When using Syslog as an event source, UserGate filters events according to the agent's UserID filters specified by Syslog. Syslog filters are standard regular expressions that users can write themselves. Two types of filters are provided as standard:
|
Name |
Description |
|---|---|
|
SSH Authentication |
A filter for tracking SSH login/logout events in Syslog logs. |
|
Unix PAM Authentication |
A filter to track user logon/logoff events using Pluggable Authentication Modules (PAM) technology in syslog logs. |
Note You can create additional rules using regular expressions. Thus, syslog filters are a versatile tool that can be used in almost any case.
The found events are displayed on the Logs and reports tab, under Logs ➜ User-ID agent ➜ Syslog.