elastic · jsvd · Nov 30, 2017 · Jan 11, 2018 · Jan 11, 2018 · Jan 11, 2018
diff --git a/docs/versioned-plugins/codecs-index.asciidoc b/docs/versioned-plugins/codecs-index.asciidoc
@@ -0,0 +1,9 @@
+:type: codec
+:type_uc: Codec
+
+include::include/plugin-intro.asciidoc[]
+
+include::codecs/cef-index.asciidoc[]
+include::codecs/json-index.asciidoc[]
+include::codecs/rubydebug-index.asciidoc[]
+
diff --git a/docs/versioned-plugins/codecs/cef-index.asciidoc b/docs/versioned-plugins/codecs/cef-index.asciidoc
@@ -0,0 +1,20 @@
+:plugin: cef
+:type: codec
+
+include::{include_path}/version-list-intro.asciidoc[]
+
+|=======================================================================
+| Version | Release Date
+| <<v5.0.2-plugins-codecs-cef,v5.0.2>> | 2017-11-07
+| <<v5.0.1-plugins-codecs-cef,v5.0.1>> | 2017-08-15
+| <<v5.0.0-plugins-codecs-cef,v5.0.0>> | 2017-08-01
+| <<v4.1.4-plugins-codecs-cef,v4.1.4>> | 2017-08-18
+| <<v4.1.3-plugins-codecs-cef,v4.1.3>> | 2017-06-23
+|=======================================================================
+
+include::cef-v5.0.2.asciidoc[]
+include::cef-v5.0.1.asciidoc[]
+include::cef-v5.0.0.asciidoc[]
+include::cef-v4.1.4.asciidoc[]
+include::cef-v4.1.3.asciidoc[]
+
diff --git a/docs/versioned-plugins/codecs/cef-v4.1.3.asciidoc b/docs/versioned-plugins/codecs/cef-v4.1.3.asciidoc
@@ -0,0 +1,164 @@
+:plugin: cef
+:type: codec
+
+///////////////////////////////////////////
+START - GENERATED VARIABLES, DO NOT EDIT!
+///////////////////////////////////////////
+:version: v4.1.3
+:release_date: 2017-06-23
+:changelog_url: https://github.com/logstash-plugins/logstash-codec-cef/blob/v4.1.3/CHANGELOG.md
+:include_path: ../../../../logstash/docs/include
+///////////////////////////////////////////
+END - GENERATED VARIABLES, DO NOT EDIT!
+///////////////////////////////////////////
+
+[id="{version}-plugins-{type}s-{plugin}"]
+
+=== Cef codec plugin {version}
+
+include::{include_path}/plugin_header.asciidoc[]
+
+==== Description
+
+Implementation of a Logstash codec for the ArcSight Common Event Format (CEF)
+Based on Revision 20 of Implementing ArcSight CEF, dated from June 05, 2013
+https://community.saas.hpe.com/dcvta86296/attachments/dcvta86296/connector-documentation/1116/1/CommonEventFormatv23.pdf
+
+If this codec receives a payload from an input that is not a valid CEF message, then it will
+produce an event with the payload as the 'message' field and a '_cefparsefailure' tag.
+
+[id="{version}-plugins-{type}s-{plugin}-options"]
+==== Cef Codec Configuration Options
+
+[cols="<,<,<",options="header",]
+|=======================================================================
+|Setting |Input type|Required
+| <<{version}-plugins-{type}s-{plugin}-delimiter>> |{logstash-ref}/configuration-file-structure.html#string[string]|No
+| <<{version}-plugins-{type}s-{plugin}-fields>> |{logstash-ref}/configuration-file-structure.html#array[array]|No
+| <<{version}-plugins-{type}s-{plugin}-name>> |{logstash-ref}/configuration-file-structure.html#string[string]|No
+| <<{version}-plugins-{type}s-{plugin}-product>> |{logstash-ref}/configuration-file-structure.html#string[string]|No
+| <<{version}-plugins-{type}s-{plugin}-severity>> |{logstash-ref}/configuration-file-structure.html#string[string]|No
+| <<{version}-plugins-{type}s-{plugin}-signature>> |{logstash-ref}/configuration-file-structure.html#string[string]|No
+| <<{version}-plugins-{type}s-{plugin}-vendor>> |{logstash-ref}/configuration-file-structure.html#string[string]|No
+| <<{version}-plugins-{type}s-{plugin}-version>> |{logstash-ref}/configuration-file-structure.html#string[string]|No
+|=======================================================================
+
+&nbsp;
+
+[id="{version}-plugins-{type}s-{plugin}-delimiter"]
+===== `delimiter` 
+
+  * Value type is {logstash-ref}/configuration-file-structure.html#string[string]
+  * There is no default value for this setting.
