涵義
CEE是一種描述、記錄和交換計算機事件的標準。通過使用CEE的公共語言和語法,可以更好更快地進行企業級的日誌管理、關聯、集合、審計和處理突發情況。
標準
原文:
CEE is standardizes the way computer events are described, logged, and exchanged. By using CEE’s common language andsyntax, enterprise-wide log management, correlation, aggregation, auditing, and incident handling can be performed more efficiently and produce better results than was possible prior to CEE.
協同工作架構圖
Event Taxonomy(事件分類)
Standard terminology (標準術語)
Log Syntax(日誌語法)
Consistent data elements and format (固定的數據內容和格式)
Log Transport(日誌交換)
Standard communications mechanisms(日誌通訊機制)
Log Recommendations(日誌建議)
Suggested events to log(針對日誌的建議)