cef

package module
v0.2.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 24, 2024 License: Apache-2.0 Imports: 6 Imported by: 0

README

CEF

CEF builder generated from CEF implementation standard.

Usage

go get go.m8.ru/cef

package main

import (
	"fmt"
	"net"

	"go.m8.ru/cef"
)

func main() {
	l1 := new(cef.CEF)
	l1.SetCEFVersion(0)
	l1.SetDeviceVendor("Security")
	l1.SetDeviceProduct("threatmanager")
	l1.SetDeviceVersion("1.0")
	l1.SetDeviceEventClassID("100")
	l1.SetName("worm successfully stopped")
	l1.SetAgentSeverity(cef.AgentSeverityVeryHigh10)
	l1.SetSrc(net.ParseIP("10.0.0.1"))
	l1.SetDst(net.ParseIP("2.1.2.2"))
	l1.SetSpt(1232)

	text, err1 := l1.MarshalText()

	fmt.Printf("%s\n", text)
	fmt.Println(err1)

	l2 := new(cef.CEF)
	err2 := l2.UnmarshalText(text)

	fmt.Println(l2.CEFVersion())
	fmt.Println(l2.DeviceVendor())
	fmt.Println(l2.DeviceProduct())
	fmt.Println(l2.DeviceVersion())
	fmt.Println(l2.DeviceEventClassID())
	fmt.Println(l2.Name())
	fmt.Println(l2.AgentSeverity())
	fmt.Printf("dst=%v spt=%v src=%v\n", l2.Dst(), l2.Spt(), l2.Src())
	fmt.Println(err2)
}

See example for more info.

Reference

Documentation

Index

Examples

Constants

This section is empty.

Variables

View Source 
var (
	ErrBadCEFVersion    = errors.New("cef: bad CEF version")
	ErrBadAgentSeverity = errors.New("cef: bad agent severity")
	ErrBadExtension     = errors.New("cef: bad extension")
)
View Source 
var ErrHeaderFieldsNum = errors.New("cef: number of header fields less than 7")

Functions

This section is empty.

Types

type AgentSeverity 

type AgentSeverity int

AgentSeverity is a string or integer and it reflects the importance of the event. 

The valid string values are: Unknown, Low, Medium, High, and Very-High.
The valid integer values are: 0-3=Low, 4-6=Medium, 7- 8=High, and 9- 10=Very-High

const (
	AgentSeverityLow0 AgentSeverity = iota
	AgentSeverityLow1
	AgentSeverityLow2
	AgentSeverityLow3
	AgentSeverityMedium4
	AgentSeverityMedium5
	AgentSeverityMedium6
	AgentSeverityHigh7
	AgentSeverityHigh8
	AgentSeverityVeryHigh9
	AgentSeverityVeryHigh10
)

func (AgentSeverity) String 

func (s AgentSeverity) String() string

type CEF 

type CEF struct {
	// contains filtered or unexported fields
}

func (*CEF) Act 

func (cef *CEF) Act() string

Action taken by the device.

func (*CEF) AgentDNSDomain 

func (cef *CEF) AgentDNSDomain() string

The DNS domain name of the ArcSight connector that processed the event.

func (*CEF) AgentNtDomain 

func (cef *CEF) AgentNtDomain() string

func (*CEF) AgentSeverity 

func (cef *CEF) AgentSeverity() AgentSeverity

agentSeverity is a string or integer and it reflects the importance of the event. l The valid string values are: Unknown, Low, Medium, High, and Very-High. l The valid integer values are: 0-3=Low, 4-6=Medium, 7- 8=High, and 9- 10=Very-High

func (*CEF) AgentTranslatedAddress 

func (cef *CEF) AgentTranslatedAddress() net.IP

func (*CEF) AgentTranslatedZoneExternalID 

func (cef *CEF) AgentTranslatedZoneExternalID() string

func (*CEF) AgentTranslatedZoneKey 

func (cef *CEF) AgentTranslatedZoneKey() int64

ID of an agentTranslatedZone resource reference.

func (*CEF) AgentTranslatedZoneURI 

func (cef *CEF) AgentTranslatedZoneURI() string

func (*CEF) AgentZoneExternalID 

func (cef *CEF) AgentZoneExternalID() string

func (*CEF) AgentZoneKey 

func (cef *CEF) AgentZoneKey() int64

ID of an agentZone resource reference.

func (*CEF) AgentZoneURI 

func (cef *CEF) AgentZoneURI() string

func (*CEF) Agt 

func (cef *CEF) Agt() net.IP

The IP address of the ArcSight connector that processed the event.

func (*CEF) Ahost 

func (cef *CEF) Ahost() string

The hostname of the ArcSight connector that processed the event.

func (*CEF) Aid 

func (cef *CEF) Aid() string

The agent ID of the ArcSight connector that processed the event.

func (*CEF) Amac 

func (cef *CEF) Amac() net.HardwareAddr

The MAC address of the ArcSight connector that processed the event.

func (*CEF) App 

func (cef *CEF) App() string

Application level protocol, example: HTTP, HTTPS, SSHv2, Telnet, POP, IMPA, IMAPS, and so on.

func (*CEF) Art 

func (cef *CEF) Art() string

The time at which information about the event was received by the ArcSight connector.

func (*CEF) At 

func (cef *CEF) At() string

The agent type of the ArcSight connector that processed the event

func (*CEF) Atz 

func (cef *CEF) Atz() string

The agent time zone of the ArcSight connector that processed the event.

func (*CEF) Av 

func (cef *CEF) Av() string

The version of the ArcSight connector that processed the event.

func (*CEF) C6a1 

func (cef *CEF) C6a1() net.IP

One of the four IPv6 address fields available to map fields that do not apply to any other in this dictionary. TIP: For tips on using these fields, see the guidelines defined under User-Defined Extensions.

func (*CEF) C6a1Label 

func (cef *CEF) C6a1Label() string

All custom fields have a corresponding label field. Each of these fields is a string and describes the purpose of the custom field.

func (*CEF) C6a3 

func (cef *CEF) C6a3() net.IP

One of the four IPv6 address fields available to map fields that do not apply to any other in this dictionary. TIP: For tips on using these fields, see the guidelines defined under User-Defined Extensions.

func (*CEF) C6a3Label 

func (cef *CEF) C6a3Label() string

All custom fields have a corresponding label field. Each of these fields is a string and describes the purpose of the custom field.

func (*CEF) C6a4 

func (cef *CEF) C6a4() net.IP

One of the four IPv6 address fields available to map fields that do not apply to any other in this dictionary. TIP: For tips on using these fields, see the guidelines defined under User-Defined Extensions.

func (*CEF) C6a4Label 

func (cef *CEF) C6a4Label() string

All custom fields have a corresponding label field. Each of these fields is a string and describes the purpose of the custom field.

func (*CEF) CEFVersion 

func (cef *CEF) CEFVersion() int

CEF Version is an integer and identifies the version of the CEF format. Event consumers use this information to determine what the following fields represent. The current CEF format versions are: l 0 (CEF:0) - for CEF Specification version 0.1 l 1 (CEF:1)- for CEF Specification version 1.x For example, for CEF Specification version 1.2, the value of the CEF Version header field will be "1".

func (*CEF) Cat 

func (cef *CEF) Cat() string

Represents the category assigned by the originating device. Devices often use their own categorization schema to classify event. Example: “/Monitor/Disk/Read”

func (*CEF) Cfp1 

func (cef *CEF) Cfp1() float32

One of our floating point fields available to map fields that do not apply to any other in this dictionary.

func (*CEF) Cfp1Label 

func (cef *CEF) Cfp1Label() string

All custom fields have a corresponding label field. Each of these fields is a string and describes the purpose of the custom field.

