The CEE™ Board is an advisory body in collaboration with logging tool and operating system vendors and the government of the United States, providing valuable input on the CEE Log Standards. Balabit, with its existing pattern database (patternDB) and syslog-ng user group (650 000 companies word-wide) is an active contributor of logging standards creation.

New York, September 13, 2011 – Balabit IT Security, one of the global leaders in developing privileged activity monitoring, trusted logging and proxy-based gateway technologies, announced the first results of its cooperation with Common Event Expression, CEE Board in logging methods’ standardization. Version 0.6 of CEE log standards specification is available containing updated Dictionary and Taxonomy, Log Recommendation, Syntax, and Transport components. Balabit played an active role in Common Log Transport Specification, to make moving event records between different systems easier using the syslog protocol. Balabit also participates in Dictionary and Taxonomy related discussions, which defines standard fields and tags to be used in event records. Log standardization helps system administrators to manage IT systems, ensure business continuity, as well as enables companies to report to auditors and management.

Balabit – having over 10 years of experience in the logging market – has created a pattern matching engine to syslog-ng, which uses a pattern database (patternDB) to turn log messages into events and add standardized fields and tags to these events. From the beginning, the company decided to share patternDB with the open source community, because the open source version of syslog-ng is used by 650 000 companies word-wide. As patternDB and CEE have the same goals with creating log standards, Balabit was invited to be a Member of CEE Board in November 2010 to work together on the further development of standards with other industry players.

The CEE Board is an advisory body in collaboration with logging tool and operating system vendors and the government of the United States that provides valuable input on the CEE Log Standard – including its Dictionary and Taxonomy, Log Recommendation, Syntax, and Transport components. The CEE Board works with the CEE Moderator (currently MITRE) and CEE Community to define the scope of CEE, provides input for CEE’s strategic direction, and advocates the adoption of CEE in the community.

Supporting Quote
”We feel that it is a great honor to be invited as a Member of the Board of Common Event Expression, as members are chosen based upon their ability as a technical expert, liaison, or advocate. With our existing patternDB and syslog-ng user group we are happy to be an active contributor of logging standards creation. CEE is a great initiative which helps all the vendors in the logging market, as well as the customers, for instance financial and telecom companies, to optimize their logging processes” said Balázs Scheidler, Chief Executive Officer of Balabit IT Security. “Today we see an increasing demand towards logging solutions, not only because it helps in preventing IT security incidents, but also it ensures business continuity. Logging is a pillar of compliance, as it is a basic criteria of almost all standards – such as ISO 27001, PCI-DSS, SOX, HIPAA and COBIT. Also there are several other regulations which would be impossible to be approved without logging, even if these regulations show no relation with a logging management system at first glance.“

CEE™ and Balabit’s syslog-ng
CEE is a vendor neutral initiative to standardize log events. Balabit, as a member of Board can utilize its experience with the syslog protocol and patternDB to enhance the CEE standards.
The syslog-ng can compare log lines against a database of message patterns. By comparing the messages to the known patterns, syslog-ng is able to extract information and add metadata to log messages. The results can be sent into a file or to a database to help report and analysis. Balabit’s syslog-ng can act as a translator, which translates log lines into events and then creates CEE tags and fields by extracting information from logs. The tool to achieve this is the patternDB engine. For instance, from a failed login attempt it can extract the source IP address, the user name, application name, date and time, and can tag it as a “login” and as a “failure”.

Supporting Resources
•    Logging, the Pillar of Compliance

About Common Event Expression
Common Event Expression (CEE™) standardizes the way computer events are described, logged, and exchanged. By utilizing a common language and syntax, CEE takes the guesswork out of even the most menial of event- or log-related tasks. Tasks including log correlation and aggregation, enterprise-wide log management, auditing, and incident handling which once required expensive, specialized analysts or equipment can now be performed more efficiently and produce better results.

For more information visit

The MITRE Corporation, established in 1958, is a not-for-profit organization chartered to work in the public interest.  As a national resource in the United States, applies its expertise in systems engineering, information technology, operational concepts, and enterprise modernization. MITRE has 7,000 scientists, engineers and support specialists – 65 percent of whom have Masters or Ph.D. degrees. Staff members work on hundreds of different projects across the company, demanding a high level of technical, operational, and domain knowledge.
MITRE, in collaboration with government, industry, and academic stakeholders, is improving the measurability of security through enumerating baseline security data, providing standardized languages as means for accurately communicating the information, and encouraging the sharing of the information with users by developing repositories.
The other activities and initiatives, such as Common Event Expression, have similar concepts or compatible approaches to MITRE’s. Together all of these efforts are helping to make security more measurable by defining the concepts that need to be measured, providing for high fidelity communications about the measurements, and providing for sharing of the measurements and the definitions of what to measure.

For more information visit

About Balabit
Balabit IT Security is an innovative information security company, one of the global leaders in developing privileged activity monitoring, trusted logging and proxy-based gateway technologies to help customers be protected against insider and outsider threats and meet security and compliance regulations. As an active member of the open source community, we provide solutions to a uniquely wide range of both open source and proprietary platforms, even for the most complex and heterogeneous IT systems across physical, virtual and cloud environments.
Balabit is also known as “the syslog-ng company”, based on the company’s flagship product, the open source log server application, which is used by more than 650 000 companies worldwide and became the globally acknowledged de-facto industry standard.
Balabit, the second fastest-growing IT Security company in the Central European region concerning Deloitte Technology Fast 50 list, has local offices in France, Germany, Italy, Russia, and in the USA, and cooperates with partners worldwide. Our R&D and global support centers are located in Hungary, Europe.

For more information visit

Press contact
Andrea Ipolyi
PR manager
Balabit IT Security
phone: +36 20 390 4139

Walter Caon
Balabit USA
410 Park Avenue 15th Floor Suite 1500
New York, 10022
phone: +1 917 546 6715