Description

The CEFFileSegmentMergeReceiver merges two or more segmented data files generated from the SegmentDataCreatorReceiver, into one or more Common Event Format (CEF) files. Each segment for the headers will be separated by a delimiter, pipe (|) by default, and each segment for the extensions will be separated by an equal sign (=) for the key-value pairs.


In This Article


Receiver Parameters

CEFFileSegmentMergeReceiver requires that the following parameters are defined. Items with an asterisk (*) are required. 

  • outputPath* - Defines the location to store the newly generated CEF file(s).
  • outputSubDirectory - Defines the prefix name of subdirectories that are auto-created under the outputPath and then appended with a number.
  • configName* - Defines the name of the configuration file.
  • configPath* - Defines the location where the configuration file is stored.
  • configSubDir - Defines the subdirectory under configPath where the configuration file has to be stored.
  • segmentPath* - Defines the location where segment files are stored.
  • segmentSubDirectory - Defines the subdirectory under segmentPath where segment files are stored.
  • filesPerOutputSubDir* - Defines the number of files to be generated in each output directory.
  • columnDelimiter* - Defines the delimiter for each column. The default value is a pipe (|).
  • overrideFileName - Defines the overriding file name.
  • deleteOutputSubDir* - Defines whether to delete the outputSubDir or not. 


Example of the Receiver Parameter Management Form


Configuration File

The CEFFileSegmentReceiver requires a configuration file to help facilitate the formatting of the data output. This configuration will need to be created manually and then placed in the path specified here: 




Example Configuration File

The example configuration file below defines the following:

  • fileNameSegments- The fileNameSegment tag defines the file naming convention for the CEF file that is being generated. E.g.
    • Output-1.txt, Output-2.txt, and so on
  • segments - The segment files from the segment tag will be loaded and used to create the merged output for CEF.>

  • segmentsHierarchy- defines the hierarchical structure of the Domains. It also contains the domainIndicatorAttribute XML element that helps identify which Child Segment will be used as an Extension. In this example, it has the following:
    • Header Segment - This segment helps to create the Header for the CEF file format. It also contains an Attribute from the Header Domain that defines which of the Child's segment will be used as an Extension. 
    • Extension1 and Extension2 - depending on the value of the extensionDomainIdentifier Attribute, the output of the corresponding Extension segment will be appended to the Header.


<Config>
  <fileNameSegments>
    <fileNameSegment segmentType='Constant' value='Output.txt'/>
  </fileNameSegments>
  <segments>
    <segment domainName='Header' segmentFile='HeaderSegment.xml'/>
    <segment domainName='Extension1' segmentFile='Extension1Segment.xml'/>
    <segment domainName='Extension2' segmentFile='Extension2Segment.xml'/>
  </segments>
  <segmentHierarchy>
    <segment domainName='Header' domainIndicatorAttribute="extensionDomainIdentifier">
      <segment domainName='Extension1'/>
      <segment domainName='Extension2'/>
    </segment>
  </segmentHierarchy>
</Config>


CEF File

This CEF file is based on the following format: 


CEF:Version|Device Vendor|Device Product|Device Version|Device Event Class ID|Name|Severity|[Extension]


Example CEF File

The sample file below is an example of a CEF file with two records. The first record uses Extension1, and the second one uses Extension2 for their extension part.


CEF:0|DeviceVendor|DeviceProduct|1|DeviceEventClassId|Extension1 |10|cs1Label=sampleLabelExtension1 cs1=1234 cs2Label=sampleLabel2 cs2=value1  
CEF:0|DeviceVendor|DeviceProduct|1|DeviceEventClassId|Extension2|10|cs1Label=sampleLabelExtension2 cs1=123 cs2Label=sampleLabel2 cs2=value2  cs3Label=sampleLabel3 cs3=value