CEF

SyslogPro~ CEF

A class to work with HP CEF (Common Event Format) messages. This form of system messages are designed to work with security systems. Messages can be saved to file (Saving to file if not part of this module but a CEF formated mesage produced by this module can be saved externaly to it) or sent via Syslog. Most APIs will return a promise. These APIs can be used using `then(...)/catch(...)` A Syslog class with a configured Syslog server target can also be used as the input into the formating classes so that it may run independtly. The CEF format is designed to send event data to a SIEM system and should not be as a logging stream. This class is ment to be used once per message.

Constructor

new CEF(optionsopt)

Source:

index.js, line 1869

Version:

0.0.0

Since:

0.0.0

Construct a new CEF formating object with user options

Parameters:

Name Type Attributes Description

options

object

<optional>

Options object

Properties

Name	Type	Attributes	Default	Description
`deviceVendor`	string	<optional>	`'unknown'`	The vendor of the system that genrated the event being reported
`deviceProduct`	string	<optional>	`'unknown'`	The product name of the system that genrated the event being reported
`deviceVersion`	string	<optional>	`'unknown'`	The version name of the system that genrated the event being reported
`deviceEventClassId`	string	<optional>	`'unknown'`	The eventId of the system that genrated the event being reported
`name`	string	<optional>	`'unknown'`	Name of the service genrating the notice
`severity`	string	<optional>	`'unknown'`	Severity of the notification
`extensions`	string	<optional>	`{}`	Any CEF Key=Value extentions
`server`	Syslog	<optional>	`false`	A Syslog server connection that should be used to send messages directly from this class. @see SyslogPro~Syslog

Requires:

module:moment

Requires

module:moment

Members

(private) constructor__

Source:

index.js, line 1892

deviceEventClassId :string

Source:

index.js, line 1901

Type:

string

deviceProduct :string

Source:

index.js, line 1897

Type:

string

deviceVendor :string

Source:

index.js, line 1895

Type:

string

deviceVersion :string

Source:

index.js, line 1899

Type:

string

extensions :object

Source:

index.js, line 1907

Type:

object

name :string

Source:

index.js, line 1903

Type:

string

(private) server

Source:

index.js, line 2069

severity :string

Source:

index.js, line 1905

Type:

string

Methods

buildMessage() → {Promise}

Source:

index.js, line 2309

Build a CEF formated string

Returns:

- String with formated message

Type: Promise

send(optionsopt)

Source:

index.js, line 2336

Parameters:

Name	Type	Attributes	Default	Description
`options`	Syslog	<optional>	`false`	A Syslog server connection that should be used to send messages directly from this class. @see SyslogPro~Syslog

validate() → {Promise}

Source:

index.js, line 2081

Validate this CEF object

Throws:

- First element to fail valadation
Type Error

Returns:

- True if valadated

Type: Promise