Skip to content

RSA SecureID

Key facts

  • Requires vendor product by source configuration
  • Legacy BSD Format default port 514
Ref Link
Splunk Add-on
Product Manual


sourcetype notes
rsa:securid:syslog Catchall; used if a more specific source type can not be identified
rsa:securid:admin:syslog None
rsa:securid:runtime:syslog None
nix:syslog None

Sourcetype and Index Configuration

key sourcetype index notes
dell-rsa_secureid all netauth none
dell-rsa_secureid_trace rsa:securid:trace netauth none
dell-rsa_secureid nix:syslog osnix uses os_nix key of not configured bye host/ip/port

Parser Configuration

#File name provided is a suggestion it must be globally unique

application app-vps-test-dell_rsa_secureid[sc4s-vps] {
 filter { 
        host("test_rsasecureid*" type(glob))
    parser {