Specifications   Search
CEE™ Common Event Expression: A Unified Event Language for Interoperability
CEE Website is in "Archive" status — read the announcement
 

About CEE

Documents

FAQs

CEE Language

Current Release

Previous Releases

CEE Community

CEE Board

Discussion Archive

News & Events

Calendar

Search the Site

CEE Language

Current Release

Specifications

Schemas

Downloads

Profiles

Versioning

Terminology

Implementations

Additional Information

Previous Releases

Terms of Use

CEE Common Log Transport — Archive

CLT Protocol | CLT Mapping | About the Specification | Feedback Requested

CEE Log Transport (CLT) provides the technical support necessary for a secure and reliable log infrastructure. A log infrastructure requires more than just standardized event records, support is needed for international string encodings, secure logging services, standardized event interfaces, and secure, verifiable log trails.

CLT Protocol

As described in the CEE Architecture Overview Specification, CLT defines a listing of requirements that a "CLT Protocol" must meet. For example, a CLT Protocol must be able to transmit a CLS Encoded CEE Event. More advanced CLT Protocols may provide things like encryption and full acknowledgments. A CLT Protocol may be able to specify or transmit CELR Profiles and additional event-related information, such as packet captures or file data.

CLT Mapping

CLT also defines transport mappings. A "CLT Mapping" defines a standardized way for CEE Events to be transmitted over a certain CLT Protocol. One use for a CLT Mapping is to define how to send CEE Events over the RFC5425 TLS Syslog protocol. This Mapping would define that the CEE Event must be encoded using an RFC5424 Syslog-compatible CLS Encoding and placed at a certain point in the Syslog message. The CLT Mapping may need to define additional indicators, such as flags to indicate that the data an encoded CEE Event and the character encoding used (e.g., UTF-8).

CLT provides the features necessary to support the end-to-end audit process by extending the event record representation to include the essential confidentiality, integrity, and availability audit services.

About the Specification

MITRE and the CEE Community have created a machine-interpretable CEE Common Log Transport Specification document.

View the Specification

The most current versions of the CEE Common Log Transport (CLT) specification and CLT Syslog Mapping are available on the CLT Specification, Version 1.0α page.

Previous versions of these specifications, when available, are archived in the CEE Archive.

Feedback Requested

We encourage event producers, event consumers, and IT and security operations end users to participate in the development of the CEE Common Log Transport Specification on the CEE Email Discussion List.

BACK TO TOP

Page Last Updated: May 15, 2013