Module that emits CEF logs
Project description
Most Mozilla Services applications need to generate CEF logs. A CEF Log is a formatted log that can be used by ArcSight, a central application used by the infrasec team to manage application security.
The cef module provide a log_cef function that can be used to emit CEF logs:
- log_cef(message, severity, environ, config, [username,
[signature]], **kw)
Creates a CEF record, and emit it in syslog or another file.
- Args:
message: message to log
severity: integer from 0 to 10
environ: the WSGI environ object
config: configuration dict
signature: CEF signature code, defaults to ‘AuthFail’
username: user name, defaults to ‘none’
extra keywords: extra keys used in the CEF extension
Example:
>>> from cef import log_cef >>> log_cef('SecurityAlert!', 5, environ, config, ... msg='Someone has stolen my chocolate')
With environ and config provided by the web environment.
You can use the cef module with pythons logging module.
Example of logging configuration:
'syslog': { '()': cef.SysLogFormatter, 'datefmt': '%H:%M:%s', },
Send message to the log:
log_file.warning('Something', {environ: environ, username: request.user, data: data})
The SysLogFormatter will use the date format set in the log configuration (datefmt). It will convert the logging error level into a sys log error level.
CEF specific fields (version, vendor, device_version, product) can be also be provided, defaults will be used if not passed.
Project details
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.