-
Notifications
You must be signed in to change notification settings - Fork 0
/
extension_field_gen.go
executable file
·3386 lines (2613 loc) · 79.5 KB
/
extension_field_gen.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
// Code generated by go.m8.ru/cef, DO NOT EDIT.
package cef
import "net"
type extensionFields struct {
// Action taken by the device.
act string
// Application level protocol, example: HTTP, HTTPS, SSHv2, Telnet, POP, IMPA, IMAPS, and so on.
app string
// One of the four IPv6 address fields available to map fields that do not apply to any other in this dictionary. TIP: For tips on using these fields, see the guidelines defined under User-Defined Extensions.
c6A1 net.IP
// All custom fields have a corresponding label field. Each of these fields is a string and describes the purpose of the custom field.
c6A1Label string
// One of the four IPv6 address fields available to map fields that do not apply to any other in this dictionary. TIP: For tips on using these fields, see the guidelines defined under User-Defined Extensions.
c6A3 net.IP
// All custom fields have a corresponding label field. Each of these fields is a string and describes the purpose of the custom field.
c6A3Label string
// One of the four IPv6 address fields available to map fields that do not apply to any other in this dictionary. TIP: For tips on using these fields, see the guidelines defined under User-Defined Extensions.
c6A4 net.IP
// All custom fields have a corresponding label field. Each of these fields is a string and describes the purpose of the custom field.
c6A4Label string
// Represents the category assigned by the originating device. Devices often use their own categorization schema to classify event. Example: “/Monitor/Disk/Read”
cat string
// One of our floating point fields available to map fields that do not apply to any other in this dictionary.
cfp1 float32
// All custom fields have a corresponding label field. Each of these fields is a string and describes the purpose of the custom field.
cfp1Label string
// One of the four floating point fields available to map fields that do not apply to any other in this dictionary.
cfp2 float32
// All custom fields have a corresponding label field. Each of these fields is a string and describes the purpose of the custom field.
cfp2Label string
// One of the four floating point fields available to map fields that do not apply to any other in this dictionary.
cfp3 float32
// All custom fields have a corresponding label field. Each of these fields is a string and describes the purpose of the custom field.
cfp3Label string
// One of the four floating point fields available to map fields that do not apply to any other in this dictionary.
cfp4 float32
// All custom fields have a corresponding label field. Each of these fields is a string and describes the purpose of the custom field.
cfp4Label string
// One of the three number fields available to map fields that do not apply to any other in this dictionary. Use sparingly and seek a more specific, dictionary supplied field when possible.
cn1 int64
// All custom fields have a corresponding label field. Each of these fields is a string and describes the purpose of the custom field.
cn1Label string
// One of the three number fields available to map fields that do not apply to any other in this dictionary. Use sparingly and seek a more specific, dictionary supplied field when possible.
cn2 int64
// All custom fields have a corresponding label field. Each of these fields is a string and describes the purpose of the custom field. Implementing ArcSight Common Event Format (CEF) - Version 26 ArcS
cn2Label string
// One of the three number fields available to map fields that do not apply to any other in this dictionary. Use sparingly and seek a more specific, dictionary supplied field when possible.
cn3 int64
// All custom fields have a corresponding label field. Each of these fields is a string and describes the purpose of the custom field.
cn3Label string
// A count associated with this event. How many times was this same event observed? Count can be omitted if it is 1.
cnt int
// One of the six strings available to map fields that do not apply to any other in this dictionary. Use sparingly and seek a more specific, dictionary supplied field when possible. TIP : For tips on using these fields, see the guidelines defined under User- Defined Extensions
cs1 string
// All custom fields have a corresponding label field. Each of these fields is a string and describes the purpose of the custom field.
cs1Label string
// One of the six strings available to map fields that do not apply to any other in this dictionary. Use sparingly and seek a more specific, dictionary supplied field when possible. TIP: For tips on using these fields, see the guidelines defined under User-Defined Extensions.
cs2 string
// All custom fields have a corresponding label field. Each of these fields is a string and describes the purpose of the custom field
cs2Label string
// One of the six strings available to map fields that do not apply to any other in this dictionary. Use sparingly and seek a more specific, dictionary supplied field when possible. TIP: For tips on using these fields, see the guidelines defined under User-Defined Extensions.
cs3 string
// All custom fields have a corresponding label field. Each of these fields is a string and describes the purpose of the custom field.
cs3Label string
// One of the six strings available to map fields that do not apply to any other in this dictionary. Use sparingly and seek a more specific, dictionary supplied field when possible. TIP : For tips on using these fields, see the guidelines defined under User- Defined Extensions
cs4 string
// All custom fields have a corresponding label field. Each of these fields is a string and describes the purpose of the custom field.
cs4Label string
// One of six strings available to map fields that do not apply to any other in this dictionary. Use sparingly and seek a more specific, dictionary supplied field when possible. TIP : For tips on using these fields, see the guidelines defined under User- Defined Extensions.
cs5 string
// All custom fields have a corresponding label field. Each of these fields is a string and describes the purpose of the custom field
cs5Label string
// One of six strings available to map fields that do not apply to any other in this dictionary. Use sparingly and seek a more specific, dictionary supplied field when possible. TIP : For tips on using these fields, see the guidelines defined under User- Defined Extensions.
cs6 string
// All custom fields have a corresponding label field. Each of these fields is a string and describes the purpose of the custom field.
cs6Label string
// The DNS domain part of the complete fully qualified domain name (FQDN).
destinationDNSDomain string
// The service targeted by this event. Example: “sshd”
destinationServiceName string
// Identifies the translated destination that the event refers to in an IP network. The format is an IPv4 address. Example: “192.168.10.1”
destinationTranslatedAddress net.IP
// Port after it was translated; for example, a firewall. Valid port numbers are 0 to 65535
destinationTranslatedPort int
// One of two timestamp fields available to map fields that do not apply to any other in this dictionary. Use sparingly and seek a more specific, dictionary supplied field when possible. TIP : For tips on using these fields, see the guidelines defined under User- Defined Extensions.
deviceCustomDate1 string
// All custom fields have a corresponding label field. Each of these fields is a string and describes the purpose of the custom field.
deviceCustomDate1Label string
// One of the two timestamp fields available to map fields that do not apply to any other in this dictionary. Use sparingly and seek a more specific, dictionary supplied field when possible. TIP: For tips on using these fields, see the guidelines defined under User-Defined Extensions
deviceCustomDate2 string
// All custom fields have a corresponding label field. Each of these fields is a string and describes the purpose of the custom field.
deviceCustomDate2Label string
// Any information about what direction the observed communication has taken. The following values are supported: “0” for inbound or “1” for outbound
deviceDirection int
// The DNS domain part of the complete fully qualified domain name (FQDN).
deviceDNSDomain string
// A name that uniquely identifies the device generating this event.
deviceExternalID string
// The facility generating this event. For example, Syslog has an explicit facility associated with every event.
deviceFacility string
// Interface on which the packet or data entered the device.
deviceInboundInterface string
// The Windows domain name of the device address.
deviceNtDomain string
// Interface on which the packet or data left the device
deviceOutboundInterface string
// Unique identifier for the payload associated with the event.
devicePayloadID string
// Process name associated with the event. An example might be the process generating the syslog entry in UNIX.
deviceProcessName string
// Identifies the translated device address that the event refers to in an IP network. The format is an IPv4 address. Example: “192.168.10.1”
deviceTranslatedAddress net.IP
// Identifies the destination that an event refers to in an IP network. The format must be a fully qualified domain name (FQDN) associated with the destination node, when a node is available. Examples: “host.domain.com” or “host”.
dHost string
// The Windows domain name of the destination address.
dntdom string
// Provides the ID of the destination process associated with the event. For example, if an event contains process ID 105, “105” is the process ID
dpid int
// The typical values are “Administrator”, “User”, and “Guest”. This identifies the destination user’s privileges. In UNIX, for example, activity executed on the root user would be identified with destinationUser Privileges of “Administrator”.
dPriv string
// The name of the event’s destination process. Example: “telnetd” or “sshd”.
dProc string
// The valid port numbers are between 0 and 65535.
dPt int
// Identifies the destination address that the event refers to in an IP network. The format is an IPv4 address. Example: “192.168.10.1”
dst net.IP
// The timezone for the device generating the event.
dtz string
// Identifies the destination user by ID. For example, in UNIX, the root user is generally associated with user ID 0
duid string
// Identifies the destination user by name. This is the user associated with the event’s destination. Email addresses are often mapped into the UserName fields. The recipient is a candidate to put into this field.
dUser string
// Identifies the device address that an event refers to in an IP network. The format is an IPv4 address. Example: “192.168.10.1”.
dvc net.IP
// The format should be a fully qualified domain name (FQDN) associated with the device node, when a node is available. Example: “host.domain.com” or “host”.
dvcHost string
// Six colon-separated hexadecimal numbers. Example: “00:0D:60:AF:1B:61”
dvcMAC net.HardwareAddr
// Provides the ID of the process on the device generating the event.
dvcPID int
// The time at which the activity related to the event ended. The format is MMM dd yyyy HH:mm:ss or milliseconds since epoch (Jan 1st1970). An example would be reporting the end of a session.
end string
// The ID used by an originating device. They are usually increasing numbers, associated with events.
externalID string
// Time when the file was created.
fileCreateTime string
// Hash of a file.
fileHash string
// An ID associated with a file could be the inode.
fileID string
// Time when the file was last modified.
fileModificationTime string
// Full path to the file, including file name itself. Example: C:\Program Files \WindowsNT\Access ories\ wordpad.exe or /usr/bin/zip
filePath string
// Permissions of the file.
filePermission string
// Type of file (pipe, socket, etc.)
fileType string
// A timestamp field available to map a timestamp that does not apply to any other defined timestamp field in this dictionary. Use all flex fields sparingly and seek a more specific, dictionary supplied field when possible. These fields are typically reserved for customer use and should not be set by vendors unless necessary.
flexDate1 string
// The label field is a string and describes the purpose of the flex field.
flexDate1Label string
// One of four floating point fields available to map fields that do not apply to any other in this dictionary. Use sparingly and seek a more specific, dictionary supplied field when possible. These fields are typically reserved for customer use and should not be set by vendors unless necessary.
flexString1 string
// The label field is a string and describes the purpose of the flex field
flexString1Label string
// One of four floating point fields available to map fields that do not apply to any other in this dictionary. Use sparingly and seek a more specific, dictionary supplied field when possible. These fields are typically reserved for customer use and should not be set by vendors unless necessary.
flexString2 string
// The label field is a string and describes the purpose of the flex field.
flexString2Label string
// Name of the file only (without its path).
fName string
// Size of the file.
fSize int64
// Number of bytes transferred inbound, relative to the source to destination relationship, meaning that data was flowing from source to destination.
in int64
// An arbitrary message giving more details about the event. Multi-line entries can be produced by using \n as the new line separator.
msg string
// Time when old file was created.
oldFileCreateTime string
// Hash of the old file
oldFileHash string
// An ID associated with the old file could be the inode.
oldFileID string
// Time when old file was last modified.
oldFileModificationTime string
// Name of the old file.
oldFileName string
// Full path to the old file, including the file name itself. Examples: c:\Program Files\ WindowsNT\Accesso ries \wordpad.exe or /usr/bin/zip
oldFilePath string
// Permissions of the old file.
oldFilePermission string
// Size of the old file.
oldFileSize int64
// Type of the old file (pipe, socket, etc.)
oldFileType string
// Number of bytes transferred outbound relative to the source to destination relationship. For example, the byte number of data flowing from the destination to the source.
out int
// Displays the outcome, usually as ‘success’ or ‘failure’.
outcome string
// Identifies the Layer-4 protocol used. The possible values are protocols such as TCP or UDP
proto string
// The reason an audit event was generated. For example “badd password” or “unknown user”. This could also be an error or return code. Example: “0x1234”
reason string
// In the case of an HTTP request, this field contains the URL accessed. The URL should contain the protocol as well. Example: “http://www/secure. com”
request string
// The User-Agent associated with the request.
requestClientApplication string
// Description of the content from which the request originated (for example, HTTP Referrer)
requestContext string
// Cookies associated with the request.
requestCookies string
// The method used to access a URL. Possible values: “POST”, “GET”, etc.
requestMethod string
// The time at which the event related to the activity was received. The format is MMM dd yyyy HH:mm:ss or milliseconds since epoch (Jan 1st 1970)
rt string
// Identifies the source that an event refers to in an IP network. The format should be a fully qualified domain name (FQDN) associated with the source node, when a mode is available. Examples: “host” or “host.domain.com”.
