" field.

func (*CEF) SetEnd 

func (cef *CEF) SetEnd(v string) *CEF

SetEnd sets "end" field.

func (*CEF) SetEventID 

func (cef *CEF) SetEventID(v int64) *CEF

SetEventID sets "eventID" field.

func (*CEF) SetExternalID 

func (cef *CEF) SetExternalID(v string) *CEF

SetExternalID sets "externalID" field.

func (*CEF) SetFName added in v0.3.0 

func (cef *CEF) SetFName(v string) *CEF

SetFName sets "fname" field.

func (*CEF) SetFSize added in v0.3.0 

func (cef *CEF) SetFSize(v int64) *CEF

SetFSize sets "fsize" field.

func (*CEF) SetFileCreateTime 

func (cef *CEF) SetFileCreateTime(v string) *CEF

SetFileCreateTime sets "fileCreateTime" field.

func (*CEF) SetFileHash 

func (cef *CEF) SetFileHash(v string) *CEF

SetFileHash sets "fileHash" field.

func (*CEF) SetFileID 

func (cef *CEF) SetFileID(v string) *CEF

SetFileID sets "fileID" field.

func (*CEF) SetFileModificationTime 

func (cef *CEF) SetFileModificationTime(v string) *CEF

SetFileModificationTime sets "fileModificationTime" field.

func (*CEF) SetFilePath 

func (cef *CEF) SetFilePath(v string) *CEF

SetFilePath sets "filePath" field.

func (*CEF) SetFilePermission 

func (cef *CEF) SetFilePermission(v string) *CEF

SetFilePermission sets "filePermission" field.

func (*CEF) SetFileType 

func (cef *CEF) SetFileType(v string) *CEF

SetFileType sets "fileType" field.

func (*CEF) SetFlexDate1 

func (cef *CEF) SetFlexDate1(v string) *CEF

SetFlexDate1 sets "flexDate1" field.

func (*CEF) SetFlexDate1Label 

func (cef *CEF) SetFlexDate1Label(v string) *CEF

SetFlexDate1Label sets "flexDate1Label" field.

func (*CEF) SetFlexString1 

func (cef *CEF) SetFlexString1(v string) *CEF

SetFlexString1 sets "flexString1" field.

func (*CEF) SetFlexString1Label 

func (cef *CEF) SetFlexString1Label(v string) *CEF

SetFlexString1Label sets "flexString1Label" field.

func (*CEF) SetFlexString2 

func (cef *CEF) SetFlexString2(v string) *CEF

SetFlexString2 sets "flexString2" field.

func (*CEF) SetFlexString2Label 

func (cef *CEF) SetFlexString2Label(v string) *CEF

SetFlexString2Label sets "flexString2Label" field.

func (*CEF) SetIn 

func (cef *CEF) SetIn(v int64) *CEF

SetIn sets "in" field.

func (*CEF) SetMsg 

func (cef *CEF) SetMsg(v string) *CEF

SetMsg sets "msg" field.

func (*CEF) SetName 

func (cef *CEF) SetName(v string) *CEF

SetName sets "name" field.

func (*CEF) SetOldFileCreateTime 

func (cef *CEF) SetOldFileCreateTime(v string) *CEF

SetOldFileCreateTime sets "oldFileCreateTime" field.

func (*CEF) SetOldFileHash 

func (cef *CEF) SetOldFileHash(v string) *CEF

SetOldFileHash sets "oldFileHash" field.

func (*CEF) SetOldFileID 

func (cef *CEF) SetOldFileID(v string) *CEF

SetOldFileID sets "oldFileID" field.

func (*CEF) SetOldFileModificationTime 

func (cef *CEF) SetOldFileModificationTime(v string) *CEF

SetOldFileModificationTime sets "oldFileModificationTime" field.

func (*CEF) SetOldFileName 

func (cef *CEF) SetOldFileName(v string) *CEF

SetOldFileName sets "oldFileName" field.

func (*CEF) SetOldFilePath 

func (cef *CEF) SetOldFilePath(v string) *CEF

SetOldFilePath sets "oldFilePath" field.

func (*CEF) SetOldFilePermission 

func (cef *CEF) SetOldFilePermission(v string) *CEF

SetOldFilePermission sets "oldFilePermission" field.

func (*CEF) SetOldFileSize 

func (cef *CEF) SetOldFileSize(v int64) *CEF

SetOldFileSize sets "oldFileSize" field.

