Highlighted
Frequent Contributor.
Frequent Contributor.
516 views

Parse Additional Data in RSA Authentication Manager 7.1

Hi, we are receiving RSA Authentication Manager 7.1 SP4P8  events via SNMP.    The current connector version 5.2.2 doesn't parses the token serial number.

Here is a raw event :

VarBind #2
    1.3.6.1.4.1.2197.20.16.6.0
    StringValue: Runtime event {ID: cc42150bafc2388e01702347307ef9b8, time: Thu May 8 15:19:04 GMT-05:00 2012, client: 192.168.10.100, user: User [ID: 6ce1df98afc2388e00e9f2f73bd439e6, session ID: cc42149eafc2388e016a9d561fbf5be0-cve/aTRvBNQL, login name: jhon, first name: JHON, last name: DOE, security domain ID: 000000000000000000001000e0011000, identity source ID: 6cc1057bafc2388e0271a8af290d6548], action: AUTHN_LOGIN_EVENT, action id: 13002, result: SUCCESS, reason: AUTHN_METHOD_SUCCESS, agent: Agent [ID: e6d71da1afc2388e018d427ab1cec36d, name: exchangesrve1, address: 192.168.10.20, type: 7, security domain ID: 000000000000000000001000e0011000], policy: Policy [method ID: 000000000000000000002000f1022000, policy ID: null, method name: SecurID_Native, policy expression: null], arguments: [AUTHN_LOGIN_EVENT, 5, 1, 000000000000000000001000e0011000, SystemDomain, 6cbbe18dafc2388e01039a500274f335, OWA USERS, 6cbbca0dafc2388e01b57d97b1cb7a99, 000107498463, null]}
    TimeStamp: 0
    Type: ASN_OCTSTR
    Value: Runtime event {ID: cc42150bafc2388e01702347307ef9b8, time: Thu May 8 15:19:04 GMT-05:00 2012, client: 192.168.10.100, user: User [ID: 6ce1df98afc2388e00e9f2f73bd439e6, session ID: cc42149eafc2388e016a9d561fbf5be0-cve/aTRvBNQL, login name: jhon, first name: JHON, last name: DOE, security domain ID: 000000000000000000001000e0011000, identity source ID: 6cc1057bafc2388e0271a8af290d6548], action: AUTHN_LOGIN_EVENT, action id: 13002, result: SUCCESS, reason: AUTHN_METHOD_SUCCESS, agent: Agent [ID: e6d71da1afc2388e018d427ab1cec36d, name: exchangeserve1, address: 192.168.10.20, type: 7, security domain ID: 000000000000000000001000e0011000], policy: Policy [method ID: 000000000000000000002000f1022000, policy ID: null, method name: SecurID_Native, policy expression: null], arguments: [AUTHN_LOGIN_EVENT, 5, 1, 000000000000000000001000e0011000, SystemDomain, 6cbbe18dafc2388e01039a500274f335, OWA USERS, 6cbbca0dafc2388e01b57d97b1cb7a99, 000107498463, null]}
VarBind #3
    1.3.6.1.4.1.2197.20.16.8.0
    StringValue: AUTHN_METHOD_SUCCESS
    TimeStamp: 0
    Type: ASN_OCTSTR
    Value: AUTHN_METHOD_SUCCESS

We have tried to  map additional fields and verified that that serial number is contained in the arguments field.

Will appreciate if somebody can provide assistance on how to create a parser override to map this serial number for this SNMP based connector.

Thks

Mario

Labels (2)
0 Likes
Reply
1 Reply
Highlighted
Absent Member.
Absent Member.

Mario,

Were able to log the fields you could not?  We are in a similar situation where we would like the type field present in the RSA SNMP events.

- Brandon

0 Likes
Reply
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.