sHost string
// Six colon-separated hexadecimal numbers. Example: “00:0D:60:AF:1B:61”
smac net.HardwareAddr
// The Windows domain name for the source address.
sNtDom string
// The DNS domain part of the complete fully qualified domain name (FQDN).
sourceDNSDomain string
// The service that is responsible for generating this event.
sourceServiceName string
// Identifies the translated source that the event refers to in an IP network. The format is an IPv4 address. Example: “192.168.10.1”.
sourceTranslatedAddress net.IP
// A port number after being translated by, for example, a firewall. Valid port numbers are 0 to 65535.
sourceTranslatedPort int
// The ID of the source process associated with the event
spid int
// The typical values are “Administrator”, “User”, and “Guest”. It identifies the source user’s privileges. In UNIX, for example, activity executed by the root user would be identified with “Administrator”.
sPriv string
// The name of the event’s source process.
sProc string
// The valid port numbers are 0 to 65535.
sPt int
// Identifies the source that an event refers to in an IP network. The format is an IPv4 address. Example: “192.168.10.1”.
src net.IP
// The time when the activity the event referred to started. The format is MMM dd yyyy HH:mm:ss or milliseconds since epoch (Jan 1st 1970)
start string
// Identifies the source user by ID. This is the user associated with the source of the event. For example, in UNIX, the root user is generally associated with user ID 0.
suid string
// Identifies the source user by name. Email addresses are also mapped into the UserName fields. The sender is a candidate to put into this field.
sUser string
// 0 means base event, 1 means aggregated, 2 means correlation, and 3 means action. This field can be omitted for base events (type 0)
typ int
// The DNS domain name of the ArcSight connector that processed the event.
agentDNSDomain string
agentNtDomain string
agentTranslatedAddress net.IP
agentTranslatedZoneExternalID string
agentTranslatedZoneURI string
agentZoneExternalID string
agentZoneURI string
// The IP address of the ArcSight connector that processed the event.
agt net.IP
// The hostname of the ArcSight connector that processed the event.
aHost string
// The agent ID of the ArcSight connector that processed the event.
aid string
// The MAC address of the ArcSight connector that processed the event.
amac net.HardwareAddr
// The time at which information about the event was received by the ArcSight connector.
art string
// The agent type of the ArcSight connector that processed the event
at string
// The agent time zone of the ArcSight connector that processed the event.
atz string
// The version of the ArcSight connector that processed the event.
av string
customerExternalID string
customerURI string
destinatioTranslatedZoneExternalID string
// The URI for the Translated Zone that the destination asset has been assigned to in ArcSight.
destinationTranslatedZoneURI string
destinationZoneExternalID string
// The URI for the Zone that the destination asset has been assigned to in ArcSight.
destinationZoneURI string
deviceTranslatedZoneExternalID string
// The URI for the Translated Zone that the device asset has been assigned to in ArcSight.
deviceTranslatedZoneURI string
deviceZoneExternalID string
// Thee URI for the Zone that the device asset has been assigned to in ArcSight.
deviceZoneURI string
// The latitudinal value from which the destination’s IP address belongs.
dLat float64
// The longitudinal value from which the destination’s IP address belongs.
dLong float64
// This is a unique ID that ArcSight assigns to each event.
eventID int64
rawEvent string
sLat float64
sLong float64
sourceTranslatedZoneExternalID string
// The URI for the Translated Zone that the destination asset has been assigned to in ArcSight.
sourceTranslatedZoneURI string
sourceZoneExternalID string
// The URI for the Zone that the source asset has been assigned to in ArcSight.
sourceZoneURI string
// ID of an agentTranslatedZone resource reference.
agentTranslatedZoneKey int64
// ID of an agentZone resource reference.
agentZoneKey int64
// ID of a customer resource reference.
customerKey int64
// ID of a destinationTranslate dZone resource reference.
destinationTranslatedZoneKey int64
// ID of a destinationZone resource reference.
dZoneKey int64
// ID of a deviceTranslatedZone resource reference.
deviceTranslatedZoneKey int64
// ID of a deviceZone resource reference.
deviceZoneKey int64
// ID of a sourceTranslatedZon e resource reference.
sTranslatedZoneKey int64
// ID of a sourceZone resource reference
sZoneKey int64
}
// SetAct sets "act" field.
