CEF Viewer

Paste or edit a CEF line — fields parse locally in your browser.

Local-only · no network

Event message

Parsed fields

Raw

CEF:0|security|threatmanager|1.0|100|detected an equal sign ("=") in extension value|10|src=10.0.0.1 act=blocked a equal \= dst=1.1.1.1 rt=1234567890000

Field	Value	Show comments
CEF Header
Version	0
DeviceVendor	security
DeviceProduct	threatmanager
DeviceVersion	1.0
SignatureID	100
Name	detected an equal sign ("=") in extension value
Severity	10
CEF Extensions
act	blocked a equal =	deviceAction Producer extension from CEF specification 0.1 String[63] Action taken by the device.
dst	1.1.1.1	destinationAddress Producer extension from CEF specification 0.1 IpAddress[] Identifies the destination address that the event refers to in an IP network. The format is an IPv4 address. Example: “192.168.10.1”
rt	1234567890000	deviceReceiptTime Producer extension from CEF specification 0.1 DateTime[] The time at which the event related to the activity was received. The format is MMM dd yyyy HH:mm:ss or milliseconds since epoch (Jan 1st 1970) 2009-02-13T23:31:30.000Z
src	10.0.0.1	sourceAddress Producer extension from CEF specification 0.1 IpAddress[] Identifies the source that an event refers to in an IP network. The format is an IPv4 address. Example: “192.168.10.1”.