SecureAuth Multi Factor Authentication Syslog Parser

Document created by andrew.dalbor on Feb 25, 2016
Version 1Show Document
  • View in full screen mode

This is a custom syslog parser I wrote for SecureAuth's MFA product.  This is used with the "AUDIT" syslog settings configured as default in SecureAuth.

 

This is not all inclusive of every eventid but does include almost all that I have run across in our production/test environment so far.

 

As I encounter other eventids I will update the parser to include them.

 

Disclaimer: I am in no way a regex expert lol

Outcomes