Document toolboxDocument toolbox

cef0.cloud_foundry.cloud_controller_ng

Owned by Juan Tomás Alonso Nieto (Unlicensed)
Last updated: Nov 26, 2021Version comment
1 min read

Introduction

The table cef0.cloud_foundry.cloud_controller_ng identifies events in CEF format generated by Cloud Foundry Cloud Controller.

Tag structure

Events in CEF format don't have a specific tag structure, as explained in Technologies supported in CEF syslog format. They are always sent to a table with the structure cef0.deviceVendor.deviceProduct.

In this case, the valid data tables are:

TagData table

cef0.cloud_foundry.cloud_controller_ng

cef0.cloud_foundry.cloud_controller_ng

How is the data sent to Devo?

Learn more about CEF syslog format and how Devo tags these events in Technologies supported in CEF syslog format.

Log samples

The following is a sample log sent to the cef0.cloud_foundry.cloud_controller_ng table. Find how the information will be parsed in your data table under each sample log.

Extra columns

Fields marked as Extra in the table below are not shown by default in data tables and need to be explicitly requested in the query. You can find them marked as Extra when you perform a query so they can be easily identified. Learn more about this in Selecting unrevealed columns.

2021-11-19 10:48:09.547 localhost=127.0.0.1 14 CEF: 0|cloud_foundry|cloud_controller_ng|2.150.0|GET /dev/election/describe/everybody/sea.png2/etc/yet/user345/grow/notice/it.doc/350db81b-0ea7-41aa-9f04-197ec10b5c1f/dev/election/describe/everybody/sea.pngar/dev/election/describe/everybody/sea.pngoice/dog/make/user123/color.csv|GET /dev/election/describe/everybody/sea.png2/etc/yet/user345/grow/notice/it.doc/350db81b-0ea7-41aa-9f04-197ec10b5c1f/dev/election/describe/everybody/sea.pngar/dev/election/describe/everybody/sea.pngoice/dog/make/user123/color.csv|0|rt=1614339521455 suser=amy67 suid=b8d1ebc0-02c7-491a-8a9a-bc12285c8665 request=/dev/election/describe/everybody/sea.png2/etc/yet/user345/grow/notice/it.doc/350db81b-0ea7-41aa-9f04-197ec10b5c1f/dev/election/describe/everybody/sea.pngar/dev/election/describe/everybody/sea.pngoice/dog/make/user123/color.csv requestMethod=GET src=123.123.123.3 dst=123.45.67.89 cs1Label=userAuthenticationMechanism cs1=oauth-access-token cs2Label=vcapRequestId cs2=44adae6d-0277-4e73-5d21-a6d85c142490::9555990d-c5de-4252-b770-83181b445a61 cs3Label=result cs3=success cs4Label=httpStatusCode cs4=200 cs5Label=xForwardedFor cs5=123.123.123.3, 124.124.124.4,125.125.125.5

And this is how the log would be parsed:

Field

Value

Type

Source field name

Extra fields

eventdate

2021-11-19 10:48:09.547

timestamp




hostname

localhost

str




priorityCode

14

str




cefTag

CEF

str




cefVersion

0

str




embDeviceVendor

cloud_foundry

str




embDeviceProduct

cloud_controller_ng

str




deviceVersion

2.150.0

str




signatureID

GET /dev/election/describe/everybody/sea.png2/etc/yet/user345/grow/notice/it.doc/350db81b-0ea7-41aa-9f04-197ec10b5c1f/dev/election/describe/everybody/sea.pngar/dev/election/describe/everybody/sea.pngoice/dog/make/user123/color.csv

str




name

GET /dev/election/describe/everybody/sea.png2/etc/yet/user345/grow/notice/it.doc/350db81b-0ea7-41aa-9f04-197ec10b5c1f/dev/election/describe/everybody/sea.pngar/dev/election/describe/everybody/sea.pngoice/dog/make/user123/color.csv

str




severity

0

str




_cefVer

null

str




cs1Label

userAuthenticationMechanism

str




cs1

oauth-access-token

str




cs2Label

vcapRequestId

str




cs2

44adae6d-0277-4e73-5d21-a6d85c142490::9555990d-c5de-4252-b770-83181b445a61

str




cs3Label

result

str




cs3

success

str




cs4Label

httpStatusCode

str




cs4

200

str




cs5Label

xForwardedFor

str




cs5

123.123.123.3, 124.124.124.4,125.125.125.5

str




dst

123.45.67.89

ip4




requestMethod

GET

str




request

/dev/election/describe/everybody/sea.png2/etc/yet/user345/grow/notice/it.doc/350db81b-0ea7-41aa-9f04-197ec10b5c1f/dev/election/describe/everybody/sea.pngar/dev/election/describe/everybody/sea.pngoice/dog/make/user123/color.csv

str




rt

2021-02-26 11:38:41.455

timestamp




src

123.123.123.3

ip4




suid

b8d1ebc0-02c7-491a-8a9a-bc12285c8665

str




suser

amy67

str




hostchain

localhost=127.0.0.1

str



✓

tag

CEF

str

cefTag

✓

rawMessage

CEF: 0|cloud_foundry|cloud_controller_ng|2.150.0|GET /dev/election/describe/everybody/sea.png2/etc/yet/user345/grow/notice/it.doc/350db81b-0ea7-41aa-9f04-197ec10b5c1f/dev/election/describe/everybody/sea.pngar/dev/election/describe/everybody/sea.pngoice/dog/make/user123/color.csv|GET /dev/election/describe/everybody/sea.png2/etc/yet/user345/grow/notice/it.doc/350db81b-0ea7-41aa-9f04-197ec10b5c1f/dev/election/describe/everybody/sea.pngar/dev/election/describe/everybody/sea.pngoice/dog/make/user123/color.csv|0|rt=1614339521455 suser=amy67 suid=b8d1ebc0-02c7-491a-8a9a-bc12285c8665 request=/dev/election/describe/everybody/sea.png2/etc/yet/user345/grow/notice/it.doc/350db81b-0ea7-41aa-9f04-197ec10b5c1f/dev/election/describe/everybody/sea.pngar/dev/election/describe/everybody/sea.pngoice/dog/make/user123/color.csv requestMethod=GET src=123.123.123.3 dst=123.45.67.89 cs1Label=userAuthenticationMechanism cs1=oauth-access-token cs2Label=vcapRequestId cs2=44adae6d-0277-4e73-5d21-a6d85c142490::9555990d-c5de-4252-b770-83181b445a61 cs3Label=result cs3=success cs4Label=httpStatusCode cs4=200 cs5Label=xForwardedFor cs5=123.123.123.3, 124.124.124.4,125.125.125.5

str