func (*CEF) SetOldFileType 

func (cef *CEF) SetOldFileType(v string) *CEF

SetOldFileType sets "oldFileType" field.

func (*CEF) SetOut 

func (cef *CEF) SetOut(v int) *CEF

SetOut sets "out" field.

func (*CEF) SetOutcome 

func (cef *CEF) SetOutcome(v string) *CEF

SetOutcome sets "outcome" field.

func (*CEF) SetProto 

func (cef *CEF) SetProto(v string) *CEF

SetProto sets "proto" field.

func (*CEF) SetRawEvent 

func (cef *CEF) SetRawEvent(v string) *CEF

SetRawEvent sets "rawEvent" field.

func (*CEF) SetReason 

func (cef *CEF) SetReason(v string) *CEF

SetReason sets "reason" field.

func (*CEF) SetRequest 

func (cef *CEF) SetRequest(v string) *CEF

SetRequest sets "request" field.

func (*CEF) SetRequestClientApplication 

func (cef *CEF) SetRequestClientApplication(v string) *CEF

SetRequestClientApplication sets "requestClientApplication" field.

func (*CEF) SetRequestContext 

func (cef *CEF) SetRequestContext(v string) *CEF

SetRequestContext sets "requestContext" field.

func (*CEF) SetRequestCookies 

func (cef *CEF) SetRequestCookies(v string) *CEF

SetRequestCookies sets "requestCookies" field.

func (*CEF) SetRequestMethod 

func (cef *CEF) SetRequestMethod(v string) *CEF

SetRequestMethod sets "requestMethod" field.

func (*CEF) SetRt 

func (cef *CEF) SetRt(v string) *CEF

SetRt sets "rt" field.

func (*CEF) SetSHost added in v0.3.0 

func (cef *CEF) SetSHost(v string) *CEF

SetSHost sets "shost" field.

func (*CEF) SetSLat added in v0.3.0 

func (cef *CEF) SetSLat(v float64) *CEF

SetSLat sets "slat" field.

func (*CEF) SetSLong added in v0.3.0 

func (cef *CEF) SetSLong(v float64) *CEF

SetSLong sets "slong" field.

func (*CEF) SetSMAC added in v0.3.0 

func (cef *CEF) SetSMAC(v net.HardwareAddr) *CEF

SetSMAC sets "smac" field.

func (*CEF) SetSNtDom added in v0.3.0 

func (cef *CEF) SetSNtDom(v string) *CEF

SetSNtDom sets "sntdom" field.

func (*CEF) SetSPID added in v0.3.0 

func (cef *CEF) SetSPID(v int) *CEF

SetSPID sets "spid" field.

func (*CEF) SetSPriv added in v0.3.0 

func (cef *CEF) SetSPriv(v string) *CEF

SetSPriv sets "spriv" field.

func (*CEF) SetSProc added in v0.3.0 

func (cef *CEF) SetSProc(v string) *CEF

SetSProc sets "sproc" field.

func (*CEF) SetSPt added in v0.3.0 

func (cef *CEF) SetSPt(v int) *CEF

SetSPt sets "spt" field.

func (*CEF) SetSTranslatedZoneKey 

func (cef *CEF) SetSTranslatedZoneKey(v int64) *CEF

SetSTranslatedZoneKey sets "sTranslatedZoneKey" field.

func (*CEF) SetSUID added in v0.3.0 

func (cef *CEF) SetSUID(v string) *CEF

SetSUID sets "suid" field.

func (*CEF) SetSUser added in v0.3.0 

func (cef *CEF) SetSUser(v string) *CEF

SetSUser sets "suser" field.

func (*CEF) SetSZoneKey 

func (cef *CEF) SetSZoneKey(v int64) *CEF

SetSZoneKey sets "sZoneKey" field.

func (*CEF) SetSourceDNSDomain 

func (cef *CEF) SetSourceDNSDomain(v string) *CEF

SetSourceDNSDomain sets "sourceDNSDomain" field.

func (*CEF) SetSourceServiceName 

func (cef *CEF) SetSourceServiceName(v string) *CEF

SetSourceServiceName sets "sourceServiceName" field.

func (*CEF) SetSourceTranslatedAddress 

func (cef *CEF) SetSourceTranslatedAddress(v net.IP) *CEF

SetSourceTranslatedAddress sets "sourceTranslatedAddress" field.

func (*CEF) SetSourceTranslatedPort 

func (cef *CEF) SetSourceTranslatedPort(v int) *CEF

SetSourceTranslatedPort sets "sourceTranslatedPort" field.

func (*CEF) SetSourceTranslatedZoneExternalID 

func (cef *CEF) SetSourceTranslatedZoneExternalID(v string) *CEF

SetSourceTranslatedZoneExternalID sets "sourceTranslatedZoneExternalID" field.

func (*CEF) SetSourceTranslatedZoneURI 

func (cef *CEF) SetSourceTranslatedZoneURI(v string) *CEF

SetSourceTranslatedZoneURI sets "sourceTranslatedZoneURI" field.

func (*CEF) SetSourceZoneExternalID 

func (cef *CEF) SetSourceZoneExternalID(v string) *CEF

SetSourceZoneExternalID sets "sourceZoneExternalID" field.

func (*CEF) SetSourceZoneURI 

func (cef *CEF) SetSourceZoneURI(v string) *CEF

SetSourceZoneURI sets "sourceZoneURI" field.

func (*CEF) SetSrc 

func (cef *CEF) SetSrc(v net.IP) *CEF

SetSrc sets "src" field.

func (*CEF) SetStart 

func (cef *CEF) SetStart(v string) *CEF

SetStart sets "start" field.

func (*CEF) SetType 

func (cef *CEF) SetType(v int) *CEF

SetType sets "typ" field.

func (*CEF) SourceDNSDomain 

func (cef *CEF) SourceDNSDomain() string

The DNS domain part of the complete fully qualified domain name (FQDN).

func (*CEF) SourceServiceName 

func (cef *CEF) SourceServiceName() string

The service that is responsible for generating this event.

func (*CEF) SourceTranslatedAddress 

func (cef *CEF) SourceTranslatedAddress() net.IP

Identifies the translated source that the event refers to in an IP network. The format is an IPv4 address. Example: “192.168.10.1”.

func (*CEF) SourceTranslatedPort 

func (cef *CEF) SourceTranslatedPort() int

A port number after being translated by, for example, a firewall. Valid port numbers are 0 to 65535.

func (*CEF) SourceTranslatedZoneExternalID 

func (cef *CEF) SourceTranslatedZoneExternalID() string

func (*CEF) SourceTranslatedZoneURI 

func (cef *CEF) SourceTranslatedZoneURI() string

The URI for the Translated Zone that the destination asset has been assigned to in ArcSight.

func (*CEF) SourceZoneExternalID 

func (cef *CEF) SourceZoneExternalID() string

func (*CEF) SourceZoneURI 

func (cef *CEF) SourceZoneURI() string

The URI for the Zone that the source asset has been assigned to in ArcSight.

func (*CEF) Src 

func (cef *CEF) Src() net.IP

Identifies the source that an event refers to in an IP network. The format is an IPv4 address. Example: “192.168.10.1”.

func (*CEF) Start 

func (cef *CEF) Start() string

The time when the activity the event referred to started. The format is MMM dd yyyy HH:mm:ss or milliseconds since epoch (Jan 1st 1970)

func (*CEF) Type 

func (cef *CEF) Type() int

0 means base event, 1 means aggregated, 2 means correlation, and 3 means action. This field can be omitted for base events (type 0)

func (*CEF) UnmarshalText 

func (cef *CEF) UnmarshalText(text []byte) (err error)
Example 
package main

import (
	"fmt"

	"go.m8.ru/cef"
)

func main() {
	log := new(cef.CEF)

	text := "CEF:0|Security|threatmanager|1.0|100|worm successfully stopped|10|dst=2.1.2.2 spt=1232 src=10.0.0.1"

	err := log.UnmarshalText([]byte(text))

	fmt.Println(log.CEFVersion())
	fmt.Println(log.DeviceVendor())
	fmt.Println(log.DeviceProduct())
	fmt.Println(log.DeviceVersion())
	fmt.Println(log.DeviceEventClassID())
	fmt.Println(log.Name())
	fmt.Println(log.AgentSeverity())
	fmt.Printf("dst=%v spt=%v src=%v\n", log.Dst(), log.SPt(), log.Src())
	fmt.Println(err)
}

Output:

0
Security
threatmanager
1.0
100
worm successfully stopped
Very-High
dst=2.1.2.2 spt=1232 src=10.0.0.1
<nil>

Source Files

View all Source files

Directories

Path Synopsis
internal
gen
gen/naming

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.