Skip to content

Instantly share code, notes, and snippets.

@chrisberkhout
Last active October 24, 2024 12:58
Show Gist options
  • Save chrisberkhout/53cf44d71cd8ff1cf677fa3445afde78 to your computer and use it in GitHub Desktop.
Save chrisberkhout/53cf44d71cd8ff1cf677fa3445afde78 to your computer and use it in GitHub Desktop.
CyberArk Vault syslog translator file: RFC5424Changes.xsl

Source

CyberArk community: PTA - Syslog messages from Vault not parsing correctly and causing error in diamond log

Related documentation

CyberArk Privileged Access Manager - Self-Hosted
└ Administrator
    └ Components
        └ Digital Vault
            └ Operate the CyberArk Vault
                └ Integrate the Digital Vault with Third-Party Components
                    └ Security Information and Event Management (SIEM) Applications

<?xml version="1.0"?>
<xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform" version="1.0">
<xsl:output method="text" version="1.0" encoding="UTF-8"/>
<xsl:template match="*">
<xsl:choose>
<xsl:when test="audit_record/Rfc5424='yes'">
<xsl:text>&lt;</xsl:text>
<!-- the character '<' -->
<xsl:choose>
<xsl:when test="audit_record/Severity='Critical'">10</xsl:when>
<xsl:when test="audit_record/Severity='Error'">7</xsl:when>
<xsl:when test="audit_record/Severity='Info'">5</xsl:when>
<xsl:otherwise>0</xsl:otherwise>
</xsl:choose>
<xsl:text>&gt;</xsl:text>
<!-- the character '>' -->
<xsl:text>1 </xsl:text>
<!-- Syslog Version -->
<xsl:value-of select="audit_record/IsoTimestamp"/>
<xsl:text> </xsl:text>
<!-- space -->
<xsl:value-of select="audit_record/Hostname"/>
<xsl:text> </xsl:text>
<!-- space -->
</xsl:when>
</xsl:choose>
</xsl:template>
</xsl:stylesheet>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment