[siem-users] CEE/CEF Was: Testing
Anton Chuvakin
anton at chuvakin.org
Tue Dec 21 22:01:28 UTC 2010
> Just a quick note. CEE is not XML! CEE supports text, as I mentioned in an earlier email, the
>text-format of CEE is super similar to CEF.
Oh yeah! Mandatory XML logging = FAIL. Think of a firewall logging at
10,000 events/second in XML - this will never work, no matter how much
hardware improves.
Name=value pairs is probably the main CEE syntax that will get used as
it is adopted. So in that sense, CEE would be the same as CEF, but not
tied to a particular vendor.
--
Dr. Anton Chuvakin
Site: http://www.chuvakin.org
Blog: http://www.securitywarrior.org
LinkedIn: http://www.linkedin.com/in/chuvakin
Consulting: http://www.securitywarriorconsulting.com
Twitter: @anton_chuvakin
Google Voice: +1-510-771-7106
More information about the Discussion
mailing list