Syslog audit event handler properties

The JMS, Repository, Router, and Syslog audit event handlers are deprecated and will be removed in a future release of IDM. Use the JSON audit event handler or similar to export your data to a third-party audit framework, such as Elastic Stack.

UI Label / Text audit.json File Label Description

UI Label / Text	audit.json File Label	Description
protocol	`protocol`	Transport protocol for Syslog messages; may be `TCP` or `UDP`.
host	`host`	Host name or IP address of the receiving Syslog server.
port	`port`	The TCP/IP port number of the receiving Syslog server.
connectTimeout	`connectTimeout`	Timeout for connecting to the Syslog server (seconds).
facility	`facility`	Options shown in the admin UI, `KERN`, `USER`, `MAIL`, `DAEMON`, `AUTH`, `SYSLOG`, `LPR`, `NEWS`, `UUCP`, `CRON`, `AUTPRIV`, `FTP`, `NTP`, `LOGAUDIT`, `LOGALERT`, `CLOCKD`, `LOCAL0`, `LOCAL1`, `LOCAL2`, `LOCAL3`, `LOCAL4`, `LOCAL5`, `LOCAL6`, `LOCAL7` correspond directly to facility values shown in RFC 5424 - The Syslog Protocol.
SeverityFieldMappings	`severityFieldMappings`	Sets the correspondence between audit event fields and Syslog severity values.
topic	`topic`	Severity Field Mappings: the audit event topic to which the mapping applies.
field	`field`	Severity Field Mappings: the audit event field to which the mapping applies; taken from the JSON schema for the audit event content.
Value Mappings	`valueMappings`	Severity Field Mappings: The map of audit event values to Syslog severities. Syslog severities may be: EMERGENCY, ALERT, CRITICAL, ERROR, WARNING, NOTICE, INFORMATIONAL, or DEBUG, in descending order of importance.
Buffering	`buffering`	Disabled by default; all messages written immediately to the log.

protocol

protocol

Transport protocol for Syslog messages; may be TCP or UDP.

host

host

Host name or IP address of the receiving Syslog server.

port

port

The TCP/IP port number of the receiving Syslog server.

connectTimeout

connectTimeout

Timeout for connecting to the Syslog server (seconds).

facility

facility

Options shown in the admin UI, KERN, USER, MAIL, DAEMON, AUTH, SYSLOG, LPR, NEWS, UUCP, CRON, AUTPRIV, FTP, NTP, LOGAUDIT, LOGALERT, CLOCKD, LOCAL0, LOCAL1, LOCAL2, LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7 correspond directly to facility values shown in RFC 5424 - The Syslog Protocol.

SeverityFieldMappings

severityFieldMappings

Sets the correspondence between audit event fields and Syslog severity values.

topic

topic

Severity Field Mappings: the audit event topic to which the mapping applies.

field

field

Severity Field Mappings: the audit event field to which the mapping applies; taken from the JSON schema for the audit event content.

Value Mappings

valueMappings

Severity Field Mappings: The map of audit event values to Syslog severities. Syslog severities may be: EMERGENCY, ALERT, CRITICAL, ERROR, WARNING, NOTICE, INFORMATIONAL, or DEBUG, in descending order of importance.

Buffering

buffering

Disabled by default; all messages written immediately to the log.

PingIDM 8.0.0

Syslog audit event handler properties