Backported changes for proper ARCSight support.

Author: Ruslan Gainutdinov

.gitignore

@@ -64,3 +64,5 @@ local.properties
 dependency-reduced-pom.xml
 vagrant/.vagrant
 /vagrant/graylog_latest.deb
+vagrant/server.*
+**/Thumbs.db

src/main/java/com/wizecore/graylog2/plugin/CEFSender.java

@@ -34,12 +34,22 @@ public void send(SyslogIF syslog, int level, Message msg) {
 		out.append(str);
 		out.append("|").append(level) .append("|"); // severity
 		Map<String, Object> fields = msg.getFields();
+		boolean have = false;
 		for (String k: fields.keySet()) {
 			Object v = fields.get(k);
 			if (!k.equals("message") && !k.equals("full_message")) {
     			String s = v != null ? v.toString() : "null";
-    			out.append(k).append('=').append(s);
+    			if (have) {
+					have = true;
+				}
+				s = s.replace("\\", "\\\\");
+				s = s.replace("=", "\\=");
+				s = s.replace("\r", "");
+				s = s.replace("\n", "\\n");
+				out.append(k).append('=').append(s);
 			}
-		}
+		}
+
+		syslog.log(level, out.toString());
 	}
 }