auth.securenvoy
The tags beginning with auth.securenvoy
identify log events generated by the SecurEnvoy platform.
Tag structure
The full tag must have 3 levels. The first two are fixed as auth.securenvoy
. The third level identifies the type of events sent.
These are the valid tags and corresponding data tables that will receive the parsers' data:
Product / Service | Tags | Data tables |
---|---|---|
SecurIdentity platform |
|
|
|
| |
|
| |
|
| |
|
| |
|
|
Once SecurEnvoy events are delivered to Devo, they will be accessible from the finder in tables with the same names.
For more information, read more about Devo tags.
How is the data sent to Devo?
All SecurEnvoy events should be sent to a Devo Relay for tagging and forwarding to Devo. The events can be directed to a single port; you will set up a series of rules to identify the event types and apply the correct Devo tag to each type.
The order of rule execution is important, with the rule that identifies syslog events being the final rule. The rules that precede it identify events by values in the source message, then use the Stop processing option to prevent further rules from running on the event. The final rule applies the auth.securenvoy.syslog tag to all events that have not met the previous rules.
The example rules below are based on port 13010 on the relay but you can use any free port you choose. Select Sent without syslog tag in all rules because the events the relay will receive do not contain syslog tags.
Rule 1 - Radius server events
Source port →
13010
Source message →
Radius
Target tag →
auth.securenvoy.radius
Select both Stop processing and Sent without syslog tag
Rule 2 - Batch server events
Source port →
13010
Source message →
Batch Server
Target tag →
auth.securenvoy.batch
Select both Stop processing and Sent without syslog tag
Rule 3 - WebSMS Gateway events
Source port →
13010
Source message →
WebSMS Gateway
Target tag →
auth.securenvoy.websms
Select both Stop processing and Sent without syslog tag
Rule 4 - Admin events
Source port →
13010
Source message →
admin
Target tag →
auth.securenvoy.admin
Select both Stop processing and Sent without syslog tag
Rule 5 - Enrol events
Source port →
13010
Source message →
enrol
Target tag →
auth.securenvoy.enrol
Select both Stop processing and Sent without syslog tag
Rule 6 - Syslog events
Source port →
13010
Source message → <none>
Target tag →
auth.securenvoy.syslog
Select both Stop processing and Sent without syslog tag
Table structure
These are the fields displayed in these tables: