Versions Compared

Version Old Version 4 New Version 5
Changes made by

Juan Tomás Alonso Nieto (Deactivated)

Juan Tomás Alonso Nieto (Deactivated)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Table of Contents
maxLevel2
minLevel2
typeflat

...

The tags beginning with cef0.barracuda identify events in CEF format generated by Barracuda.

Tag structure

Events in CEF format don't have a specific tag structure, as explained in Technologies supported in CEF syslog format. They are always sent to a table with the structure cef0.deviceVendor.deviceProduct.

In this case, the valid data tables are:

Tags

Data tables

cef0.barracuda.waf

cef0.barracuda.waf

How is the data sent to Devo?

Learn more about CEF syslog format and how Devo tags these events in Technologies supported in CEF syslog format.

Table structure

These are the fields displayed in this table:

cef0.barracuda.waf

Field

Type

Source field name

Extra fields

eventdate

timestamp

hostname

str

priorityCode

str

cefTag

str

cefVersion

str

embDeviceVendor

str

embDeviceProduct

str

deviceVersion

str

signatureID

str

name

str

severity

str

_cefVer

str

act

str

app

str

c6a4Label

str

cfp1Label

str

cfp1

float8

cn1Label

str

cn1

int8

cn2Label

str

cn2

int8

cn3Label

str

cn3

int8

cs1Label

str

cs1

str

cs2Label

str

cs2

str

cs3Label

str

cs3

str

cs4Label

str

cs4

str

cs5Label

str

cs5

str

destinationTranslatedAddress

ip4

deviceCustomDate1Label

str

deviceCustomDate1

timestamp

deviceProcessName

str

dhost

str

dst

ip4

dpt

int4

duid

str

duser

str

in

int8

msg

str

out

int8

requestClientApplication

str

requestCookies

str

requestMethod

str

request

str

rt

timestamp

src

ip4

spt

int4

suid

str

agentZoneURI

str

agt

str

ahost

str

aid

str

amac

str

art

str

at

str

atz

str

av

str

customerURI

str

destinationTranslatedZoneURI

str

destinationZoneURI

str

deviceSeverity

str

dtz

str

eventId

str

flexString1

str

flexString1Label

str

flexString2

str

flexString2Label

str

geid

str

requestContext

str

sourceZoneURI

str

actionTaken

str

attackDescription

str

hostchain

str

tag

str

cefTag

rawMessage

str