We are trying to import logs from FireEye Central Management System (CMS). One of the logging formats for FE CM is Common Event Format (CEF). Has anybody configured custom cef parsing for this device?
When I enabled CEF logging on CMS the device.type came is as ciscorouter even when I configure a parser mapping for the device to the cef parser. I've read the article on configuration of cef-custom.xml but any push in the right direction would help.