func (*CEF) Cfp2 

func (cef *CEF) Cfp2() float32

One of the four floating point fields available to map fields that do not apply to any other in this dictionary.

func (*CEF) Cfp2Label 

func (cef *CEF) Cfp2Label() string

All custom fields have a corresponding label field. Each of these fields is a string and describes the purpose of the custom field.

func (*CEF) Cfp3 

func (cef *CEF) Cfp3() float32

One of the four floating point fields available to map fields that do not apply to any other in this dictionary.

func (*CEF) Cfp3Label 

func (cef *CEF) Cfp3Label() string

All custom fields have a corresponding label field. Each of these fields is a string and describes the purpose of the custom field.

func (*CEF) Cfp4 

func (cef *CEF) Cfp4() float32

One of the four floating point fields available to map fields that do not apply to any other in this dictionary.

func (*CEF) Cfp4Label 

func (cef *CEF) Cfp4Label() string

All custom fields have a corresponding label field. Each of these fields is a string and describes the purpose of the custom field.

func (*CEF) Cn1 

func (cef *CEF) Cn1() int64

One of the three number fields available to map fields that do not apply to any other in this dictionary. Use sparingly and seek a more specific, dictionary supplied field when possible.

func (*CEF) Cn1Label 

func (cef *CEF) Cn1Label() string

All custom fields have a corresponding label field. Each of these fields is a string and describes the purpose of the custom field.

func (*CEF) Cn2 

func (cef *CEF) Cn2() int64

One of the three number fields available to map fields that do not apply to any other in this dictionary. Use sparingly and seek a more specific, dictionary supplied field when possible.

func (*CEF) Cn2Label 

func (cef *CEF) Cn2Label() string

All custom fields have a corresponding label field. Each of these fields is a string and describes the purpose of the custom field. Implementing ArcSight Common Event Format (CEF) - Version 26 ArcS

func (*CEF) Cn3 

func (cef *CEF) Cn3() int64

One of the three number fields available to map fields that do not apply to any other in this dictionary. Use sparingly and seek a more specific, dictionary supplied field when possible.

func (*CEF) Cn3Label 

func (cef *CEF) Cn3Label() string

All custom fields have a corresponding label field. Each of these fields is a string and describes the purpose of the custom field.

func (*CEF) Cnt 

func (cef *CEF) Cnt() int

A count associated with this event. How many times was this same event observed? Count can be omitted if it is 1.

func (*CEF) Cs1 

func (cef *CEF) Cs1() string

One of the six strings available to map fields that do not apply to any other in this dictionary. Use sparingly and seek a more specific, dictionary supplied field when possible. TIP : For tips on using these fields, see the guidelines defined under User- Defined Extensions

func (*CEF) Cs1Label 

func (cef *CEF) Cs1Label() string

All custom fields have a corresponding label field. Each of these fields is a string and describes the purpose of the custom field.

func (*CEF) Cs2 

func (cef *CEF) Cs2() string

One of the six strings available to map fields that do not apply to any other in this dictionary. Use sparingly and seek a more specific, dictionary supplied field when possible. TIP: For tips on using these fields, see the guidelines defined under User-Defined Extensions.

func (*CEF) Cs2Label 

func (cef *CEF) Cs2Label() string

All custom fields have a corresponding label field. Each of these fields is a string and describes the purpose of the custom field

func (*CEF) Cs3 

func (cef *CEF) Cs3() string

One of the six strings available to map fields that do not apply to any other in this dictionary. Use sparingly and seek a more specific, dictionary supplied field when possible. TIP: For tips on using these fields, see the guidelines defined under User-Defined Extensions.

func (*CEF) Cs3Label 

func (cef *CEF) Cs3Label() string

All custom fields have a corresponding label field. Each of these fields is a string and describes the purpose of the custom field.

func (*CEF) Cs4 

func (cef *CEF) Cs4() string

One of the six strings available to map fields that do not apply to any other in this dictionary. Use sparingly and seek a more specific, dictionary supplied field when possible. TIP : For tips on using these fields, see the guidelines defined under User- Defined Extensions

func (*CEF) Cs4Label 

func (cef *CEF) Cs4Label() string

All custom fields have a corresponding label field. Each of these fields is a string and describes the purpose of the custom field.

func (*CEF) Cs5 

func (cef *CEF) Cs5() string

One of six strings available to map fields that do not apply to any other in this dictionary. Use sparingly and seek a more specific, dictionary supplied field when possible. TIP : For tips on using these fields, see the guidelines defined under User- Defined Extensions.

func (*CEF) Cs5Label 

func (cef *CEF) Cs5Label() string

All custom fields have a corresponding label field. Each of these fields is a string and describes the purpose of the custom field

func (*CEF) Cs6 

func (cef *CEF) Cs6() string

One of six strings available to map fields that do not apply to any other in this dictionary. Use sparingly and seek a more specific, dictionary supplied field when possible. TIP : For tips on using these fields, see the guidelines defined under User- Defined Extensions.

func (*CEF) Cs6Label 

func (cef *CEF) Cs6Label() string

All custom fields have a corresponding label field. Each of these fields is a string and describes the purpose of the custom field.

func (*CEF) CustomerExternalID 

func (cef *CEF) CustomerExternalID() string

func (*CEF) CustomerKey 

func (cef *CEF) CustomerKey() int64

ID of a customer resource reference.

func (*CEF) CustomerURI 

func (cef *CEF) CustomerURI() string

func (*CEF) DZoneKey 

func (cef *CEF) DZoneKey() int64

ID of a destinationZone resource reference.

func (*CEF) DestinatioTranslatedZoneExternalID 

func (cef *CEF) DestinatioTranslatedZoneExternalID() string

func (*CEF) DestinationDNSDomain 

func (cef *CEF) DestinationDNSDomain() string

The DNS domain part of the complete fully qualified domain name (FQDN).

func (*CEF) DestinationServiceName 

func (cef *CEF) DestinationServiceName() string

The service targeted by this event. Example: “sshd”

func (*CEF) DestinationTranslatedAddress 

func (cef *CEF) DestinationTranslatedAddress() net.IP

Identifies the translated destination that the event refers to in an IP network. The format is an IPv4 address. Example: “192.168.10.1”

func (*CEF) DestinationTranslatedPort 

func (cef *CEF) DestinationTranslatedPort() int

Port after it was translated; for example, a firewall. Valid port numbers are 0 to 65535

func (*CEF) DestinationTranslatedZoneKey 

func (cef *CEF) DestinationTranslatedZoneKey() int64

ID of a destinationTranslate dZone resource reference.

func (*CEF) DestinationTranslatedZoneURI 

func (cef *CEF) DestinationTranslatedZoneURI() string

The URI for the Translated Zone that the destination asset has been assigned to in ArcSight.

func (*CEF) DestinationZoneExternalID 

func (cef *CEF) DestinationZoneExternalID() string

func (*CEF) DestinationZoneURI 

func (cef *CEF) DestinationZoneURI() string

The URI for the Zone that the destination asset has been assigned to in ArcSight.

func (*CEF) DeviceCustomDate1 

func (cef *CEF) DeviceCustomDate1() string

One of two timestamp fields available to map fields that do not apply to any other in this dictionary. Use sparingly and seek a more specific, dictionary supplied field when possible. TIP : For tips on using these fields, see the guidelines defined under User- Defined Extensions.

func (*CEF) DeviceCustomDate1Label 

func (cef *CEF) DeviceCustomDate1Label() string

All custom fields have a corresponding label field. Each of these fields is a string and describes the purpose of the custom field.

func (*CEF) DeviceCustomDate2 

func (cef *CEF) DeviceCustomDate2() string

One of the two timestamp fields available to map fields that do not apply to any other in this dictionary. Use sparingly and seek a more specific, dictionary supplied field when possible. TIP: For tips on using these fields, see the guidelines defined under User-Defined Extensions

func (*CEF) DeviceCustomDate2Label 

func (cef *CEF) DeviceCustomDate2Label() string

All custom fields have a corresponding label field. Each of these fields is a string and describes the purpose of the custom field.

