Table of Contents | ||||||
---|---|---|---|---|---|---|
|
The tag auth.secureauth.events identifies all log events generated by SecureAuth IdP. This procedure was implemented for version 9.1.
For information about SecureAuth IdP, see the vendor documentation online.
...
This technology uses a single tag to support the audit, debug, and error logs generated by SecureAuth IdP. The tag is simply auth.secureauth.events and the associated events are saved in Devo in a table of the same name. For more information, read more about Devo tags.
...
Source Port → 13003
Target Tag → auth.secureauth.events
Check the Stop processing checkbox.
Step 2: Configure event sending in SecureAuth IdP
In SecureAuth, you need to enable the sending of the audit, debug, and error logs in syslog format, then set up your Devo relay as a syslog server. To do so, follow the vendor instructions for log configuration, and be sure to:
In the Log Options section, select the Syslog checkbox for each of the audit, debug, and error logs.
In the Syslog section, enter the Devo relay's IP address as the Syslog server and the port to which you will send the events. Note that this is the port for which you will set up the relay rule later in this procedure. Select RFC3164 as the Syslog RFC Spec and choose CEF as the Spec format.
Once events are being sent from SecureAuth to the Devo relay, the auth.securauth.events table will appear in Devo in Data Search → Finder.
...