CEF Log File
CEF Log File Transport Settings
The transportation settings are used to access the server where the log file containing the activity data resides.
Transport Type – depending on the transport type selected you will see the following:
local
If the CEF log file containing the activity data is on the same server as IdentityIQ, no further connection-type information is required.
ftp
FTP User – a valid user name with authentication access to the FTP host.
FTP Password – the password associated with the FTP user.
FTP Host – the host where the log file resides.
scp
SCP User – a valid user name with authentication access to the SCP host.
SCP Password – the password associated with the SCP user.
SCP Host – the host where the log file resides.
SCP Private Key – the private key that is used to encrypt the collected data.
CEF Log File Settings
The log file settings are used to define the query used to collect the activity data.
File Name
The name of the CEF log file containing the activity data.
Lines to Skip
The number of lines to skip before starting the scan for activity information.
Filter Nulls
Skip lines that do not conform to the defined format.
Multi-lined Data
A single record in this file spans multiple rows.
Regular Expression
A regular expression groups that can be used to tokenize each record in the file. The format of CEF Log File. For example, (\w\w\w\s\d\d\s\d\d:\d\d:\d\d)\s(.*)CEF:(.*)\|(.*)\|(.*)\|(.*)\|(.*)\|(.*)\|(.*)\|(.*)(.*)
CEF Log Fields
The log field settings are used to create the log fields based on the column headings in the log file.
Name
The name of the CEF log field to create based on a column name from the CEF log file.
Trim Value
Remove white space around the column name before creating the CEF log field.
Drop Nulls
If the column by this name is null, ignore this record. For example, if the user field is null, then the record cannot be correlated to a IdentityIQ identity and, therefore, cannot be used by IdentityIQ.
IdentityIQ uses connectors to extract data and transform it into a format it can read. A connector is a Java class that extends the IdentityIQ AbstractConnector class and implements the IdentityIQ Connector interface. Connectors provide the means by which IdentityIQ communicates with targeted platforms, applications and systems. Each application type requires different information to create and maintain a connection. For detailed connector information refer to the connector documentation delivered with IdentityIQ.