Converting LEEF to CEF
Tags:
#1
kmschramm
I need a way to convert a message from an Incoming LEEF payload to outgoing CEF format. When I have tried to use parse_leef; and use to_cef(); I appear to get the right format but my payload contains the following format:
Apr 29 06:55:03 x.x.x.x LEEF:1.0|CEF|....
Obviously I need the LEEF field removed and the CEF field in its place. The parse at the other end doesn't know what do to with this formatting.
#1
kmschramm
I need a way to convert a message from an Incoming LEEF payload to outgoing CEF format. When I have tried to use parse_leef; and use to_cef(); I appear to get the right format but my payload contains the following format:
Apr 29 06:55:03 x.x.x.x LEEF:1.0|CEF|....
Obviously I need the LEEF field removed and the CEF field in its place. The parse at the other end doesn't know what do to with this formatting.
Hi,
You could use regex to re-form the message and replace LEEF with CEF
-MisaZ
