/// <summary>
/// Creates a AuditMapFunc Formatter that returns a new operation name and CEF event ID when formatting the auditedEVent
/// </summary>
/// <param name="newOperation">Operation name to overwrite the inbound audited event's operation name</param>
/// <param name="cefEventId">the CEF Event ID of this operation</param>
/// <returns>A formatter as described above</returns>
protected AuditMapFunc MappedOperationCef(string newOperation, string cefEventId)
{
return(auditedEvent =>
{
auditedEvent.Operation = newOperation;
return DefaultCefOpResultFormatter(cefEventId)(auditedEvent);
});
}
/// <summary>
/// Returns a formatter which formats an auditedevent into a CEF message with an unknown ("-") CEF Event ID.
/// </summary>
/// <param name="newOperation">The operation to rename all operations passed into the formatter to</param>
/// <returns>Formatter which creates SyslogMessages containing event details</returns>
protected AuditMapFunc MappedOperation(string newOperation)
{
return(auditedEvent =>
{
auditedEvent.Operation = newOperation;
return DefaultCefOpResultFormatter("-")(auditedEvent);
});
}