func (*CEF) DeviceDNSDomain 

func (cef *CEF) DeviceDNSDomain() string

The DNS domain part of the complete fully qualified domain name (FQDN).

func (*CEF) DeviceDirection 

func (cef *CEF) DeviceDirection() int

Any information about what direction the observed communication has taken. The following values are supported: “0” for inbound or “1” for outbound

func (*CEF) DeviceEventClassID 

func (cef *CEF) DeviceEventClassID() string

deviceEventClassId is a unique identifier for each event-type. This can be a string or an integer. deviceEventClassId identifies the type of event reported. In the intrusion detection system (IDS) world, each signature or rule that detects certain activity has a unique deviceEventClassId assigned. This is a requirement for other types of devices as well, and helps correlation engines process the events. It is also known as Signature ID. Note: The ‘=’, ‘%’ , and ‘#’characters must be escaped in the vulnerability string that are mapped to deviceEventClassId , and if they are present in the description or name of the vulnerability. However, these characters must not be escaped when used as a delimiter

func (*CEF) DeviceExternalID 

func (cef *CEF) DeviceExternalID() string

A name that uniquely identifies the device generating this event.

func (*CEF) DeviceFacility 

func (cef *CEF) DeviceFacility() string

The facility generating this event. For example, Syslog has an explicit facility associated with every event.

func (*CEF) DeviceInboundInterface 

func (cef *CEF) DeviceInboundInterface() string

Interface on which the packet or data entered the device.

func (*CEF) DeviceNtDomain 

func (cef *CEF) DeviceNtDomain() string

The Windows domain name of the device address.

func (*CEF) DeviceOutboundInterface 

func (cef *CEF) DeviceOutboundInterface() string

Interface on which the packet or data left the device

func (*CEF) DevicePayloadID 

func (cef *CEF) DevicePayloadID() string

Unique identifier for the payload associated with the event.

func (*CEF) DeviceProcessName 

func (cef *CEF) DeviceProcessName() string

Process name associated with the event. An example might be the process generating the syslog entry in UNIX.

func (*CEF) DeviceProduct 

func (cef *CEF) DeviceProduct() string

deviceProduct, deviceVendor, and deviceVersion are strings that uniquely identify the type of device that sent the message. No two products might use the same deviceVendor and deviceProduct pair. There is no central authority managing these pairs. Event producers must ensure that they assign unique name pairs.

func (*CEF) DeviceTranslatedAddress 

func (cef *CEF) DeviceTranslatedAddress() net.IP

Identifies the translated device address that the event refers to in an IP network. The format is an IPv4 address. Example: “192.168.10.1”

func (*CEF) DeviceTranslatedZoneExternalID 

func (cef *CEF) DeviceTranslatedZoneExternalID() string

func (*CEF) DeviceTranslatedZoneKey 

func (cef *CEF) DeviceTranslatedZoneKey() int64

ID of a deviceTranslatedZone resource reference.

func (*CEF) DeviceTranslatedZoneURI 

func (cef *CEF) DeviceTranslatedZoneURI() string

The URI for the Translated Zone that the device asset has been assigned to in ArcSight.

func (*CEF) DeviceVendor 

func (cef *CEF) DeviceVendor() string

deviceProduct, deviceVendor, and deviceVersion are strings that uniquely identify the type of device that sent the message. No two products might use the same deviceVendor and deviceProduct pair. There is no central authority managing these pairs. Event producers must ensure that they assign unique name pairs.

func (*CEF) DeviceVersion 

func (cef *CEF) DeviceVersion() string

deviceProduct, deviceVendor, and deviceVersion are strings that uniquely identify the type of device that sent the message. No two products might use the same deviceVendor and deviceProduct pair. There is no central authority managing these pairs. Event producers must ensure that they assign unique name pairs.

func (*CEF) DeviceZoneExternalID 

func (cef *CEF) DeviceZoneExternalID() string

func (*CEF) DeviceZoneKey 

func (cef *CEF) DeviceZoneKey() int64

ID of a deviceZone resource reference.

func (*CEF) DeviceZoneURI 

func (cef *CEF) DeviceZoneURI() string

Thee URI for the Zone that the device asset has been assigned to in ArcSight.

func (*CEF) Dhost 

func (cef *CEF) Dhost() string

Identifies the destination that an event refers to in an IP network. The format must be a fully qualified domain name (FQDN) associated with the destination node, when a node is available. Examples: “host.domain.com” or “host”.

func (*CEF) Dlat 

func (cef *CEF) Dlat() float64

The latitudinal value from which the destination’s IP address belongs.

func (*CEF) Dlong 

func (cef *CEF) Dlong() float64

The longitudinal value from which the destination’s IP address belongs.

func (*CEF) Dntdom 

func (cef *CEF) Dntdom() string

The Windows domain name of the destination address.

func (*CEF) Dpid 

func (cef *CEF) Dpid() int

Provides the ID of the destination process associated with the event. For example, if an event contains process ID 105, “105” is the process ID

func (*CEF) Dpriv 

func (cef *CEF) Dpriv() string

The typical values are “Administrator”, “User”, and “Guest”. This identifies the destination user’s privileges. In UNIX, for example, activity executed on the root user would be identified with destinationUser Privileges of “Administrator”.

func (*CEF) Dproc 

func (cef *CEF) Dproc() string

The name of the event’s destination process. Example: “telnetd” or “sshd”.

func (*CEF) Dpt 

func (cef *CEF) Dpt() int

The valid port numbers are between 0 and 65535.

func (*CEF) Dst 

func (cef *CEF) Dst() net.IP

Identifies the destination address that the event refers to in an IP network. The format is an IPv4 address. Example: “192.168.10.1”

func (*CEF) Dtz 

func (cef *CEF) Dtz() string

The timezone for the device generating the event.

func (*CEF) Duid 

func (cef *CEF) Duid() string

Identifies the destination user by ID. For example, in UNIX, the root user is generally associated with user ID 0

func (*CEF) Duser 

func (cef *CEF) Duser() string

Identifies the destination user by name. This is the user associated with the event’s destination. Email addresses are often mapped into the UserName fields. The recipient is a candidate to put into this field.

func (*CEF) Dvc 

func (cef *CEF) Dvc() net.IP

Identifies the device address that an event refers to in an IP network. The format is an IPv4 address. Example: “192.168.10.1”.

func (*CEF) Dvchost 

func (cef *CEF) Dvchost() string

The format should be a fully qualified domain name (FQDN) associated with the device node, when a node is available. Example: “host.domain.com” or “host”.

func (*CEF) Dvcmac 

func (cef *CEF) Dvcmac() net.HardwareAddr

Six colon-separated hexadecimal numbers. Example: “00:0D:60:AF:1B:61”

func (*CEF) Dvcpid 

func (cef *CEF) Dvcpid() int

Provides the ID of the process on the device generating the event.

func (*CEF) End 

func (cef *CEF) End() string

The time at which the activity related to the event ended. The format is MMM dd yyyy HH:mm:ss or milliseconds since epoch (Jan 1st1970). An example would be reporting the end of a session.

func (*CEF) EventID 

func (cef *CEF) EventID() int64

This is a unique ID that ArcSight assigns to each event.

func (*CEF) ExternalID 

func (cef *CEF) ExternalID() string

The ID used by an originating device. They are usually increasing numbers, associated with events.

func (*CEF) FileCreateTime 

func (cef *CEF) FileCreateTime() string

Time when the file was created.

func (*CEF) FileHash 

func (cef *CEF) FileHash() string

Hash of a file.

func (*CEF) FileID 

func (cef *CEF) FileID() string

An ID associated with a file could be the inode.

func (*CEF) FileModificationTime 

func (cef *CEF) FileModificationTime() string

Time when the file was last modified.

func (*CEF) FilePath 

func (cef *CEF) FilePath() string

Full path to the file, including file name itself. Example: C:\Program Files \WindowsNT\Access ories\ wordpad.exe or /usr/bin/zip

func (*CEF) FilePermission 

func (cef *CEF) FilePermission() string

Permissions of the file.

func (*CEF) FileType 

func (cef *CEF) FileType() string

Type of file (pipe, socket, etc.)

func (*CEF) FlexDate1 

func (cef *CEF) FlexDate1() string

A timestamp field available to map a timestamp that does not apply to any other defined timestamp field in this dictionary. Use all flex fields sparingly and seek a more specific, dictionary supplied field when possible. These fields are typically reserved for customer use and should not be set by vendors unless necessary.

func (*CEF) FlexDate1Label 

func (cef *CEF) FlexDate1Label() string

The label field is a string and describes the purpose of the flex field.

func (*CEF) FlexString1 

func (cef *CEF) FlexString1() string

One of four floating point fields available to map fields that do not apply to any other in this dictionary. Use sparingly and seek a more specific, dictionary supplied field when possible. These fields are typically reserved for customer use and should not be set by vendors unless necessary.

func (*CEF) FlexString1Label 

func (cef *CEF) FlexString1Label() string

The label field is a string and describes the purpose of the flex field

func (*CEF) FlexString2 

func (cef *CEF) FlexString2() string

One of four floating point fields available to map fields that do not apply to any other in this dictionary. Use sparingly and seek a more specific, dictionary supplied field when possible. These fields are typically reserved for customer use and should not be set by vendors unless necessary.

func (*CEF) FlexString2Label 

func (cef *CEF) FlexString2Label() string

The label field is a string and describes the purpose of the flex field.

func (*CEF) Fname 

func (cef *CEF) Fname() string

Name of the file only (without its path).

func (*CEF) Fsize 

func (cef *CEF) Fsize() int64

Size of the file.

func (*CEF) In 

func (cef *CEF) In() int64

Number of bytes transferred inbound, relative to the source to destination relationship, meaning that data was flowing from source to destination.

func (*CEF) MarshalText 

func (cef *CEF) MarshalText() (text []byte, err error)
Example 
package main

import (
	"fmt"
	"net"

	"go.m8.ru/cef"
)

func main() {
	log := new(cef.CEF)
	log.SetCEFVersion(0)
	log.SetDeviceVendor("Security")
	log.SetDeviceProduct("threatmanager")
	log.SetDeviceVersion("1.0")
	log.SetDeviceEventClassID("100")
	log.SetName("worm successfully stopped")
	log.SetAgentSeverity(cef.AgentSeverityVeryHigh10)
	log.SetSrc(net.ParseIP("10.0.0.1"))
	log.SetDst(net.ParseIP("2.1.2.2"))
	log.SetSpt(1232)

	text, err := log.MarshalText()

	fmt.Printf("%s\n", text)
	fmt.Println(err)
}

Output:

CEF:0|Security|threatmanager|1.0|100|worm successfully stopped|10|dst=2.1.2.2 spt=1232 src=10.0.0.1
<nil>

func (*CEF) Msg 

func (cef *CEF) Msg() string

An arbitrary message giving more details about the event. Multi-line entries can be produced by using \n as the new line separator.

func (*CEF) Name 

func (cef *CEF) Name() string

name is a string representing a human- readable and understandable description of the event. The event name must not contain information that is specifically mentioned in other fields. For example: "Port scan from 10.0.0.1 targeting 20.1.1.1" is not a good event name. It must be: "Port scan". The other information is redundant and can be picked up from the rest of the fields

func (*CEF) OldFileCreateTime 

func (cef *CEF) OldFileCreateTime() string

Time when old file was created.

func (*CEF) OldFileHash 

func (cef *CEF) OldFileHash() string

Hash of the old file

func (*CEF) OldFileID 

func (cef *CEF) OldFileID() string

An ID associated with the old file could be the inode.

func (*CEF) OldFileModificationTime 

func (cef *CEF) OldFileModificationTime() string

Time when old file was last modified.

func (*CEF) OldFileName 

func (cef *CEF) OldFileName() string

Name of the old file.

func (*CEF) OldFilePath 

func (cef *CEF) OldFilePath() string

Full path to the old file, including the file name itself. Examples: c:\Program Files\ WindowsNT\Accesso ries \wordpad.exe or /usr/bin/zip

func (*CEF) OldFilePermission 

func (cef *CEF) OldFilePermission() string

Permissions of the old file.

func (*CEF) OldFileSize 

func (cef *CEF) OldFileSize() int64

Size of the old file.

func (*CEF) OldFileType 

func (cef *CEF) OldFileType() string

Type of the old file (pipe, socket, etc.)

func (*CEF) Out 

func (cef *CEF) Out() int

Number of bytes transferred outbound relative to the source to destination relationship. For example, the byte number of data flowing from the destination to the source.

func (*CEF) Outcome 

func (cef *CEF) Outcome() string

Displays the outcome, usually as ‘success’ or ‘failure’.

func (*CEF) Proto 

func (cef *CEF) Proto() string

Identifies the Layer-4 protocol used. The possible values are protocols such as TCP or UDP

func (*CEF) RawEvent 

func (cef *CEF) RawEvent() string

func (*CEF) Reason 

func (cef *CEF) Reason() string

The reason an audit event was generated. For example “badd password” or “unknown user”. This could also be an error or return code. Example: “0x1234”

func (*CEF) Request 

func (cef *CEF) Request() string

In the case of an HTTP request, this field contains the URL accessed. The URL should contain the protocol as well. Example: “http://www/secure. com”

func (*CEF) RequestClientApplication 

func (cef *CEF) RequestClientApplication() string

The User-Agent associated with the request.

func (*CEF) RequestContext 

func (cef *CEF) RequestContext() string

Description of the content from which the request originated (for example, HTTP Referrer)

func (*CEF) RequestCookies 

func (cef *CEF) RequestCookies() string

Cookies associated with the request.

func (*CEF) RequestMethod 

func (cef *CEF) RequestMethod() string

The method used to access a URL. Possible values: “POST”, “GET”, etc.

func (*CEF) Rt 

func (cef *CEF) Rt() string

The time at which the event related to the activity was received. The format is MMM dd yyyy HH:mm:ss or milliseconds since epoch (Jan 1st 1970)

func (*CEF) STranslatedZoneKey 

func (cef *CEF) STranslatedZoneKey() int64

ID of a sourceTranslatedZon e resource reference.

func (*CEF) SZoneKey 

func (cef *CEF) SZoneKey() int64

ID of a sourceZone resource reference

func (*CEF) SetAct 

func (cef *CEF) SetAct(v string) *CEF

SetAct sets "act" field.

func (*CEF) SetAgentDNSDomain 

func (cef *CEF) SetAgentDNSDomain(v string) *CEF

SetAgentDNSDomain sets "agentDNSDomain" field.

func (*CEF) SetAgentNtDomain 

func (cef *CEF) SetAgentNtDomain(v string) *CEF

SetAgentNtDomain sets "agentNtDomain" field.

func (*CEF) SetAgentSeverity 

func (cef *CEF) SetAgentSeverity(v AgentSeverity) *CEF

SetAgentSeverity sets "agentSeverity" field.

func (*CEF) SetAgentTranslatedAddress 

func (cef *CEF) SetAgentTranslatedAddress(v net.IP) *CEF

SetAgentTranslatedAddress sets "agentTranslatedAddress" field.

