Table of Contents | ||||
---|---|---|---|---|
|
...
The tags beginning with iam.hitachi identify events generated by Hitachi ID products.
Tag structure
The full tag must have four levels. The first two are fixed as iam.hitachi. The third and fourth levels identify the type and subtype of events sent.
Technology | Brand | Type | Subtype |
---|---|---|---|
iam | hitachi | password | events |
...
- iam.hitachi.password.events
How is the data sent to Devo?
You can send the forward logs generated by Hitachi ID using the tool NXLog. any Syslog drain (for example, Syslog-ng). You can also use the Devo relay if required; in this case, you can get in touch with us if you need additional information.
Log samples
...
The following are is a sample logs log sent to each of the iam.hitachi tags:
...
.
...
password.events table:
...
Code Block |
---|
2021- |
...
10-26 10:03:27.030 localhost=127.0.0.1 iam.hitachi.password.events: default[ |
...
ida.exe( |
...
5024, |
...
12784)] Help-desk assisted account unlock successful.|Profile=KHepbu| |
...
ChangedBy=SGuida |
Note | ||
---|---|---|
| ||
Fields marked as Extra in the table below are not shown by default in data tables and need to be explicitly requested in the query. You can find them marked as Extra when you perform a query so they can be easily identified. Learn more about this in Selecting unrevealed columns. |
And this is how the log would be parsed:
Field | Value | Type | Extra fields | ||
---|---|---|---|---|---|
hostchain |
|
| |||
tag | eventdate |
|
| ||
hostname |
|
| |||
layer | "
| "
| |||
module | "psf
| "
| |||
pid |
|
| |||
parent_pid |
|
| |||
message |
|
| |||
type |
|
| profile
|
| |
ChangedBy |
|
| |||
Profile |
|
| |||
AuthChain |
|
| |||
Language |
|
| |||
Skin |
|
| |||
Target |
|
| |||
Platform |
|
| |||
Operation |
|
| |||
Identity |
|
| |||
Reason |
|
| |||
QSetI |
|
| |||
QSetType |
|
| |||
Node |
|
| |||
Arguments | 'L00390135'
|
| reason | ||
Runtime |
|
| |||
rawMessage |
|
|
| ||
hostchain |
|
| ✓ | ||
tag |
|
| ✓ |