cef0.ibm.securityAccessManager
Introduction
The table cef0.ibm.securityAccessManager identifies events in CEF format generated by IBM Security Access Manager.
Tag structure
Events in CEF format don't have a specific tag structure, as explained in Technologies supported in CEF syslog format. They are always sent to a table with the structure cef0.deviceVendor.deviceProduct.
In this case, the valid data tables are:
cef0.ibm.securityAccessManager
How is the data sent to Devo?
Learn more about CEF syslog format and how Devo tags these events in Technologies supported in CEF syslog format.
Log samples
The following are sample logs sent to cef0.ibm.securityAccessManager. Find how the information will be parsed in your data table under each sample log.
Extra columns
Fields marked as Extra in the table below are not shown by default in data tables and need to be explicitly requested in the query. You can find them marked as Extra when you perform a query so they can be easily identified. Learn more about this in Selecting unrevealed columns.
cef0.ibm.securityAccessManager
2021-09-01 09:40:55.145 localhost=127.0.0.1 14 CEF: 0|IBM|Security Access Manager||GLGUP1012E|1 2021-08-23T02:47:26+0100 somehost-no.real.data system 18276 GLGUP1012E [FNXSYS@2 args="" desc="GLGUP1012E An attempt to download the primary update catalog has failed. Common causes of this failure are not having a license installed and DNS errors." eventid="GLGUP1012E" name="system" priority="high" time="2021-08-23T02:47:26+0100" timestamp="1629683246"]|High| eventId=317001 customerURI=/opt/josephharris/former/actually/return/play.pages Customers/etc/office/sense/drop/opportunity/drive/message.csv/07_Polaris/etc/list/if/music/all/seven.odt art=1629683188999 cat=system deviceSeverity=Error rt=1629683246000 cs3=high cs4=GLG cs5=UP cn1=1629683246 cn2=1012 cs3Label=Priority cs4Label=Product Identifiers cs5Label=Component Identifiers cn1Label=Time Stamp cn2Label=Message Number c6a4Label=UK ahost=somehost.uki.compass agt=189.147.244.216 agentZoneURI=/opt/josephharris/former/actually/return/play.pages Zones/var/yard/yard/prod/grow/western/no.js System/opt/good/ball/danielle35/all/hospital/rule.jpeg Address Space Zones/dev/season.docx1918: 141.114.91.84-48.139.169.28 amac=01-01-1E-A3-1B-11 av=71.114.218.15522.0 atz=Europe/dev/western/indicate/fwilson/many.css at=syslog dvchost=somehost-no.real.data dtz=Europe/dev/western/indicate/fwilson/many.css geid=1234567890203747840 _cefVer=0.1 ad.desc=GLGUP1012E An attempt to download the primary update catalog has failed. Common causes of this failure are not having a license installed and DNS errors. aid=3NORealiDHEREgX5tBu9OFQ\\=\\=
And this is how the log would be parsed:
Field | Value | Type | Extra fields | Source field name |
---|---|---|---|---|
eventdate |
|
| ||
hostname |
|
| ||
priorityCode |
|
| ||
cefTag |
|
| ||
cefVersion |
|
| ||
embDeviceVendor |
|
| ||
embDeviceProduct |
|
| ||
deviceVersion |
| |||
signatureID |
|
| ||
name |
|
| ||
severity |
|
| ||
_cefVer |
|
| ||
cat |
|
| ||
c6a4Label |
|
| ||
cn1Label |
|
| ||
cn1 |
|
| ||
cn2Label |
|
| ||
cn2 |
|
| ||
cs3Label |
|
| ||
cs3 |
|
| ||
cs4Label |
|
| ||
cs4 |
|
| ||
cs5Label |
|
| ||
cs5 |
|
| ||
dvchost |
|
| ||
rt |
|
| ||
adDesc |
|
| ||
agentZoneURI |
|
| ||
agt |
|
| ||
ahost |
|
| ||
aid |
|
| ||
amac |
|
| ||
art |
|
| ||
at |
|
| ||
atz |
|
| ||
av |
|
| ||
customerURI |
|
| ||
deviceSeverity |
|
| ||
dtz |
|
| ||
eventId |
|
| ||
geid |
|
| ||
hostchain |
|
| ✓ | |
tag |
|
| ✓ |
|
rawMessage |
|
| ✓ |