func (*CEF) SetAgentTranslatedZoneExternalID 

func (cef *CEF) SetAgentTranslatedZoneExternalID(v string) *CEF

SetAgentTranslatedZoneExternalID sets "agentTranslatedZoneExternalID" field.

func (*CEF) SetAgentTranslatedZoneKey 

func (cef *CEF) SetAgentTranslatedZoneKey(v int64) *CEF

SetAgentTranslatedZoneKey sets "agentTranslatedZoneKey" field.

func (*CEF) SetAgentTranslatedZoneURI 

func (cef *CEF) SetAgentTranslatedZoneURI(v string) *CEF

SetAgentTranslatedZoneURI sets "agentTranslatedZoneURI" field.

func (*CEF) SetAgentZoneExternalID 

func (cef *CEF) SetAgentZoneExternalID(v string) *CEF

SetAgentZoneExternalID sets "agentZoneExternalID" field.

func (*CEF) SetAgentZoneKey 

func (cef *CEF) SetAgentZoneKey(v int64) *CEF

SetAgentZoneKey sets "agentZoneKey" field.

func (*CEF) SetAgentZoneURI 

func (cef *CEF) SetAgentZoneURI(v string) *CEF

SetAgentZoneURI sets "agentZoneURI" field.

func (*CEF) SetAgt 

func (cef *CEF) SetAgt(v net.IP) *CEF

SetAgt sets "agt" field.

func (*CEF) SetAhost 

func (cef *CEF) SetAhost(v string) *CEF

SetAhost sets "ahost" field.

func (*CEF) SetAid 

func (cef *CEF) SetAid(v string) *CEF

SetAid sets "aid" field.

func (*CEF) SetAmac 

func (cef *CEF) SetAmac(v net.HardwareAddr) *CEF

SetAmac sets "amac" field.

func (*CEF) SetApp 

func (cef *CEF) SetApp(v string) *CEF

SetApp sets "app" field.

func (*CEF) SetArt 

func (cef *CEF) SetArt(v string) *CEF

SetArt sets "art" field.

func (*CEF) SetAt 

func (cef *CEF) SetAt(v string) *CEF

SetAt sets "at" field.

func (*CEF) SetAtz 

func (cef *CEF) SetAtz(v string) *CEF

SetAtz sets "atz" field.

func (*CEF) SetAv 

func (cef *CEF) SetAv(v string) *CEF

SetAv sets "av" field.

func (*CEF) SetC6a1 

func (cef *CEF) SetC6a1(v net.IP) *CEF

SetC6a1 sets "c6a1" field.

func (*CEF) SetC6a1Label 

func (cef *CEF) SetC6a1Label(v string) *CEF

SetC6a1Label sets "c6a1Label" field.

func (*CEF) SetC6a3 

func (cef *CEF) SetC6a3(v net.IP) *CEF

SetC6a3 sets "c6a3" field.

func (*CEF) SetC6a3Label 

func (cef *CEF) SetC6a3Label(v string) *CEF

SetC6a3Label sets "c6a3Label" field.

func (*CEF) SetC6a4 

func (cef *CEF) SetC6a4(v net.IP) *CEF

SetC6a4 sets "c6a4" field.

func (*CEF) SetC6a4Label 

func (cef *CEF) SetC6a4Label(v string) *CEF

SetC6a4Label sets "c6a4Label" field.

func (*CEF) SetCEFVersion 

func (cef *CEF) SetCEFVersion(v int) *CEF

SetCEFVersion sets "cefVersion" field.

func (*CEF) SetCat 

func (cef *CEF) SetCat(v string) *CEF

SetCat sets "cat" field.

func (*CEF) SetCfp1 

func (cef *CEF) SetCfp1(v float32) *CEF

SetCfp1 sets "cfp1" field.

func (*CEF) SetCfp1Label 

func (cef *CEF) SetCfp1Label(v string) *CEF

SetCfp1Label sets "cfp1Label" field.

func (*CEF) SetCfp2 

func (cef *CEF) SetCfp2(v float32) *CEF

SetCfp2 sets "cfp2" field.

func (*CEF) SetCfp2Label 

func (cef *CEF) SetCfp2Label(v string) *CEF

SetCfp2Label sets "cfp2Label" field.

func (*CEF) SetCfp3 

func (cef *CEF) SetCfp3(v float32) *CEF

SetCfp3 sets "cfp3" field.

func (*CEF) SetCfp3Label 

func (cef *CEF) SetCfp3Label(v string) *CEF

SetCfp3Label sets "cfp3Label" field.

func (*CEF) SetCfp4 

func (cef *CEF) SetCfp4(v float32) *CEF

SetCfp4 sets "cfp4" field.

func (*CEF) SetCfp4Label 

func (cef *CEF) SetCfp4Label(v string) *CEF

SetCfp4Label sets "cfp4Label" field.

func (*CEF) SetCn1 

func (cef *CEF) SetCn1(v int64) *CEF

SetCn1 sets "cn1" field.

func (*CEF) SetCn1Label 

func (cef *CEF) SetCn1Label(v string) *CEF

SetCn1Label sets "cn1Label" field.

func (*CEF) SetCn2 

func (cef *CEF) SetCn2(v int64) *CEF

SetCn2 sets "cn2" field.

func (*CEF) SetCn2Label 

func (cef *CEF) SetCn2Label(v string) *CEF

SetCn2Label sets "cn2Label" field.

func (*CEF) SetCn3 

func (cef *CEF) SetCn3(v int64) *CEF

SetCn3 sets "cn3" field.

func (*CEF) SetCn3Label 

func (cef *CEF) SetCn3Label(v string) *CEF

SetCn3Label sets "cn3Label" field.

func (*CEF) SetCnt 

func (cef *CEF) SetCnt(v int) *CEF

SetCnt sets "cnt" field.

func (*CEF) SetCs1 

func (cef *CEF) SetCs1(v string) *CEF

SetCs1 sets "cs1" field.

func (*CEF) SetCs1Label 

func (cef *CEF) SetCs1Label(v string) *CEF

SetCs1Label sets "cs1Label" field.

func (*CEF) SetCs2 

func (cef *CEF) SetCs2(v string) *CEF

SetCs2 sets "cs2" field.

func (*CEF) SetCs2Label 

func (cef *CEF) SetCs2Label(v string) *CEF

SetCs2Label sets "cs2Label" field.

func (*CEF) SetCs3 

func (cef *CEF) SetCs3(v string) *CEF

SetCs3 sets "cs3" field.

func (*CEF) SetCs3Label 

func (cef *CEF) SetCs3Label(v string) *CEF

SetCs3Label sets "cs3Label" field.

func (*CEF) SetCs4 

func (cef *CEF) SetCs4(v string) *CEF

SetCs4 sets "cs4" field.

func (*CEF) SetCs4Label 

func (cef *CEF) SetCs4Label(v string) *CEF

SetCs4Label sets "cs4Label" field.

func (*CEF) SetCs5 

func (cef *CEF) SetCs5(v string) *CEF

SetCs5 sets "cs5" field.

func (*CEF) SetCs5Label 

func (cef *CEF) SetCs5Label(v string) *CEF

SetCs5Label sets "cs5Label" field.

func (*CEF) SetCs6 

func (cef *CEF) SetCs6(v string) *CEF

SetCs6 sets "cs6" field.

func (*CEF) SetCs6Label 

func (cef *CEF) SetCs6Label(v string) *CEF

SetCs6Label sets "cs6Label" field.

func (*CEF) SetCustomerExternalID 

func (cef *CEF) SetCustomerExternalID(v string) *CEF

SetCustomerExternalID sets "customerExternalID" field.

func (*CEF) SetCustomerKey 

func (cef *CEF) SetCustomerKey(v int64) *CEF

SetCustomerKey sets "customerKey" field.

func (*CEF) SetCustomerURI 

func (cef *CEF) SetCustomerURI(v string) *CEF

SetCustomerURI sets "customerURI" field.

