SA Cfg: Supported Global Audit Logging Meta Key Variables

Document created by RSA Information Design and Development on Jul 29, 2016Last modified by RSA Information Design and Development on Dec 2, 2016
Version 2Show Document
  • View in full screen mode

Security Analytics provides predefined global audit logging templates that you can use for your global audit logging configurations. For third-party syslog servers, you can define your own template format (CEF or non-CEF) using supported meta key variables.

Procedures related to this table are described in Define a Template for Global Audit Logging and Configure Global Audit Logging.

Supported Global Audit Logging Meta Key Variables 

The following table describes the meta key variables that Security Analytics global audit logging supports. Use these values to create a custom audit logging template for a third-party syslog server. 

${category}Identifier of the audit event. It specifies the the category of the audit event.
${destinationAddress}Destination IP Address
${destinationPort}Destination Port
${deviceExternalId}Unique ID of the service generating the audit event
${deviceFacility}Syslog facility used when writing the event to syslog daemon. For example, authpriv.
${deviceProcessId}ID of the process generating the event, which is the process ID of the Security Analytics service
${deviceProcessName}Name of the executable corresponding to dvcpid
${deviceProduct}The product family. This is always Security Analytics Audit.
${deviceService}Service responsible for generating the event
${deviceVendor}The product vendor, RSA
${deviceVersion}Host/Service version
${identity}Identity of the logged on user responsible for generating the audit event
${key}A configuration item key. It is the config param for which the audit event is captured.
${operation}Description of the event
${outcome}Outcome of the operation performed corresponding to the audit event
${parameters}API and Operation parameters, which capture specific parameters about a query
${referrerUrl}The parent URL that refers to the current URL
${sessionId}Session or connection identifier
${severity}Severity of the audit event
${sourceAddress}Source IP Address
${sourcePort}Source Port
${sourceService}The service that is responsible for generating this event
${text}Free text, extra information, or actual description for the event
${timestamp}Time at which the event is reported
${transportProtocol}Network protocol used
${userAgent}Browser detail of the user accessing the page
${userGroup}Role assignment
${userRole}User role permissions assignment
${value}A configuration value. It is the value captured during the update.
You are here
Table of Contents > References > Global Audit Logging Configurations Panel > Supported Global Audit Logging Meta Key Variables