Tag Archives: structured logging

Work on ‘Common Event Expression’ stopped

MITRE has stopped all work on CEE — http://cee.mitre.org/.

MITRE is willing to pass this effort forward, and allowing further development:

“MITRE is open to transition opportunities for CEE — including transferring all CEE specifications, documents, source materials, etc.; transferring all CEE-related intellectual property rights; and pointing this website to a new hosting location — to an organization, group, or individual willing to continue logging standards development in a philosophy similar that of the CEE community.”

The Logging Problem
Updates:
12/19/2014: Just learned that the general term for these kinds of efforts is Structured Logging.

If you look at the efforts for a logging or event standard, you’ll find many. This is both good and bad. Perhaps, this effort really belongs in an Open Source initiative?

In this paper, the problem is outlined and past efforts are discussed. The list of past efforts are:

  • CEE (now)
  • CBE
  • CEF
  • CIDF
  • IDMEF
  • SDEE
  • WELF
  • XDAS

A good analysis of the event formats is given by the authors Jörg Becker, et al [1]

Further reading

Creative Commons License
This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivs 3.0 Unported License.