func (*CEF) SetDZoneKey 

func (cef *CEF) SetDZoneKey(v int64) *CEF

SetDZoneKey sets "dZoneKey" field.

func (*CEF) SetDestinatioTranslatedZoneExternalID 

func (cef *CEF) SetDestinatioTranslatedZoneExternalID(v string) *CEF

SetDestinatioTranslatedZoneExternalID sets "destinatioTranslatedZoneExternalID" field.

func (*CEF) SetDestinationDNSDomain 

func (cef *CEF) SetDestinationDNSDomain(v string) *CEF

SetDestinationDNSDomain sets "destinationDNSDomain" field.

func (*CEF) SetDestinationServiceName 

func (cef *CEF) SetDestinationServiceName(v string) *CEF

SetDestinationServiceName sets "destinationServiceName" field.

func (*CEF) SetDestinationTranslatedAddress 

func (cef *CEF) SetDestinationTranslatedAddress(v net.IP) *CEF

SetDestinationTranslatedAddress sets "destinationTranslatedAddress" field.

func (*CEF) SetDestinationTranslatedPort 

func (cef *CEF) SetDestinationTranslatedPort(v int) *CEF

SetDestinationTranslatedPort sets "destinationTranslatedPort" field.

func (*CEF) SetDestinationTranslatedZoneKey 

func (cef *CEF) SetDestinationTranslatedZoneKey(v int64) *CEF

SetDestinationTranslatedZoneKey sets "destinationTranslatedZoneKey" field.

func (*CEF) SetDestinationTranslatedZoneURI 

func (cef *CEF) SetDestinationTranslatedZoneURI(v string) *CEF

SetDestinationTranslatedZoneURI sets "destinationTranslatedZoneURI" field.

func (*CEF) SetDestinationZoneExternalID 

func (cef *CEF) SetDestinationZoneExternalID(v string) *CEF

SetDestinationZoneExternalID sets "destinationZoneExternalID" field.

func (*CEF) SetDestinationZoneURI 

func (cef *CEF) SetDestinationZoneURI(v string) *CEF

SetDestinationZoneURI sets "destinationZoneURI" field.

func (*CEF) SetDeviceCustomDate1 

func (cef *CEF) SetDeviceCustomDate1(v string) *CEF

SetDeviceCustomDate1 sets "deviceCustomDate1" field.

func (*CEF) SetDeviceCustomDate1Label 

func (cef *CEF) SetDeviceCustomDate1Label(v string) *CEF

SetDeviceCustomDate1Label sets "deviceCustomDate1Label" field.

func (*CEF) SetDeviceCustomDate2 

func (cef *CEF) SetDeviceCustomDate2(v string) *CEF

SetDeviceCustomDate2 sets "deviceCustomDate2" field.

func (*CEF) SetDeviceCustomDate2Label 

func (cef *CEF) SetDeviceCustomDate2Label(v string) *CEF

SetDeviceCustomDate2Label sets "deviceCustomDate2Label" field.

func (*CEF) SetDeviceDNSDomain 

func (cef *CEF) SetDeviceDNSDomain(v string) *CEF

SetDeviceDNSDomain sets "deviceDNSDomain" field.

func (*CEF) SetDeviceDirection 

func (cef *CEF) SetDeviceDirection(v int) *CEF

SetDeviceDirection sets "deviceDirection" field.

func (*CEF) SetDeviceEventClassID 

func (cef *CEF) SetDeviceEventClassID(v string) *CEF

SetDeviceEventClassID sets "deviceEventClassID" field.

func (*CEF) SetDeviceExternalID 

func (cef *CEF) SetDeviceExternalID(v string) *CEF

SetDeviceExternalID sets "deviceExternalID" field.

func (*CEF) SetDeviceFacility 

func (cef *CEF) SetDeviceFacility(v string) *CEF

SetDeviceFacility sets "deviceFacility" field.

func (*CEF) SetDeviceInboundInterface 

func (cef *CEF) SetDeviceInboundInterface(v string) *CEF

SetDeviceInboundInterface sets "deviceInboundInterface" field.

func (*CEF) SetDeviceNtDomain 

func (cef *CEF) SetDeviceNtDomain(v string) *CEF

SetDeviceNtDomain sets "deviceNtDomain" field.

func (*CEF) SetDeviceOutboundInterface 

func (cef *CEF) SetDeviceOutboundInterface(v string) *CEF

SetDeviceOutboundInterface sets "deviceOutboundInterface" field.

func (*CEF) SetDevicePayloadID 

func (cef *CEF) SetDevicePayloadID(v string) *CEF

SetDevicePayloadID sets "devicePayloadID" field.

func (*CEF) SetDeviceProcessName 

func (cef *CEF) SetDeviceProcessName(v string) *CEF

SetDeviceProcessName sets "deviceProcessName" field.

func (*CEF) SetDeviceProduct 

func (cef *CEF) SetDeviceProduct(v string) *CEF

SetDeviceProduct sets "deviceProduct" field.

func (*CEF) SetDeviceTranslatedAddress 

func (cef *CEF) SetDeviceTranslatedAddress(v net.IP) *CEF

SetDeviceTranslatedAddress sets "deviceTranslatedAddress" field.

func (*CEF) SetDeviceTranslatedZoneExternalID 

func (cef *CEF) SetDeviceTranslatedZoneExternalID(v string) *CEF

SetDeviceTranslatedZoneExternalID sets "deviceTranslatedZoneExternalID" field.

func (*CEF) SetDeviceTranslatedZoneKey 

func (cef *CEF) SetDeviceTranslatedZoneKey(v int64) *CEF

SetDeviceTranslatedZoneKey sets "deviceTranslatedZoneKey" field.

func (*CEF) SetDeviceTranslatedZoneURI 

func (cef *CEF) SetDeviceTranslatedZoneURI(v string) *CEF

SetDeviceTranslatedZoneURI sets "deviceTranslatedZoneURI" field.

func (*CEF) SetDeviceVendor 

func (cef *CEF) SetDeviceVendor(v string) *CEF

SetDeviceVendor sets "deviceVendor" field.

func (*CEF) SetDeviceVersion 

func (cef *CEF) SetDeviceVersion(v string) *CEF

SetDeviceVersion sets "deviceVersion" field.

func (*CEF) SetDeviceZoneExternalID 

func (cef *CEF) SetDeviceZoneExternalID(v string) *CEF

SetDeviceZoneExternalID sets "deviceZoneExternalID" field.

func (*CEF) SetDeviceZoneKey 

func (cef *CEF) SetDeviceZoneKey(v int64) *CEF

SetDeviceZoneKey sets "deviceZoneKey" field.

func (*CEF) SetDeviceZoneURI 

func (cef *CEF) SetDeviceZoneURI(v string) *CEF

SetDeviceZoneURI sets "deviceZoneURI" field.

func (*CEF) SetDhost 

func (cef *CEF) SetDhost(v string) *CEF

SetDhost sets "dhost" field.

func (*CEF) SetDlat 

func (cef *CEF) SetDlat(v float64) *CEF

SetDlat sets "dlat" field.

func (*CEF) SetDlong 

func (cef *CEF) SetDlong(v float64) *CEF

SetDlong sets "dlong" field.

func (*CEF) SetDntdom 

func (cef *CEF) SetDntdom(v string) *CEF

SetDntdom sets "dntdom" field.

func (*CEF) SetDpid 

func (cef *CEF) SetDpid(v int) *CEF

SetDpid sets "dpid" field.

func (*CEF) SetDpriv 

func (cef *CEF) SetDpriv(v string) *CEF

SetDpriv sets "dpriv" field.

func (*CEF) SetDproc 

func (cef *CEF) SetDproc(v string) *CEF

SetDproc sets "dproc" field.

