https://community.dynatrace.com/t5/Log-Analytics/Anyone-using-Common-Event-Format-CEF-with-Dynatrace/m-p/215884#M423 <P>I took a CEF example from <A href="https://support.citrix.com/article/CTX136146/common-event-format-cef-logging-support-in-the-application-firewall" target="_self">this page</A>&nbsp;then used <A href="https://agardnerit.github.io/logpusher" target="_self">logpusher</A>&nbsp;to send it to Dynatrace via an OpenTelemetry collector. (<A href="https://www.youtube.com/watch?v=BzkzmzPdW5M" target="_self">see this video for how to use logpusher</A>).<BR /><BR />I then used DQL to filter my incoming log lines:<BR /><BR />fetch logs, scanLimitGBytes: 1<BR />| filter matchesPhrase(content, "act=blocked")<BR />| sort timestamp desc</P> Fri, 23 Jun 2023 05:33:11 GMT adam_gardner 2023-06-23T05:33:11Z https://community.dynatrace.com/t5/Log-Analytics/Anyone-using-Common-Event-Format-CEF-with-Dynatrace/m-p/214099#M420 <P>Common Event Format (CEF) is an open logging and auditing format, that is quite used in the SIEM market. Being able to send events&amp;logs from the Dynatrace AppSec monitoring to SIEM platforms seems quite an important use-case to me. It isn't supported by Dynatrace, but before putting in a Product Idea, would like to know if eventually someone went the extensions route to be able to get these events to SIEM?</P> Mon, 05 Jun 2023 19:07:41 GMT https://community.dynatrace.com/t5/Log-Analytics/Anyone-using-Common-Event-Format-CEF-with-Dynatrace/m-p/214099#M420 AntonioSousa 2023-06-05T19:07:41Z https://community.dynatrace.com/t5/Log-Analytics/Anyone-using-Common-Event-Format-CEF-with-Dynatrace/m-p/215805#M421 <P>great question and great future RFE <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span>&nbsp;</P> Thu, 22 Jun 2023 13:07:34 GMT https://community.dynatrace.com/t5/Log-Analytics/Anyone-using-Common-Event-Format-CEF-with-Dynatrace/m-p/215805#M421 ChadTurner 2023-06-22T13:07:34Z https://community.dynatrace.com/t5/Log-Analytics/Anyone-using-Common-Event-Format-CEF-with-Dynatrace/m-p/215855#M422 <P>I am using FluentD to ingest Syslog and output it in Dynatrace : <A href="https://www.dynatrace.com/support/help/observe-and-explore/logs/log-monitoring/acquire-log-data/send-syslogs-via-fluentd" target="_blank">https://www.dynatrace.com/support/help/observe-and-explore/logs/log-monitoring/acquire-log-data/send-syslogs-via-fluentd</A></P><P>Maybe you can use CEF input plugin in the same way:&nbsp;<A href="https://github.com/lunardial/fluent-plugin-parser_cef" target="_blank">https://github.com/lunardial/fluent-plugin-parser_cef</A></P> Thu, 22 Jun 2023 19:23:05 GMT https://community.dynatrace.com/t5/Log-Analytics/Anyone-using-Common-Event-Format-CEF-with-Dynatrace/m-p/215855#M422 jegron 2023-06-22T19:23:05Z https://community.dynatrace.com/t5/Log-Analytics/Anyone-using-Common-Event-Format-CEF-with-Dynatrace/m-p/215884#M423 <P>I took a CEF example from <A href="https://support.citrix.com/article/CTX136146/common-event-format-cef-logging-support-in-the-application-firewall" target="_self">this page</A>&nbsp;then used <A href="https://agardnerit.github.io/logpusher" target="_self">logpusher</A>&nbsp;to send it to Dynatrace via an OpenTelemetry collector. (<A href="https://www.youtube.com/watch?v=BzkzmzPdW5M" target="_self">see this video for how to use logpusher</A>).<BR /><BR />I then used DQL to filter my incoming log lines:<BR /><BR />fetch logs, scanLimitGBytes: 1<BR />| filter matchesPhrase(content, "act=blocked")<BR />| sort timestamp desc</P> Fri, 23 Jun 2023 05:33:11 GMT https://community.dynatrace.com/t5/Log-Analytics/Anyone-using-Common-Event-Format-CEF-with-Dynatrace/m-p/215884#M423 adam_gardner 2023-06-23T05:33:11Z https://community.dynatrace.com/t5/Log-Analytics/Anyone-using-Common-Event-Format-CEF-with-Dynatrace/m-p/215912#M424 <P><a href="https://community.dynatrace.com/t5/user/viewprofilepage/user-id/167">@adam_gardner</a>,</P><P>It's the other way around: I want to get the Dynatrace AppSec events to a SIEM platform.</P> Fri, 23 Jun 2023 09:11:07 GMT https://community.dynatrace.com/t5/Log-Analytics/Anyone-using-Common-Event-Format-CEF-with-Dynatrace/m-p/215912#M424 AntonioSousa 2023-06-23T09:11:07Z https://community.dynatrace.com/t5/Log-Analytics/Anyone-using-Common-Event-Format-CEF-with-Dynatrace/m-p/216025#M425 <P>Ahh OK. I misread the initial post. In which case, this seems like a very sensible think to build as an app / workflow.</P> Mon, 26 Jun 2023 00:47:27 GMT https://community.dynatrace.com/t5/Log-Analytics/Anyone-using-Common-Event-Format-CEF-with-Dynatrace/m-p/216025#M425 adam_gardner 2023-06-26T00:47:27Z https://community.dynatrace.com/t5/Log-Analytics/Anyone-using-Common-Event-Format-CEF-with-Dynatrace/m-p/216043#M426 <P>Yes, this is a good direction for the development of AppSec in DT. I have a similar case at my client and it would be nice to send this information to another tool.</P> Mon, 26 Jun 2023 07:35:15 GMT https://community.dynatrace.com/t5/Log-Analytics/Anyone-using-Common-Event-Format-CEF-with-Dynatrace/m-p/216043#M426 radek_jasinski 2023-06-26T07:35:15Z https://community.dynatrace.com/t5/Log-Analytics/Anyone-using-Common-Event-Format-CEF-with-Dynatrace/m-p/216052#M427 <P>Yes, <a href="https://community.dynatrace.com/t5/user/viewprofilepage/user-id/167">@adam_gardner</a> gave a good solution for SaaS environments. In this case, it's a Managed environment though...</P> Mon, 26 Jun 2023 08:15:51 GMT https://community.dynatrace.com/t5/Log-Analytics/Anyone-using-Common-Event-Format-CEF-with-Dynatrace/m-p/216052#M427 AntonioSousa 2023-06-26T08:15:51Z