Log Format

KEY_VALUE

A simple log format where each piece of information is represented as a key-value pair (e.g., user=john action=login status=success). This format is easy to parse and widely used for structured logging.

CEF (Common Event Format)

A standardized log format developed by ArcSight, widely used in security systems. It includes a fixed header and a structured message part, allowing interoperability between different security tools.

Example:

CEF:0|Vendor|Product|Version|Signature|Name|Severity|key1=value1 key2=value2

LEGACY_CEF

An older or customized version of the standard CEF format. It may not fully comply with the current CEF specification and could have variations in structure, field names, or delimiters, making it less consistent and harder to parse reliably.