https://live.paloaltonetworks.com/t5/general-topics/which-log-format-is-best-for-syslog-cef-or-leef/m-p/261167#M74038 <P>Hello,</P><P>I would say it really depends on your SIEM and what it can ingest better.</P><P>&nbsp;</P><P>Regards,</P> Wed, 15 May 2019 15:37:56 GMT OtakarKlier 2019-05-15T15:37:56Z https://live.paloaltonetworks.com/t5/general-topics/which-log-format-is-best-for-syslog-cef-or-leef/m-p/261043#M73999 <P>Anyone please explain the diference between CEF and LEEF and which one is best for 8.0.*.</P> Wed, 15 May 2019 06:37:22 GMT https://live.paloaltonetworks.com/t5/general-topics/which-log-format-is-best-for-syslog-cef-or-leef/m-p/261043#M73999 karthikeyanB 2019-05-15T06:37:22Z https://live.paloaltonetworks.com/t5/general-topics/which-log-format-is-best-for-syslog-cef-or-leef/m-p/261130#M74027 <P>Hi <a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/105432">@karthikeyanB</a> ,</P> <P>&nbsp;</P> <UL class="listbullet1"> <LI class="listbullet1"><SPAN class="guicharacter">LEEF </SPAN>(Log Event Extended Format)—The LEEF event format is a proprietary event format, which allows hardware manufacturers and software product manufacturers to read and map device events specifically designed for IBM <SPAN class="ph">QRadar</SPAN> integration.</LI> </UL> <P>&nbsp;</P> <UL class="listbullet1"> <LI class="listbullet1"><SPAN class="guicharacter">CEF</SPAN> (Common Event Format)—The CEF standard format is an open log management standard that simplifies log management. CEF allows third parties to create their own device schemas that are compatible with a standard thatis used industry-wide for normalizing security events.</LI> </UL> <P>&nbsp;</P> <P>I wouldn't be able to tell you which one would be better over the other.&nbsp; Maybe other users can help you make a better comparison between the 2.</P> <P>&nbsp;</P> <P>If you're not using an IBM QRadar SIEM then I'm guessing that you will go with CEF <span class="lia-unicode-emoji" title=":winking_face:">😉</span></P> <P>&nbsp;</P> <P>Cheers !</P> <P>-Kiwi.</P> <DIV id="ConnectiveDocSignExtentionInstalled" data-extension-version="1.0.4">&nbsp;</DIV> Wed, 15 May 2019 13:43:15 GMT https://live.paloaltonetworks.com/t5/general-topics/which-log-format-is-best-for-syslog-cef-or-leef/m-p/261130#M74027 kiwi 2019-05-15T13:43:15Z https://live.paloaltonetworks.com/t5/general-topics/which-log-format-is-best-for-syslog-cef-or-leef/m-p/261167#M74038 <P>Hello,</P><P>I would say it really depends on your SIEM and what it can ingest better.</P><P>&nbsp;</P><P>Regards,</P> Wed, 15 May 2019 15:37:56 GMT https://live.paloaltonetworks.com/t5/general-topics/which-log-format-is-best-for-syslog-cef-or-leef/m-p/261167#M74038 OtakarKlier 2019-05-15T15:37:56Z