func (*CEF) SetDpt 

func (cef *CEF) SetDpt(v int) *CEF

SetDpt sets "dpt" field.

func (*CEF) SetDst 

func (cef *CEF) SetDst(v net.IP) *CEF

SetDst sets "dst" field.

func (*CEF) SetDtz 

func (cef *CEF) SetDtz(v string) *CEF

SetDtz sets "dtz" field.

func (*CEF) SetDuid 

func (cef *CEF) SetDuid(v string) *CEF

SetDuid sets "duid" field.

func (*CEF) SetDuser 

func (cef *CEF) SetDuser(v string) *CEF

SetDuser sets "duser" field.

func (*CEF) SetDvc 

func (cef *CEF) SetDvc(v net.IP) *CEF

SetDvc sets "dvc" field.

func (*CEF) SetDvchost 

func (cef *CEF) SetDvchost(v string) *CEF

SetDvchost sets "dvchost" field.

func (*CEF) SetDvcmac 

func (cef *CEF) SetDvcmac(v net.HardwareAddr) *CEF

SetDvcmac sets "dvcmac" field.

func (*CEF) SetDvcpid 

func (cef *CEF) SetDvcpid(v int) *CEF

SetDvcpid sets "dvcpid" field.

func (*CEF) SetEnd 

func (cef *CEF) SetEnd(v string) *CEF

SetEnd sets "end" field.

func (*CEF) SetEventID 

func (cef *CEF) SetEventID(v int64) *CEF

SetEventID sets "eventID" field.

func (*CEF) SetExternalID 

func (cef *CEF) SetExternalID(v string) *CEF

SetExternalID sets "externalID" field.

func (*CEF) SetFileCreateTime 

func (cef *CEF) SetFileCreateTime(v string) *CEF

SetFileCreateTime sets "fileCreateTime" field.

func (*CEF) SetFileHash 

func (cef *CEF) SetFileHash(v string) *CEF

SetFileHash sets "fileHash" field.

func (*CEF) SetFileID 

func (cef *CEF) SetFileID(v string) *CEF

SetFileID sets "fileID" field.

func (*CEF) SetFileModificationTime 

func (cef *CEF) SetFileModificationTime(v string) *CEF

SetFileModificationTime sets "fileModificationTime" field.

func (*CEF) SetFilePath 

func (cef *CEF) SetFilePath(v string) *CEF

SetFilePath sets "filePath" field.

func (*CEF) SetFilePermission 

func (cef *CEF) SetFilePermission(v string) *CEF

SetFilePermission sets "filePermission" field.

func (*CEF) SetFileType 

func (cef *CEF) SetFileType(v string) *CEF

SetFileType sets "fileType" field.

func (*CEF) SetFlexDate1 

func (cef *CEF) SetFlexDate1(v string) *CEF

SetFlexDate1 sets "flexDate1" field.

func (*CEF) SetFlexDate1Label 

func (cef *CEF) SetFlexDate1Label(v string) *CEF

SetFlexDate1Label sets "flexDate1Label" field.

func (*CEF) SetFlexString1 

func (cef *CEF) SetFlexString1(v string) *CEF

SetFlexString1 sets "flexString1" field.

func (*CEF) SetFlexString1Label 

func (cef *CEF) SetFlexString1Label(v string) *CEF

SetFlexString1Label sets "flexString1Label" field.

func (*CEF) SetFlexString2 

func (cef *CEF) SetFlexString2(v string) *CEF

SetFlexString2 sets "flexString2" field.

func (*CEF) SetFlexString2Label 

func (cef *CEF) SetFlexString2Label(v string) *CEF

SetFlexString2Label sets "flexString2Label" field.

func (*CEF) SetFname 

func (cef *CEF) SetFname(v string) *CEF

SetFname sets "fname" field.

func (*CEF) SetFsize 

func (cef *CEF) SetFsize(v int64) *CEF

SetFsize sets "fsize" field.

func (*CEF) SetIn 

func (cef *CEF) SetIn(v int64) *CEF

SetIn sets "in" field.

func (*CEF) SetMsg 

func (cef *CEF) SetMsg(v string) *CEF

SetMsg sets "msg" field.

func (*CEF) SetName 

func (cef *CEF) SetName(v string) *CEF

SetName sets "name" field.

func (*CEF) SetOldFileCreateTime 

func (cef *CEF) SetOldFileCreateTime(v string) *CEF

SetOldFileCreateTime sets "oldFileCreateTime" field.

func (*CEF) SetOldFileHash 

func (cef *CEF) SetOldFileHash(v string) *CEF

SetOldFileHash sets "oldFileHash" field.

func (*CEF) SetOldFileID 

func (cef *CEF) SetOldFileID(v string) *CEF

SetOldFileID sets "oldFileID" field.

func (*CEF) SetOldFileModificationTime 

func (cef *CEF) SetOldFileModificationTime(v string) *CEF

SetOldFileModificationTime sets "oldFileModificationTime" field.

func (*CEF) SetOldFileName 

func (cef *CEF) SetOldFileName(v string) *CEF

SetOldFileName sets "oldFileName" field.

func (*CEF) SetOldFilePath 

func (cef *CEF) SetOldFilePath(v string) *CEF

SetOldFilePath sets "oldFilePath" field.

func (*CEF) SetOldFilePermission 

func (cef *CEF) SetOldFilePermission(v string) *CEF

SetOldFilePermission sets "oldFilePermission" field.

func (*CEF) SetOldFileSize 

func (cef *CEF) SetOldFileSize(v int64) *CEF

SetOldFileSize sets "oldFileSize" field.

func (*CEF) SetOldFileType 

func (cef *CEF) SetOldFileType(v string) *CEF

SetOldFileType sets "oldFileType" field.

func (*CEF) SetOut 

func (cef *CEF) SetOut(v int) *CEF

SetOut sets "out" field.

func (*CEF) SetOutcome 

func (cef *CEF) SetOutcome(v string) *CEF

SetOutcome sets "outcome" field.

func (*CEF) SetProto 

func (cef *CEF) SetProto(v string) *CEF

SetProto sets "proto" field.

func (*CEF) SetRawEvent 

func (cef *CEF) SetRawEvent(v string) *CEF

SetRawEvent sets "rawEvent" field.

func (*CEF) SetReason 

func (cef *CEF) SetReason(v string) *CEF

SetReason sets "reason" field.

func (*CEF) SetRequest 

func (cef *CEF) SetRequest(v string) *CEF

SetRequest sets "request" field.

func (*CEF) SetRequestClientApplication 

func (cef *CEF) SetRequestClientApplication(v string) *CEF

SetRequestClientApplication sets "requestClientApplication" field.

func (*CEF) SetRequestContext 

func (cef *CEF) SetRequestContext(v string) *CEF

SetRequestContext sets "requestContext" field.

func (*CEF) SetRequestCookies 

func (cef *CEF) SetRequestCookies(v string) *CEF

SetRequestCookies sets "requestCookies" field.

func (*CEF) SetRequestMethod 

func (cef *CEF) SetRequestMethod(v string) *CEF

SetRequestMethod sets "requestMethod" field.

func (*CEF) SetRt 

func (cef *CEF) SetRt(v string) *CEF

SetRt sets "rt" field.

func (*CEF) SetSTranslatedZoneKey 

func (cef *CEF) SetSTranslatedZoneKey(v int64) *CEF

SetSTranslatedZoneKey sets "sTranslatedZoneKey" field.

func (*CEF) SetSZoneKey 

func (cef *CEF) SetSZoneKey(v int64) *CEF

SetSZoneKey sets "sZoneKey" field.

func (*CEF) SetShost 

func (cef *CEF) SetShost(v string) *CEF

SetShost sets "shost" field.

func (*CEF) SetSlat 

func (cef *CEF) SetSlat(v float64) *CEF

SetSlat sets "slat" field.

