[−][src]Crate serde_cef
CEF is an extensible, text-based format designed to support multiple device types by offerring the most relevant information. Message syntaxes are reduced to work with ESM normalization. Specifically, CEF defines a syntax for log records comprised of a standard header and a variable extension, formatted as key-value pairs.
Sep 19 08:26:10 host CEF:0|Security|threatmanager|1.0|100|worm successfully stopped|10|src=10.0.0.1 dst=2.1.2.2 spt=1232
Quickstart
You can start using it by first adding it to your Cargo.toml
:
[dependencies]
serde_derive = "1.0"
serde_cef = "0.1"
Then, create a structure which implement serde::Serialize
/ serde::Deserialize
traits and
use the structure as extention in the serde_cef::CefRecord
.
extern crate serde_cef; #[macro_use] extern crate serde_derive; use serde_cef::{CefRecord, CefSeverity, CefSignatureId}; #[derive(Serialize, Deserialize, Clone, Debug)] struct Foo { a: String, b: u64, } fn main() { let rec = CefRecord { headers: None, version: 0, device_vendor: "Fake".to_string(), device_product: "Product".to_string(), device_version: "0.1".to_string(), signature_id: CefSignatureId::U64(0), signature: "Nothing".to_string(), severity: CefSeverity::U8(6), extensions: Foo { a: "subtest".into(), b: 695217 }, }; let as_string = serde_cef::to_string(&rec).unwrap(); println!("{}", &as_string); println!("{:?}", serde_cef::from_str::<Foo>(&as_string).unwrap()); }
Output:
CEF:0|Fake|Product|0.1|0|Nothing|6|a=subtest b=695217
CefRecord { headers: None, version: 0, device_vendor: "Fake", device_product: "Product", device_version: "0.1", signature_id: U64(0), signature: "Nothing", severity: U8(6), extensions: Foo { a: "subtest", b: 695217 } }
Feature ovh-ldp
The feature ovh-ldp
allow to suffix fields names to suits to the LDP naming conventions.
In your Cargo.toml
, set:
[dependencies]
serde_value_flatten = { version = "0.1", features = ["ovh-ldp"] }
Re-run the previous example, and now the output will be :
CEF:0|Fake|Product|0.1|0|Nothing|6|a:subtest b_double:695217
Structs
CefRecord | Struct which represent a CEF record according to the specification. |
Enums
CefError | Enum to store errors |
CefSeverity | Severity is a string or integer and reflects the importance of the event. |
CefSignatureId | Device Event Class ID is a unique identifier per event-type. |
Functions
from_str | Deserialize an instance of type |
to_string | Serialize an instance of type |
Type Definitions
CefResult | Alias for a |