EventValve
Note
Create custom events in execution flow of a PIPE.
Properties
| Name | Description | Default value | Mandatory | Supports property expansion |
|---|---|---|---|---|
| severity | Sverity marker in log file. Supported values are the levels listed at the [audit logs introduction](xref: audit-logs-introduction) (TRACE, DEBUG, INFO, NOTICE, WARNING, ERROR, CRITICAL, ALERT, EMERGENCY) |
INFO | No | No |
| auditLogId | The ID of the audit log. Should be a short unique identifier for this type of event. Example: my_event_id |
Yes | No | |
| auditLogName | The audit log name, should be a short name for the event like User authenticated via XYZ |
Yes | No | |
| extensionAttributes | Additional attributes to include in the log as extensions. Syntax is JSON object with key value pairs. Example: { "duser": "{{item.userid}}" } |
No | Yes - values supports expansion |
Legacy event
This valve is compatible with both the new audit log format, and the old legacy event format.
If the global variable com.phenixidentity.globals.enableLegacyEvents is set to true a legacy
event will be created from the legacy configuration parameters below.
Legacy properties
| Name | Description | Default value | Mandatory | Supports property expansion |
|---|---|---|---|---|
| event_key | Event key to use, see events list. | Yes | No | |
| parameters | Additional parameters. Syntax used is JSONArray with JSON object containing key and value: "parameters":[{"key":"value"}] Allowed event parameter keys are described below. | No | Yes - "value" supports expansion |
Parameter keys
Event parameters used are based on the CEF standard. Legacy events are limited to these parameters, but new audit logs can have any key value pair. It is however recommended to use the CEF standard attributes when possible.
| Event parameter key name | Description |
|---|---|
| dst | Destination |
| dhost | Host |
| dpt | Port |
| duser | UserID |
| destinationServiceName | Service name |
| proto | Protocol |
| request | Request URL |
| requestClientApplication | Client application |
| requestCookies | Request cookie |
| requestMethod | Request method |
| src | Source |
| shost | Source host |
| spt | Source port |
| suser | Source user |
| msg | Message |
| phenixIDIdentifier | Identifier |
| phenixIDTenantId | Tenant |
| phenixIDSessionId | Session id |
| phenixIDx509Subject | Subject |
| phenixIDx509Issuer | Issuer |
| phenixIDx509Thumbprint | Thumbprint |
| hwTokenId | Token id |
| phenixIDExpiry | Expiry |
Example Configuration
Below is a configuration that includes both a modern event and a legacy event.
{
"id" : "6a6a8125-13e1-4c3d-93c5-dad2f3a0e7aa",
"name" : "EventValve",
"enabled" : "true",
"config" : {
"proceed_on_error" : "false",
"severity" : "INFO",
"auditLogName" : "My custom event 1",
"auditLogId" : "my_custom_event",
"extensionAttributes" : {
"src" : "{{request.resolvedclientip}}",
"duser" : "{{item.uid}}"
},
"event_key": "EVT_000098",
"parameters" : [ {
"name" : "src",
"value" : "{{request.resolvedclientip}}"
}, {
"name" : "duser",
"value" : "{{item.uid}}"
} ]
}