Skip navigation
All Places > Products > RSA NetWitness Platform > RSA NetWitness Platform Online Documentation > Documents
Log in to create and rate content, and to follow, bookmark, and share content with other members.

NW Cfg: Supported Global Audit Logging Meta Key Variables

Document created by RSA Information Design and Development Employee on Sep 14, 2017Last modified by RSA Information Design and Development Employee on Nov 11, 2020
Version 20Show Document
  • View in full screen mode

This topic describes the meta key variables that NetWitness Platform global audit logging supports.

NetWitness Platform provides predefined global audit logging templates that you can use for your global audit logging configurations. For third-party syslog servers, you can define your own template format (CEF or non-CEF) using supported meta key variables.

Procedures related to this table are described in Define a Template for Global Audit Logging and Configure Global Audit Logging.

Supported Global Audit Logging Meta Key Variables 

The following table describes the meta key variables that NetWitness Platform global audit logging supports. Use these values to create a custom audit logging template for a third-party syslog server. 

%{category}Identifier of the audit event. It specifies the the category of the audit event.
%{destinationAddress}Destination IP Address
%{destinationPort}Destination Port
%{deviceExternalId}Unique ID of the service generating the audit event
%{deviceFacility}Syslog facility used when writing the event to syslog daemon. For example, authpriv.
%{deviceProcessId}ID of the process generating the event, which is the process ID of the NetWitness Platform service
%{deviceProcessName}Name of the executable corresponding to dvcpid
%{deviceProduct}The product family. This is always NetWitness Platform Audit.
%{deviceService}Service responsible for generating the event
%{deviceVendor}The product vendor, RSA
%{deviceVersion}Host/Service version
%{identity}Identity of the logged on user responsible for generating the audit event
%{key}A configuration item key. It is the config param for which the audit event is captured.
%{operation}Description of the event
%{outcome}Outcome of the operation performed corresponding to the audit event
%{parameters}API and Operation parameters, which capture specific parameters about a query
%{referrerUrl}The parent URL that refers to the current URL
%{sessionId}Session or connection identifier
%{severity}Severity of the audit event
%{sourceAddress}Source IP Address
%{sourcePort}Source Port
%{sourceService}The service that is responsible for generating this event
%{text}Free text, extra information, or actual description for the event
%{timestamp}Time at which the event is reported
%{transportProtocol}Network protocol used
%{userAgent}Browser detail of the user accessing the page
%{userGroup}Role assignment
%{userRole}User role permissions assignment
%{value}A configuration value. It is the value captured during the update

You are here
Table of Contents > References > Global Audit Logging Configurations Panel > Supported Global Audit Logging Meta Key Variables