+
+If your input puts a delimiter between each CEF event, you'll want to set
+this to be that delimiter.
+
+For example, with the TCP input, you probably want to put this:
+
+    input {
+      tcp {
+        codec => cef { delimiter => "\r\n" }
+        # ...
+      }
+    }
+
+This setting allows the following character sequences to have special meaning:
+
+* `\\r` (backslash "r") - means carriage return (ASCII 0x0D)
+* `\\n` (backslash "n") - means newline (ASCII 0x0A)
+
+[id="{version}-plugins-{type}s-{plugin}-deprecated_v1_fields"]
+===== `deprecated_v1_fields`  (DEPRECATED)
+
+  * DEPRECATED WARNING: This configuration item is deprecated and may not be available in future versions.
+  * Value type is {logstash-ref}/configuration-file-structure.html#boolean[boolean]
+  * There is no default value for this setting.
+
+Set this flag if you want to have both v1 and v2 fields indexed at the same time. Note that this option will increase
+the index size and data stored in outputs like Elasticsearch
+This option is available to ease transition to new schema
+
+[id="{version}-plugins-{type}s-{plugin}-fields"]
+===== `fields` 
+
+  * Value type is {logstash-ref}/configuration-file-structure.html#array[array]
+  * Default value is `[]`
+
+Fields to be included in CEV extension part as key/value pairs
+
+[id="{version}-plugins-{type}s-{plugin}-name"]
+===== `name` 
+
+  * Value type is {logstash-ref}/configuration-file-structure.html#string[string]
+  * Default value is `"Logstash"`
+
+Name field in CEF header. The new value can include `%{foo}` strings
+to help you build a new value from other parts of the event.
+
+[id="{version}-plugins-{type}s-{plugin}-product"]
+===== `product` 
+
+  * Value type is {logstash-ref}/configuration-file-structure.html#string[string]
+  * Default value is `"Logstash"`
+
+Device product field in CEF header. The new value can include `%{foo}` strings
+to help you build a new value from other parts of the event.
+
+[id="{version}-plugins-{type}s-{plugin}-sev"]
+===== `sev`  (DEPRECATED)
+
+  * DEPRECATED WARNING: This configuration item is deprecated and may not be available in future versions.
+  * Value type is {logstash-ref}/configuration-file-structure.html#string[string]
+  * There is no default value for this setting.
+
+Deprecated severity field for CEF header. The new value can include `%{foo}` strings
+to help you build a new value from other parts of the event.
+
+This field is used only if :severity is unchanged set to the default value.
+
+Defined as field of type string to allow sprintf. The value will be validated
+to be an integer in the range from 0 to 10 (including).
+All invalid values will be mapped to the default of 6.
+
+[id="{version}-plugins-{type}s-{plugin}-severity"]
+===== `severity` 
+
+  * Value type is {logstash-ref}/configuration-file-structure.html#string[string]
+  * Default value is `"6"`
+
+Severity field in CEF header. The new value can include `%{foo}` strings
+to help you build a new value from other parts of the event.
+
+Defined as field of type string to allow sprintf. The value will be validated
+to be an integer in the range from 0 to 10 (including).
+All invalid values will be mapped to the default of 6.
+
+[id="{version}-plugins-{type}s-{plugin}-signature"]
+===== `signature` 
+
+  * Value type is {logstash-ref}/configuration-file-structure.html#string[string]
+  * Default value is `"Logstash"`
+
+Signature ID field in CEF header. The new value can include `%{foo}` strings
+to help you build a new value from other parts of the event.
