# Common Event Format (CEF) Data

Common Event Format (CEF) is a standardized logging format developed by ArcSight (now part of Micro Focus), a security information and event management (SIEM) solution provider. CEF is designed to simplify the process of logging security-related events, making it easier to integrate logs from different sources into a single system.

CEF is a text-based log format that uses Syslog as its transport protocol—a standard for message logging supported by most network devices and operating systems. A full CEF message includes:

* **Syslog header (prefix)**
* **CEF header**
* **CEF extension** (a list of key-value pairs)

The extension supports both standard and user-defined key names.

### CEF Standard and Custom Key

This table lists the CEF key names used in events, along with their full names, types, applicable modules, data types, length limits, and descriptions.

> **Note:** The key name is what must be used in the actual event log.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://knowledgebase.autorabit.com/product-guides/arm/security-information-and-event-management/common-event-format-cef-data.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.