Im using Log exporter to forward CEF formated logs to third party SIEM tool where i want to know the default CEF field values for mapping to SIEM.
Not sure there are any default values as that will depend on the logs being sent.
Can you elaborate on your question a bit?
What SIEM are you trying to integrate with?
If you don't mind reading XML, check out $EXPORTERDIR/conf/CefFieldsMapping.xml. Attaching for your convenience and examples below. This is from R80.20 GA take 101.
Also see this discussion Log Exporter CEF Field Mappings.
Thanks Bob, It helped. Do we have similar field mapping for Syslog format?
Retrieving data ...