NXLog Legacy Documentation

LEEF (Log Event Extended Format)

What is LEEF?

Description: LEEF is a custom log format used by IBM Security QRadar products. It uses key-value pairs to describe an event and consists of predefined event attributes. It also supports additional custom attributes for application-specific information.
In the world of NXLog: LEEF is one of the many log formats that NXLog supports. The dedicated xm_leef extension module can both parse and generate LEEF logs.
Known as: LEEF, Log Event Extended Format, LEEF log, LEEF log format, LEEF format, qradar leef, qradar leef format
Related: LEEF (xm_leef)
Log Event Extended Format (LEEF)

A B C D E F G H I J K L M N O P R S T U V W X Z

A

agent-based log collection

agentless log collection

B

C

CEF (Common Event Format)

CSV (Comma-separated Values)

D

E

endpoint security

EPS (Events Per Second)

ETW (Event Tracing for Windows)

event correlation

F

G

GELF (Graylog Extended Log Format)

H

High Availability (HA)

I

ICMP (Internet Control Message Protocol)

IDS (Intrusion Detection System)

J

JSON (JavaScript Object Notation)

K

KVP (Key-Value Pair)

L

LEEF (Log Event Extended Format)

log centralization

log normalization

M

MSSP (Managed Security Service Provider)

multi-line logs

N

O

P

PCI-DSS (Payment Card Industry Data Security Standard)

R

Raijin database

Remote Access Server Role

S

SCCM (System Center Configuration Manager)

SEM (Security Event Management)

SIM (Security Information Management)

SIEM (Security Information and Event Management)

SNMP (Simple Network Management Protocol)

SOC (Security Operations Center)

structured logging

T

TCP (Transmission Control Protocol)

TLS (Transport Layer Security)/SSL (Secure Sockets Layer)

U

UEBA (User and Entity Behavior Analytics)

UDP (User Datagram Protocol)

V

vendor-agnostic

W

W3C Extended Log File Format

WEC (Windows Event Collector)

WEF (Windows Event Forwarding)

Windows Event ID

WMI (Windows Management Instrumentation)

X

Z