iam.hitachi
Introduction
The tags beginning with iam.hitachi identify events generated by Hitachi ID products.
Tag structure
The full tag must have four levels. The first two are fixed as iam.hitachi. The third and fourth levels identify the type and subtype of events sent.
Technology | Brand | Type | Subtype |
---|---|---|---|
iam | hitachi | password | events |
Therefore, the valid tags and tables include:
- iam.hitachi.password.events
How is the data sent to Devo?
You can forward logs generated by Hitachi ID using any Syslog drain (for example, Syslog-ng). You can also use the Devo relay if required; in this case, you can get in touch with us if you need additional information.
Log samples
The following is a sample log sent to the iam.hitachi.password.events table:
2021-10-26 10:03:27.030 localhost=127.0.0.1 iam.hitachi.password.events: default[ida.exe(5024,12784)] Help-desk assisted account unlock successful.|Profile=KHepbu|ChangedBy=SGuida
Extra columns
Fields marked as Extra in the table below are not shown by default in data tables and need to be explicitly requested in the query. You can find them marked as Extra when you perform a query so they can be easily identified. Learn more about this in Selecting unrevealed columns.
And this is how the log would be parsed:
Field | Value | Type | Extra fields |
---|---|---|---|
eventdate |
|
| |
hostname |
|
| |
layer |
|
| |
module |
|
| |
pid |
|
| |
parent_pid |
|
| |
message |
|
| |
type |
|
| |
ChangedBy |
|
| |
Profile |
|
| |
AuthChain |
|
| |
Language |
|
| |
Skin |
|
| |
Target |
|
| |
Platform |
|
| |
Operation |
|
| |
Identity |
|
| |
Reason |
|
| |
QSetI |
|
| |
QSetType |
|
| |
Node |
|
| |
Arguments |
|
| |
Runtime |
|
| |
rawMessage |
|
| |
hostchain |
|
| ✓ |
tag |
|
| ✓ |