func (cef *CEF) SetAct(v string) *CEF {
if cef.act != "" {
return cef
}
if len(v) > 63 {
v = v[:63]
}
cef.act = v
return cef
}
// SetApp sets "app" field.
func (cef *CEF) SetApp(v string) *CEF {
if cef.app != "" {
return cef
}
if len(v) > 31 {
v = v[:31]
}
cef.app = v
return cef
}
// SetC6A1 sets "c6a1" field.
func (cef *CEF) SetC6A1(v net.IP) *CEF {
if len(cef.c6A1) > 0 {
return cef
}
cef.c6A1 = v
return cef
}
// SetC6A1Label sets "c6a1Label" field.
func (cef *CEF) SetC6A1Label(v string) *CEF {
if cef.c6A1Label != "" {
return cef
}
if len(v) > 1023 {
v = v[:1023]
}
cef.c6A1Label = v
return cef
}
// SetC6A3 sets "c6a3" field.
func (cef *CEF) SetC6A3(v net.IP) *CEF {
if len(cef.c6A3) > 0 {
return cef
}
cef.c6A3 = v
return cef
}
// SetC6A3Label sets "c6a3Label" field.
func (cef *CEF) SetC6A3Label(v string) *CEF {
if cef.c6A3Label != "" {
return cef
}
if len(v) > 1023 {
v = v[:1023]
}
cef.c6A3Label = v
return cef
}
// SetC6A4 sets "c6a4" field.
func (cef *CEF) SetC6A4(v net.IP) *CEF {
if len(cef.c6A4) > 0 {
return cef
}
cef.c6A4 = v
return cef
}
// SetC6A4Label sets "c6a4Label" field.
func (cef *CEF) SetC6A4Label(v string) *CEF {
if cef.c6A4Label != "" {
return cef
}
if len(v) > 1023 {
v = v[:1023]
}
cef.c6A4Label = v
return cef
}
// SetCat sets "cat" field.
func (cef *CEF) SetCat(v string) *CEF {
if cef.cat != "" {
return cef
}
if len(v) > 1023 {
v = v[:1023]
}
cef.cat = v
return cef
}
// SetCFP1 sets "cfp1" field.
func (cef *CEF) SetCFP1(v float32) *CEF {
if cef.cfp1 != 0 {
return cef
}
cef.cfp1 = v
return cef
}
// SetCFP1Label sets "cfp1Label" field.
func (cef *CEF) SetCFP1Label(v string) *CEF {
if cef.cfp1Label != "" {
return cef
}
if len(v) > 1023 {
v = v[:1023]
}
cef.cfp1Label = v
return cef
}
// SetCFP2 sets "cfp2" field.
func (cef *CEF) SetCFP2(v float32) *CEF {
if cef.cfp2 != 0 {
return cef
}
cef.cfp2 = v
return cef
}
// SetCFP2Label sets "cfp2Label" field.
func (cef *CEF) SetCFP2Label(v string) *CEF {
if cef.cfp2Label != "" {
return cef
}
if len(v) > 1023 {
v = v[:1023]
}
cef.cfp2Label = v
return cef
}
// SetCFP3 sets "cfp3" field.
func (cef *CEF) SetCFP3(v float32) *CEF {
if cef.cfp3 != 0 {
return cef
}
cef.cfp3 = v
return cef
}
// SetCFP3Label sets "cfp3Label" field.
func (cef *CEF) SetCFP3Label(v string) *CEF {
if cef.cfp3Label != "" {
return cef
}
if len(v) > 1023 {
v = v[:1023]
}
cef.cfp3Label = v
return cef
}
// SetCFP4 sets "cfp4" field.
func (cef *CEF) SetCFP4(v float32) *CEF {
if cef.cfp4 != 0 {
return cef
}
cef.cfp4 = v
return cef
}
// SetCFP4Label sets "cfp4Label" field.
func (cef *CEF) SetCFP4Label(v string) *CEF {
if cef.cfp4Label != "" {
return cef
}
if len(v) > 1023 {
v = v[:1023]
}
cef.cfp4Label = v
return cef
}
// SetCN1 sets "cn1" field.
func (cef *CEF) SetCN1(v int64) *CEF {
if cef.cn1 != 0 {
return cef
}
cef.cn1 = v
return cef
}
// SetCN1Label sets "cn1Label" field.