+
+[id="{version}-plugins-{type}s-{plugin}-vendor"]
+===== `vendor` 
+
+  * Value type is {logstash-ref}/configuration-file-structure.html#string[string]
+  * Default value is `"Elasticsearch"`
+
+Device vendor field in CEF header. The new value can include `%{foo}` strings
+to help you build a new value from other parts of the event.
+
+[id="{version}-plugins-{type}s-{plugin}-version"]
+===== `version` 
+
+  * Value type is {logstash-ref}/configuration-file-structure.html#string[string]
+  * Default value is `"1.0"`
+
+Device version field in CEF header. The new value can include `%{foo}` strings
+to help you build a new value from other parts of the event.
+
+
diff --git a/docs/versioned-plugins/codecs/cef-v4.1.4.asciidoc b/docs/versioned-plugins/codecs/cef-v4.1.4.asciidoc
@@ -0,0 +1,164 @@
+:plugin: cef
+:type: codec
+
+///////////////////////////////////////////
+START - GENERATED VARIABLES, DO NOT EDIT!
+///////////////////////////////////////////
+:version: v4.1.4
+:release_date: 2017-08-18
+:changelog_url: https://github.com/logstash-plugins/logstash-codec-cef/blob/v4.1.4/CHANGELOG.md
+:include_path: ../../../../logstash/docs/include
+///////////////////////////////////////////
+END - GENERATED VARIABLES, DO NOT EDIT!
+///////////////////////////////////////////
+
+[id="{version}-plugins-{type}s-{plugin}"]
+
+=== Cef codec plugin {version}
+
+include::{include_path}/plugin_header.asciidoc[]
+
+==== Description
+
+Implementation of a Logstash codec for the ArcSight Common Event Format (CEF)
+Based on Revision 20 of Implementing ArcSight CEF, dated from June 05, 2013
+https://community.saas.hpe.com/dcvta86296/attachments/dcvta86296/connector-documentation/1116/1/CommonEventFormatv23.pdf
+
+If this codec receives a payload from an input that is not a valid CEF message, then it will
+produce an event with the payload as the 'message' field and a '_cefparsefailure' tag.
+
+[id="{version}-plugins-{type}s-{plugin}-options"]
+==== Cef Codec Configuration Options
+
+[cols="<,<,<",options="header",]
+|=======================================================================
+|Setting |Input type|Required
+| <<{version}-plugins-{type}s-{plugin}-delimiter>> |{logstash-ref}/configuration-file-structure.html#string[string]|No
+| <<{version}-plugins-{type}s-{plugin}-fields>> |{logstash-ref}/configuration-file-structure.html#array[array]|No
+| <<{version}-plugins-{type}s-{plugin}-name>> |{logstash-ref}/configuration-file-structure.html#string[string]|No
+| <<{version}-plugins-{type}s-{plugin}-product>> |{logstash-ref}/configuration-file-structure.html#string[string]|No
+| <<{version}-plugins-{type}s-{plugin}-severity>> |{logstash-ref}/configuration-file-structure.html#string[string]|No
+| <<{version}-plugins-{type}s-{plugin}-signature>> |{logstash-ref}/configuration-file-structure.html#string[string]|No
+| <<{version}-plugins-{type}s-{plugin}-vendor>> |{logstash-ref}/configuration-file-structure.html#string[string]|No
+| <<{version}-plugins-{type}s-{plugin}-version>> |{logstash-ref}/configuration-file-structure.html#string[string]|No
+|=======================================================================
+
+&nbsp;
+
+[id="{version}-plugins-{type}s-{plugin}-delimiter"]
+===== `delimiter` 
+
+  * Value type is {logstash-ref}/configuration-file-structure.html#string[string]
+  * There is no default value for this setting.
+
+If your input puts a delimiter between each CEF event, you'll want to set
+this to be that delimiter.
