Graylog input plugin to receive CEF logs via UDP or TCP. Install the plugin and launch a new CEF input from
System -> Inputs in your Graylog Web Interface.
This plugin is strictly following the CEF standard and will probably not work with non-compliant messages. Please open an issue in this repository in case of any problems.
Required Graylog version: 2.4.x and later
Since Graylog Version 2.4.0 this plugin is already included in the Graylog server installation package as default plugin.
Download the plugin and place the
.jar file in your Graylog plugin directory. The plugin directory is the
plugins/ folder relative from your
graylog-server directory by default and can be configured in your
graylog-server and you are done.
Some systems will send CEF as part of a RFC compliant syslog message. In this case, you can just start a CEF Message Input from
System -> Inputs and you are done.
If the envelope is not syslog or the CEF message is not in an envelope at all, you can use the Graylog Processing Pipelines and the
parse_cef function this plugin provides:
parse_cef()function on that extracted string.
cef_prefixed message fields to something easier to use and easier to remember.
This project is using Maven 3 and requires Java 8 or higher.
mvn packageto build a JAR file.
mvn rpm:rpmto create a DEB and RPM package respectively.
We are using the maven release plugin:
$ mvn release:prepare [...] $ mvn release:perform
This sets the version numbers, creates a tag and pushes to GitHub. Travis CI will build the release artifacts and upload to GitHub automatically.