func (cef *CEF) SetCN1Label(v string) *CEF {
if cef.cn1Label != "" {
return cef
}
if len(v) > 1023 {
v = v[:1023]
}
cef.cn1Label = v
return cef
}
// SetCN2 sets "cn2" field.
func (cef *CEF) SetCN2(v int64) *CEF {
if cef.cn2 != 0 {
return cef
}
cef.cn2 = v
return cef
}
// SetCN2Label sets "cn2Label" field.
func (cef *CEF) SetCN2Label(v string) *CEF {
if cef.cn2Label != "" {
return cef
}
if len(v) > 1023 {
v = v[:1023]
}
cef.cn2Label = v
return cef
}
// SetCN3 sets "cn3" field.
func (cef *CEF) SetCN3(v int64) *CEF {
if cef.cn3 != 0 {
return cef
}
cef.cn3 = v
return cef
}
// SetCN3Label sets "cn3Label" field.
func (cef *CEF) SetCN3Label(v string) *CEF {
if cef.cn3Label != "" {
return cef
}
if len(v) > 1023 {
v = v[:1023]
}
cef.cn3Label = v
return cef
}
// SetCnt sets "cnt" field.
func (cef *CEF) SetCnt(v int) *CEF {
if cef.cnt != 0 {
return cef
}
cef.cnt = v
return cef
}
// SetCS1 sets "cs1" field.
func (cef *CEF) SetCS1(v string) *CEF {
if cef.cs1 != "" {
return cef
}
if len(v) > 4000 {
v = v[:4000]
}
cef.cs1 = v
return cef
}
// SetCS1Label sets "cs1Label" field.
func (cef *CEF) SetCS1Label(v string) *CEF {
if cef.cs1Label != "" {
return cef
}
if len(v) > 1023 {
v = v[:1023]
}
cef.cs1Label = v
return cef
}
// SetCS2 sets "cs2" field.
func (cef *CEF) SetCS2(v string) *CEF {
if cef.cs2 != "" {
return cef
}
if len(v) > 4000 {
v = v[:4000]
}
cef.cs2 = v
return cef
}
// SetCS2Label sets "cs2Label" field.
func (cef *CEF) SetCS2Label(v string) *CEF {
if cef.cs2Label != "" {
return cef
}
if len(v) > 1023 {
v = v[:1023]
}
cef.cs2Label = v
return cef
}
// SetCS3 sets "cs3" field.
func (cef *CEF) SetCS3(v string) *CEF {
if cef.cs3 != "" {
return cef
}
if len(v) > 4000 {
v = v[:4000]
}
cef.cs3 = v
return cef
}
// SetCS3Label sets "cs3Label" field.
func (cef *CEF) SetCS3Label(v string) *CEF {
if cef.cs3Label != "" {
return cef
}
if len(v) > 1023 {
v = v[:1023]
}
cef.cs3Label = v
return cef
}
// SetCS4 sets "cs4" field.
func (cef *CEF) SetCS4(v string) *CEF {
if cef.cs4 != "" {
return cef
}
if len(v) > 4000 {
v = v[:4000]
}
cef.cs4 = v
return cef
}
// SetCS4Label sets "cs4Label" field.
func (cef *CEF) SetCS4Label(v string) *CEF {
if cef.cs4Label != "" {
return cef
}
if len(v) > 1023 {
v = v[:1023]
}
cef.cs4Label = v
return cef
}
// SetCS5 sets "cs5" field.
func (cef *CEF) SetCS5(v string) *CEF {
if cef.cs5 != "" {
return cef
}
if len(v) > 4000 {
v = v[:4000]
}
cef.cs5 = v
return cef
}
// SetCS5Label sets "cs5Label" field.
func (cef *CEF) SetCS5Label(v string) *CEF {
if cef.cs5Label != "" {
return cef
}
if len(v) > 1023 {
v = v[:1023]
}
cef.cs5Label = v
return cef
}
// SetCS6 sets "cs6" field.
func (cef *CEF) SetCS6(v string) *CEF {
if cef.cs6 != "" {
return cef
}
if len(v) > 4000 {
v = v[:4000]
}
cef.cs6 = v
return cef
}
// SetCS6Label sets "cs6Label" field.
