For the audit log and the provisioner audit log, administrators can choose instead to write the information to the Common Event Format (CEF), a differently formatted log file that can be used by Splunk, or both.