NW Cfg: Supported Global Audit Logging Meta Key Variables

Document created by RSA Information Design and Development on Sep 14, 2017Last modified by RSA Information Design and Development on Oct 13, 2017
Version 8Show Document
  • View in full screen mode
  

This topic describes the meta key variables that NetWitness Suite global audit logging supports.

NetWitness Suite provides predefined global audit logging templates that you can use for your global audit logging configurations. For third-party syslog servers, you can define your own template format (CEF or non-CEF) using supported meta key variables.

Procedures related to this table are described in Define a Template for Global Audit Logging and Configure Global Audit Logging.

Supported Global Audit Logging Meta Key Variables 

The following table describes the meta key variables that NetWitness Suite global audit logging supports. Use these values to create a custom audit logging template for a third-party syslog server. 

                                                                                                                               
VariableDescription
${category}Identifier of the audit event. It specifies the the category of the audit event.
${destinationAddress}Destination IP Address
${destinationPort}Destination Port
${deviceExternalId}Unique ID of the service generating the audit event
${deviceFacility}Syslog facility used when writing the event to syslog daemon. For example, authpriv.
${deviceProcessId}ID of the process generating the event, which is the process ID of the NetWitness Suite service
${deviceProcessName}Name of the executable corresponding to dvcpid
${deviceProduct}The product family. This is always NetWitness Suite Audit.
${deviceService}Service responsible for generating the event
${deviceVendor}The product vendor, RSA
${deviceVersion}Host/Service version
${identity}Identity of the logged on user responsible for generating the audit event
${key}A configuration item key. It is the config param for which the audit event is captured.
${operation}Description of the event
${outcome}Outcome of the operation performed corresponding to the audit event
${parameters}API and Operation parameters, which capture specific parameters about a query
${referrerUrl}The parent URL that refers to the current URL
${sessionId}Session or connection identifier
${severity}Severity of the audit event
${sourceAddress}Source IP Address
${sourcePort}Source Port
${sourceService}The service that is responsible for generating this event
${text}Free text, extra information, or actual description for the event
${timestamp}Time at which the event is reported
${transportProtocol}Network protocol used
${userAgent}Browser detail of the user accessing the page
${userGroup}Role assignment
${userRole}User role permissions assignment
${value}A configuration value. It is the value captured during the update
You are here
Table of Contents > AdditionalProcedures > Supported Global Audit Logging Meta Key Variables

Attachments

    Outcomes