Tokens

Tokens expand to the values of the token name for the current session.

Supported tokens:
  • $(ACTUAL_CLIENT_IP)$
  • $(ANALYZED_CLIENT_IP)$
  • $(AUTH_TYPE)$
  • $(CLIENT_HOST_NAME)$
  • $(CLIENT_OS_NAME)$
  • $(CLIENT_IP)$
  • $(CLOGIN_FAILURES)$
  • $(COMMAD)$
  • $(CSESSIONS)$
  • $(CTIMEZONE)$
  • $(DATETIME)$
  • $(DB_NAME)$
  • $(DB_TYPE)$
  • $(DB_USER)$
  • $(ERROR)$
  • $(NET_PROTOCOL)$
  • $(OS_USER)$
  • $(PE_EXCEPTION)$
  • $(SENDER_IP)$
  • $(SERVER_DESCRIPTION)$
  • $(SERVER_HOST_NAME)$
  • $(SERVER_IP)$
  • $(SERVER_OS NAME)$
  • $(SERVICE_NAME)$
  • $(SESSION_INFO)$ (return format: client_ip:client_port <-> server_ip:server_port)
  • $(SOURCE_PROGRAM)$
Token are allowed in:
  • Exception message (EXC_MSG)
  • Output format (OUTPUT_FORMAT)
  • Search pattern (SEARCH_PATTERN)
  • Search prefix (SEARCH_PREFIX)
Example:session_level_policies_actions_transform
SR_POLICIES
{
             IF(OS_USER = 'SALLY')
           {
TRANSFORM_OS_USER SOURCE = CLIENT_HOST_NAME SEARCH_PATTERN = '$(SERVER_HOST_NAME)$ ' OUTPUT_FORMAT = $(DB_USER)$
           }
}
If CLIENT_HOST_NAME is the same as SERVER_HOST_NAME, replace OS_USER with DB_USER only when OS_USER = 'SALLY'.