+
+For example, with the TCP input, you probably want to put this:
+
+    input {
+      tcp {
+        codec => cef { delimiter => "\r\n" }
+        # ...
+      }
+    }
+
+This setting allows the following character sequences to have special meaning:
+
+* `\\r` (backslash "r") - means carriage return (ASCII 0x0D)
+* `\\n` (backslash "n") - means newline (ASCII 0x0A)
+
+[id="{version}-plugins-{type}s-{plugin}-deprecated_v1_fields"]
+===== `deprecated_v1_fields`  (DEPRECATED)
+
+  * DEPRECATED WARNING: This configuration item is deprecated and may not be available in future versions.
+  * Value type is {logstash-ref}/configuration-file-structure.html#boolean[boolean]
+  * There is no default value for this setting.
+
+Set this flag if you want to have both v1 and v2 fields indexed at the same time. Note that this option will increase
+the index size and data stored in outputs like Elasticsearch
+This option is available to ease transition to new schema
+
+[id="{version}-plugins-{type}s-{plugin}-fields"]
+===== `fields` 
+
+  * Value type is {logstash-ref}/configuration-file-structure.html#array[array]
+  * Default value is `[]`
+
+Fields to be included in CEV extension part as key/value pairs
+
+[id="{version}-plugins-{type}s-{plugin}-name"]
+===== `name` 
+
+  * Value type is {logstash-ref}/configuration-file-structure.html#string[string]
+  * Default value is `"Logstash"`
+
+Name field in CEF header. The new value can include `%{foo}` strings
+to help you build a new value from other parts of the event.
+
+[id="{version}-plugins-{type}s-{plugin}-product"]
+===== `product` 
+
+  * Value type is {logstash-ref}/configuration-file-structure.html#string[string]
+  * Default value is `"Logstash"`
+
+Device product field in CEF header. The new value can include `%{foo}` strings
+to help you build a new value from other parts of the event.
+
+[id="{version}-plugins-{type}s-{plugin}-sev"]
+===== `sev`  (DEPRECATED)
+
+  * DEPRECATED WARNING: This configuration item is deprecated and may not be available in future versions.
+  * Value type is {logstash-ref}/configuration-file-structure.html#string[string]
+  * There is no default value for this setting.
+
+Deprecated severity field for CEF header. The new value can include `%{foo}` strings
+to help you build a new value from other parts of the event.
+
+This field is used only if :severity is unchanged set to the default value.
+
+Defined as field of type string to allow sprintf. The value will be validated
+to be an integer in the range from 0 to 10 (including).
+All invalid values will be mapped to the default of 6.
+
+[id="{version}-plugins-{type}s-{plugin}-severity"]
+===== `severity` 
+
+  * Value type is {logstash-ref}/configuration-file-structure.html#string[string]
+  * Default value is `"6"`
+
+Severity field in CEF header. The new value can include `%{foo}` strings
+to help you build a new value from other parts of the event.
+
+Defined as field of type string to allow sprintf. The value will be validated
+to be an integer in the range from 0 to 10 (including).
+All invalid values will be mapped to the default of 6.
+
+[id="{version}-plugins-{type}s-{plugin}-signature"]
+===== `signature` 
+
+  * Value type is {logstash-ref}/configuration-file-structure.html#string[string]
+  * Default value is `"Logstash"`
+
+Signature ID field in CEF header. The new value can include `%{foo}` strings
+to help you build a new value from other parts of the event.
+
+[id="{version}-plugins-{type}s-{plugin}-vendor"]
+===== `vendor` 
+
+  * Value type is {logstash-ref}/configuration-file-structure.html#string[string]
+  * Default value is `"Elasticsearch"`
+
+Device vendor field in CEF header. The new value can include `%{foo}` strings
+to help you build a new value from other parts of the event.
+
+[id="{version}-plugins-{type}s-{plugin}-version"]
+===== `version` 
+
+  * Value type is {logstash-ref}/configuration-file-structure.html#string[string]
+  * Default value is `"1.0"`
+
+Device version field in CEF header. The new value can include `%{foo}` strings
+to help you build a new value from other parts of the event.
+
+