Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
CEF Logger lib
Python
Branch: master
Pull request Compare This branch is 4 commits behind mozilla:master.

Fetching latest commit…

Cannot retrieve the latest commit at this time

Failed to load latest commit information.
MANIFEST.in
README.txt
cef.py
setup.py
test_cef.py

README.txt

==========
CEF logger
==========


Most Mozilla Services applications need to generate CEF logs. A CEF Log is a
formatted log that can be used by ArcSight, a central application used
by the infrasec team to manage application security.

The *cef* module provide a `log_cef` function that can be used to
emit CEF logs:

    log_cef(message, severity, environ, config, [username,
            [signature]], \*\*kw)

    Creates a CEF record, and emit it in syslog or another file.

    Args:
        - message: message to log
        - severity: integer from 0 to 10
        - environ: the WSGI environ object
        - config: configuration dict
        - signature: CEF signature code, defaults to 'AuthFail'
        - username: user name, defaults to 'none'
        - extra keywords: extra keys used in the CEF extension

Example::

    >>> from cef import log_cef
    >>> log_cef('SecurityAlert!', 5, environ, config,
    ...         msg='Someone has stolen my chocolate')


With *environ* and *config* provided by the web environment.

You can use the cef module with pythons logging module.

Example of logging configuration::

        'syslog': {
            '()': cef.SysLogFormatter,
            'datefmt': '%H:%M:%s',
        },

Send message to the log::

        log_file.warning('Something', {environ: environ,
                                       username: request.user,
                                       data: data})

The SysLogFormatter will use the date format set in the log configuration
(datefmt). It will convert the logging error level into a sys log error level.

CEF specific fields (version, vendor, device_version, product) can be also
be provided, defaults will be used if not passed.
Something went wrong with that request. Please try again.