Tokens
Tokens expand to the values of the token name for the current session.
Supported tokens:
- $(ACTUAL_CLIENT_IP)$
- $(ANALYZED_CLIENT_IP)$
- $(AUTH_TYPE)$
- $(CLIENT_HOST_NAME)$
- $(CLIENT_OS_NAME)$
- $(CLIENT_IP)$
- $(CLOGIN_FAILURES)$
- $(COMMAD)$
- $(CSESSIONS)$
- $(CTIMEZONE)$
- $(DATETIME)$
- $(DB_NAME)$
- $(DB_TYPE)$
- $(DB_USER)$
- $(ERROR)$
- $(NET_PROTOCOL)$
- $(OS_USER)$
- $(PE_EXCEPTION)$
- $(SENDER_IP)$
- $(SERVER_DESCRIPTION)$
- $(SERVER_HOST_NAME)$
- $(SERVER_IP)$
- $(SERVER_OS NAME)$
- $(SERVICE_NAME)$
- $(SESSION_INFO)$ (return format: client_ip:client_port <-> server_ip:server_port)
- $(SOURCE_PROGRAM)$
Token are allowed in:
- Exception message (EXC_MSG)
- Output format (OUTPUT_FORMAT)
- Search pattern (SEARCH_PATTERN)
- Search prefix (SEARCH_PREFIX)
Example:session_level_policies_actions_transform
SR_POLICIES
{
IF(OS_USER = 'SALLY')
{
TRANSFORM_OS_USER SOURCE = CLIENT_HOST_NAME SEARCH_PATTERN = '$(SERVER_HOST_NAME)$ ' OUTPUT_FORMAT = $(DB_USER)$
}
}
If CLIENT_HOST_NAME is the same as SERVER_HOST_NAME, replace OS_USER with DB_USER only
when OS_USER = 'SALLY'.