func (cef *CEF) SetCS6Label(v string) *CEF {
if cef.cs6Label != "" {
return cef
}
if len(v) > 1023 {
v = v[:1023]
}
cef.cs6Label = v
return cef
}
// SetDestinationDNSDomain sets "destinationDNSDomain" field.
func (cef *CEF) SetDestinationDNSDomain(v string) *CEF {
if cef.destinationDNSDomain != "" {
return cef
}
if len(v) > 255 {
v = v[:255]
}
cef.destinationDNSDomain = v
return cef
}
// SetDestinationServiceName sets "destinationServiceName" field.
func (cef *CEF) SetDestinationServiceName(v string) *CEF {
if cef.destinationServiceName != "" {
return cef
}
if len(v) > 1023 {
v = v[:1023]
}
cef.destinationServiceName = v
return cef
}
// SetDestinationTranslatedAddress sets "destinationTranslatedAddress" field.
func (cef *CEF) SetDestinationTranslatedAddress(v net.IP) *CEF {
if len(cef.destinationTranslatedAddress) > 0 {
return cef
}
cef.destinationTranslatedAddress = v
return cef
}
// SetDestinationTranslatedPort sets "destinationTranslatedPort" field.
func (cef *CEF) SetDestinationTranslatedPort(v int) *CEF {
if cef.destinationTranslatedPort != 0 {
return cef
}
cef.destinationTranslatedPort = v
return cef
}
// SetDeviceCustomDate1 sets "deviceCustomDate1" field.
func (cef *CEF) SetDeviceCustomDate1(v string) *CEF {
if cef.deviceCustomDate1 != "" {
return cef
}
cef.deviceCustomDate1 = v
return cef
}
// SetDeviceCustomDate1Label sets "deviceCustomDate1Label" field.
func (cef *CEF) SetDeviceCustomDate1Label(v string) *CEF {
if cef.deviceCustomDate1Label != "" {
return cef
}
if len(v) > 1023 {
v = v[:1023]
}
cef.deviceCustomDate1Label = v
return cef
}
// SetDeviceCustomDate2 sets "deviceCustomDate2" field.
func (cef *CEF) SetDeviceCustomDate2(v string) *CEF {
if cef.deviceCustomDate2 != "" {
return cef
}
cef.deviceCustomDate2 = v
return cef
}
// SetDeviceCustomDate2Label sets "deviceCustomDate2Label" field.
func (cef *CEF) SetDeviceCustomDate2Label(v string) *CEF {
if cef.deviceCustomDate2Label != "" {
return cef
}
if len(v) > 1023 {
v = v[:1023]
}
cef.deviceCustomDate2Label = v
return cef
}
// SetDeviceDirection sets "deviceDirection" field.
func (cef *CEF) SetDeviceDirection(v int) *CEF {
if cef.deviceDirection != 0 {
return cef
}
cef.deviceDirection = v
return cef
}
// SetDeviceDNSDomain sets "deviceDNSDomain" field.
func (cef *CEF) SetDeviceDNSDomain(v string) *CEF {
if cef.deviceDNSDomain != "" {
return cef
}
if len(v) > 255 {
v = v[:255]
}
cef.deviceDNSDomain = v
return cef
}
// SetDeviceExternalID sets "deviceExternalID" field.
func (cef *CEF) SetDeviceExternalID(v string) *CEF {
if cef.deviceExternalID != "" {
return cef
}
if len(v) > 255 {
v = v[:255]
}
cef.deviceExternalID = v
return cef
}
// SetDeviceFacility sets "deviceFacility" field.
func (cef *CEF) SetDeviceFacility(v string) *CEF {
if cef.deviceFacility != "" {
return cef
}
if len(v) > 1023 {
v = v[:1023]
}
cef.deviceFacility = v
return cef
}
// SetDeviceInboundInterface sets "deviceInboundInterface" field.
func (cef *CEF) SetDeviceInboundInterface(v string) *CEF {
if cef.deviceInboundInterface != "" {
return cef
}
if len(v) > 128 {
v = v[:128]
}
cef.deviceInboundInterface = v
return cef
}
// SetDeviceNtDomain sets "deviceNtDomain" field.
func (cef *CEF) SetDeviceNtDomain(v string) *CEF {
if cef.deviceNtDomain != "" {
return cef
}