cef0.cloud_foundry.cloud_controller_ng
Introduction
The table cef0.cloud_foundry.cloud_controller_ng identifies events in CEF format generated by Cloud Foundry Cloud Controller.
Tag structure
Events in CEF format don't have a specific tag structure, as explained in Technologies supported in CEF syslog format. They are always sent to a table with the structure cef0.deviceVendor.deviceProduct.
In this case, the valid data tables are:
Tag | Data table |
---|---|
cef0.cloud_foundry.cloud_controller_ng | cef0.cloud_foundry.cloud_controller_ng |
How is the data sent to Devo?
Learn more about CEF syslog format and how Devo tags these events in Technologies supported in CEF syslog format.
Log samples
The following is a sample log sent to the cef0.cloud_foundry.cloud_controller_ng table. Find how the information will be parsed in your data table under each sample log.
Extra columns
Fields marked as Extra in the table below are not shown by default in data tables and need to be explicitly requested in the query. You can find them marked as Extra when you perform a query so they can be easily identified. Learn more about this in Selecting unrevealed columns.
2021-11-19 10:48:09.547 localhost=127.0.0.1 14 CEF: 0|cloud_foundry|cloud_controller_ng|2.150.0|GET /dev/election/describe/everybody/sea.png2/etc/yet/user345/grow/notice/it.doc/350db81b-0ea7-41aa-9f04-197ec10b5c1f/dev/election/describe/everybody/sea.pngar/dev/election/describe/everybody/sea.pngoice/dog/make/user123/color.csv|GET /dev/election/describe/everybody/sea.png2/etc/yet/user345/grow/notice/it.doc/350db81b-0ea7-41aa-9f04-197ec10b5c1f/dev/election/describe/everybody/sea.pngar/dev/election/describe/everybody/sea.pngoice/dog/make/user123/color.csv|0|rt=1614339521455 suser=amy67 suid=b8d1ebc0-02c7-491a-8a9a-bc12285c8665 request=/dev/election/describe/everybody/sea.png2/etc/yet/user345/grow/notice/it.doc/350db81b-0ea7-41aa-9f04-197ec10b5c1f/dev/election/describe/everybody/sea.pngar/dev/election/describe/everybody/sea.pngoice/dog/make/user123/color.csv requestMethod=GET src=123.123.123.3 dst=123.45.67.89 cs1Label=userAuthenticationMechanism cs1=oauth-access-token cs2Label=vcapRequestId cs2=44adae6d-0277-4e73-5d21-a6d85c142490::9555990d-c5de-4252-b770-83181b445a61 cs3Label=result cs3=success cs4Label=httpStatusCode cs4=200 cs5Label=xForwardedFor cs5=123.123.123.3, 124.124.124.4,125.125.125.5
And this is how the log would be parsed:
Field | Value | Type | Source field name | Extra fields |
---|---|---|---|---|
eventdate |
|
| ||
hostname |
|
| ||
priorityCode |
|
| ||
cefTag |
|
| ||
cefVersion |
|
| ||
embDeviceVendor |
|
| ||
embDeviceProduct |
|
| ||
deviceVersion |
|
| ||
signatureID |
|
| ||
name |
|
| ||
severity |
|
| ||
_cefVer |
|
| ||
cs1Label |
|
| ||
cs1 |
|
| ||
cs2Label |
|
| ||
cs2 |
|
| ||
cs3Label |
|
| ||
cs3 |
|
| ||
cs4Label |
|
| ||
cs4 |
|
| ||
cs5Label |
|
| ||
cs5 |
|
| ||
dst |
|
| ||
requestMethod |
|
| ||
request |
|
| ||
rt |
|
| ||
src |
|
| ||
suid |
|
| ||
suser |
|
| ||
hostchain |
|
| ✓ | |
tag |
|
| cefTag | ✓ |
rawMessage |
|
|