...
For more information, read more About Devo tags.
...
Send it
Data should be sent using the relay.
In BeyondTrust solutions, you can set up a connector that enables syslog event forwarding. The events should be directed to a Devo relay where a relay rule applies the correct tag, then forwards the events securely to your Devo domain.
For information about setting up syslog event forwarding, see the BeyondInsight and Password Safe Third-Party Integration Guide.
Set up the Devo relay rule
You will need to set up just one rule that can correctly identify the event type and apply the correct Devo tag. These will be type-4 rules that apply a dynamic tag based upon specific data contained in the inbound event.
In this example we're using port 13007, but you should use the port on your relay that you specified when you set up the remote syslog server in BeyondTrust.
...
Source port → 13007
...
Source data → Agent ID: ([^ ]+)
...
Example relay rules
| Code Block |
|---|
Source message: Source data: Agent ID: ([^ ]+) Source tag: Target tag: vuln.beyondtrust.\\D1 |
...
Select the Stop processing checkbox
Click Add rule.
...
Sent without syslog tag: false
Stop processing: true |
Table structure
These are the fields displayed in these tables:
...