About the CEF Extractor Service
The Common Event Format (CEF) Extractor service running in the Advanced Web Security Reporting (AWSR) application lets you transform access logs received from one or more WSAs into CEF-formatted output data that can be forwarded to other third-party security-information-management (SIM) systems, such as the ArcSight applications.
Note |
The CEF Extractor service operates only in a distributed environment, meaning it requires at least two separate AWSR instances running on separate hosts. One AWSR instance operates as “master” or “search head,” providing dedicated search and license-sharing functions, while the other “listener” or “peer” instances operate as indexers, feeding the transformed syslog data into the AWSR databases. |