CEF output for ArcSight

[chrisforce1]

This is a placeholder, as I'll come up with the individual fields and syslog message format soon. Regarding the configuration option, we should use the following:

  # ArcSight syslog connector where AlphaSOC alerts will be sent in CEF format.
  # NFR will use TCP port 514 to send CEF messages via syslog by default.
  # Use the fields below to define the server IP address and syslog port.
  arcsight:
    # IP address of the ArcSight syslog connector
    # Default: (none)
    ip:
    # Port for the ArcSight syslog TCP input
    # Default: 514
    port: 514

[chrisforce1]

Closing as we should use syslog: (#62)