func (*CEF) SetSlong 

func (cef *CEF) SetSlong(v float64) *CEF

SetSlong sets "slong" field.

func (*CEF) SetSmac 

func (cef *CEF) SetSmac(v net.HardwareAddr) *CEF

SetSmac sets "smac" field.

func (*CEF) SetSntdom 

func (cef *CEF) SetSntdom(v string) *CEF

SetSntdom sets "sntdom" field.

func (*CEF) SetSourceDNSDomain 

func (cef *CEF) SetSourceDNSDomain(v string) *CEF

SetSourceDNSDomain sets "sourceDNSDomain" field.

func (*CEF) SetSourceServiceName 

func (cef *CEF) SetSourceServiceName(v string) *CEF

SetSourceServiceName sets "sourceServiceName" field.

func (*CEF) SetSourceTranslatedAddress 

func (cef *CEF) SetSourceTranslatedAddress(v net.IP) *CEF

SetSourceTranslatedAddress sets "sourceTranslatedAddress" field.

func (*CEF) SetSourceTranslatedPort 

func (cef *CEF) SetSourceTranslatedPort(v int) *CEF

SetSourceTranslatedPort sets "sourceTranslatedPort" field.

func (*CEF) SetSourceTranslatedZoneExternalID 

func (cef *CEF) SetSourceTranslatedZoneExternalID(v string) *CEF

SetSourceTranslatedZoneExternalID sets "sourceTranslatedZoneExternalID" field.

func (*CEF) SetSourceTranslatedZoneURI 

func (cef *CEF) SetSourceTranslatedZoneURI(v string) *CEF

SetSourceTranslatedZoneURI sets "sourceTranslatedZoneURI" field.

func (*CEF) SetSourceZoneExternalID 

func (cef *CEF) SetSourceZoneExternalID(v string) *CEF

SetSourceZoneExternalID sets "sourceZoneExternalID" field.

func (*CEF) SetSourceZoneURI 

func (cef *CEF) SetSourceZoneURI(v string) *CEF

SetSourceZoneURI sets "sourceZoneURI" field.

func (*CEF) SetSpid 

func (cef *CEF) SetSpid(v int) *CEF

SetSpid sets "spid" field.

func (*CEF) SetSpriv 

func (cef *CEF) SetSpriv(v string) *CEF

SetSpriv sets "spriv" field.

func (*CEF) SetSproc 

func (cef *CEF) SetSproc(v string) *CEF

SetSproc sets "sproc" field.

func (*CEF) SetSpt 

func (cef *CEF) SetSpt(v int) *CEF

SetSpt sets "spt" field.

func (*CEF) SetSrc 

func (cef *CEF) SetSrc(v net.IP) *CEF

SetSrc sets "src" field.

func (*CEF) SetStart 

func (cef *CEF) SetStart(v string) *CEF

SetStart sets "start" field.

func (*CEF) SetSuid 

func (cef *CEF) SetSuid(v string) *CEF

SetSuid sets "suid" field.

func (*CEF) SetSuser 

func (cef *CEF) SetSuser(v string) *CEF

SetSuser sets "suser" field.

func (*CEF) SetType 

func (cef *CEF) SetType(v int) *CEF

SetType sets "typ" field.

func (*CEF) Shost 

func (cef *CEF) Shost() string

Identifies the source that an event refers to in an IP network. The format should be a fully qualified domain name (FQDN) associated with the source node, when a mode is available. Examples: “host” or “host.domain.com”.

func (*CEF) Slat 

func (cef *CEF) Slat() float64

func (*CEF) Slong 

func (cef *CEF) Slong() float64

func (*CEF) Smac 

func (cef *CEF) Smac() net.HardwareAddr

Six colon-separated hexadecimal numbers. Example: “00:0D:60:AF:1B:61”

func (*CEF) Sntdom 

func (cef *CEF) Sntdom() string

The Windows domain name for the source address.

func (*CEF) SourceDNSDomain 

func (cef *CEF) SourceDNSDomain() string

The DNS domain part of the complete fully qualified domain name (FQDN).

func (*CEF) SourceServiceName 

func (cef *CEF) SourceServiceName() string

The service that is responsible for generating this event.

func (*CEF) SourceTranslatedAddress 

func (cef *CEF) SourceTranslatedAddress() net.IP

Identifies the translated source that the event refers to in an IP network. The format is an IPv4 address. Example: “192.168.10.1”.

func (*CEF) SourceTranslatedPort 

func (cef *CEF) SourceTranslatedPort() int

A port number after being translated by, for example, a firewall. Valid port numbers are 0 to 65535.

func (*CEF) SourceTranslatedZoneExternalID 

func (cef *CEF) SourceTranslatedZoneExternalID() string

func (*CEF) SourceTranslatedZoneURI 

func (cef *CEF) SourceTranslatedZoneURI() string

The URI for the Translated Zone that the destination asset has been assigned to in ArcSight.

func (*CEF) SourceZoneExternalID 

func (cef *CEF) SourceZoneExternalID() string

func (*CEF) SourceZoneURI 

func (cef *CEF) SourceZoneURI() string

The URI for the Zone that the source asset has been assigned to in ArcSight.

func (*CEF) Spid 

func (cef *CEF) Spid() int

The ID of the source process associated with the event

func (*CEF) Spriv 

func (cef *CEF) Spriv() string

The typical values are “Administrator”, “User”, and “Guest”. It identifies the source user’s privileges. In UNIX, for example, activity executed by the root user would be identified with “Administrator”.

func (*CEF) Sproc 

func (cef *CEF) Sproc() string

The name of the event’s source process.

func (*CEF) Spt 

func (cef *CEF) Spt() int

The valid port numbers are 0 to 65535.

func (*CEF) Src 

func (cef *CEF) Src() net.IP

Identifies the source that an event refers to in an IP network. The format is an IPv4 address. Example: “192.168.10.1”.

func (*CEF) Start 

func (cef *CEF) Start() string

The time when the activity the event referred to started. The format is MMM dd yyyy HH:mm:ss or milliseconds since epoch (Jan 1st 1970)

func (*CEF) Suid 

func (cef *CEF) Suid() string

Identifies the source user by ID. This is the user associated with the source of the event. For example, in UNIX, the root user is generally associated with user ID 0.

func (*CEF) Suser 

func (cef *CEF) Suser() string

Identifies the source user by name. Email addresses are also mapped into the UserName fields. The sender is a candidate to put into this field.

func (*CEF) Type 

func (cef *CEF) Type() int

0 means base event, 1 means aggregated, 2 means correlation, and 3 means action. This field can be omitted for base events (type 0)

func (*CEF) UnmarshalText 

func (cef *CEF) UnmarshalText(text []byte) (err error)
Example 
package main

import (
	"fmt"

	"go.m8.ru/cef"
)

func main() {
	log := new(cef.CEF)

	text := "CEF:0|Security|threatmanager|1.0|100|worm successfully stopped|10|dst=2.1.2.2 spt=1232 src=10.0.0.1"

	err := log.UnmarshalText([]byte(text))

	fmt.Println(log.CEFVersion())
	fmt.Println(log.DeviceVendor())
	fmt.Println(log.DeviceProduct())
	fmt.Println(log.DeviceVersion())
	fmt.Println(log.DeviceEventClassID())
	fmt.Println(log.Name())
	fmt.Println(log.AgentSeverity())
	fmt.Printf("dst=%v spt=%v src=%v\n", log.Dst(), log.Spt(), log.Src())
	fmt.Println(err)
}

Output:

0
Security
threatmanager
1.0
100
worm successfully stopped
Very-High
dst=2.1.2.2 spt=1232 src=10.0.0.1
<nil>

Source Files

View all Source files

Directories

Path Synopsis
internal
gen
gen/naming

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.