Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Table of Contents
maxLevel2
minLevel2
typeflat

The tag auth.secureauth.events identifies all log events generated by SecureAuth IdP. This procedure was implemented for version 9.1.

For information about SecureAuth IdP, see the vendor documentation online.

...

This technology uses a single tag to support the audit, debug, and error logs generated by SecureAuth IdP. The tag is simply auth.secureauth.events and the associated events are saved in Devo in a table of the same name. For more information, read more about Devo tags.

To set up the sending of SecureAuth events to your Devo domain:

  1. Set up the Devo relay rule that applies the tag to the SecureAuth events.

  2. Configure event sending from SecureAuth to the Devo relay.

Step 1: Set up the Devo relay rule

...

  • Source Port → 13003

  • Target Tag → auth.secureauth.events

  • Check the Stop processing checkbox.

    Image Removed


    Image Added

Step 2: Configure event sending in SecureAuth IdP

In SecureAuth, you need to enable the sending of the audit, debug, and error logs in syslog format, then set up your Devo relay as a syslog server. To do so, follow the vendor instructions for log configuration, and be sure to:

  • In the Log Options section, select the Syslog checkbox for each of the audit, debug, and error logs.

  • In the Syslog section, enter the Devo relay's IP address as the Syslog server and the port to which you will send the events. Note that this is the port for which you will set up the relay rule later in this procedure. Select RFC3164 as the Syslog RFC Spec and choose CEF as the Spec format.

Once events are being sent from SecureAuth to the Devo relay, the auth.securauth.events table will appear in Devo in Data Search → Finder.