what is the cef format? if that is a binary form, yes, that cannot be done. if that is the name of a syslog output format (similar to WELF), which I think it may be, you should be able create this filter to contain the data you are looking to host, and in the order you want, at System>Log/Monitoring>Events|User Access|Admin Access>Filters and then setting your syslog output to use that filter. You can, if desired, also set this as the on-box display filter.

For any questions or assistance, please contact our support team

Hi zanyterp,

Thanks for your answer.

By CEF I mean the Common Event Format.

This is the format requested by our customer.
Not having much experience with this, is that what you mean by binary?

Thanks

Regards

You are welcome. I am not familiar with that log. Doing some searching, it looks like it is text-based log data that can be sent via syslog (similar to WELF). If that is correct, and what the customer is looking for you, you will need to create a custom filter to apply to the logs for the desired output using the variables and plain text options in the text field and then set that as the filter to use for syslog output.
what i cannot find, and hopefully your customer will know, is if there is a standard set of data and form that needs to be sent or if it is a flexible format that you can add whatever you want in the order you want. i think the only standard item i see is that the separate is a pipe ("|") rather than hyphen

you set the filter at: System>Log/Monitoring>logName>Filters

you set the syslog data, including format, at:
System>Log/Monitoring>logName>Settings

Thank you very much for your support.

Regards