Document toolboxDocument toolbox

auth.rsa

Introduction

Tags beginning with auth.rsa identify events generated by RSA SecurID.

Valid tags and data tables

The full tag must have at least 3 levels. The first two are fixed as auth.rsa. The third level identifies the type of events sent, and the fourth level indicates the event subtype. 

These are the valid tags and corresponding data tables that will receive the parsers' data:

Product / Service

Tag

Data table

Product / Service

Tag

Data table

RSA Authentication Manager

auth.rsa.rsaam.manager

auth.rsa.rsaam.manager

RSA SecurID

auth.rsa.secureid

auth.rsa.secureid

auth.rsa.secureid.admin

auth.rsa.secureid.admin

auth.rsa.secureid.runtime

auth.rsa.secureid.runtime

auth.rsa.secureid.system

auth.rsa.secureid.system

auth.rsa.secureid.trace

auth.rsa.secureid.trace

For more information, read more About Devo tags.

Relay rules

Add the following rule for auth.rsa.secureid parsers:

Source port

13046

Source message

(\w+)\.com\.rsa

Target tag

auth.rsa.secureid.\\m1

Sent without syslog tag

Stop processing

 

Table structure

These are the fields displayed in these tables: