Common Event Format (CEF)

Available in AxoSyslog 4.13 and later.

Formats a dictionary into the Common Event Format (CEF).

Usage: ${MESSAGE} = format_cef(my_dictionary);

For example:

my_dictionary = {"version":"0","device_vendor":" KasperskyLab ","device_product":"SecurityCenter","device_version":"13.2.0.1511","device_event_class_id":"KLPRCI_TaskState","name":"Completed successfully","agent_severity":"1"};

Becomes:

CEF:0| KasperskyLab |SecurityCenter|13.2.0.1511|KLPRCI_TaskState|Completed successfully|1|

Last modified July 18, 2025: Moves filterx format functions to separate pages (aedc5cc)