Aurora Protect Desktop devices
Selecting this option sends device events to the syslog server.
| Field | Value | Description |
|---|---|---|
|
Agent Version |
[varies] |
This is the version of the Aurora Protect Desktop agent installed on the device. |
|
CylanceOPTICS Version |
[varies] | If Aurora Focus is enabled, this is the version of the Aurora Focus agent installed on the device. |
|
Device Message |
[varies] |
The message is populated when the device details are changed by the user. This can include: name change, policy change, zone changes, log level change, and self-protection level change. |
|
Device Name |
[varies] |
This is the name of the device. |
|
Event Type |
Device |
This is a device event. |
|
Event Name |
Device Policy Assigned |
A policy was assigned to the device. |
|
Device Removed |
The device was removed from the management console. |
|
|
Device Updated |
The device was updated. |
|
|
Device Assigned to Zone |
The device was assigned to a zone or zones. |
|
|
Registration |
A new device was registered with the management console. |
|
|
System Security |
A message that is logged after a new device is registered and when a user logs on to the device. |
|
|
IP Address |
[varies] |
This is the IP address for the device. |
|
Kernel Version |
[varies] | This is the operating system's running kernel version on the device. |
|
Logged On Users |
[varies] |
These are the users currently logged on to the device. This could be the email address and/or user’s name. |
|
MAC Address |
[varies] |
This is the MAC address for the device. |
|
OS |
[varies] |
This is the operating system used on the device. |
|
Policy Change |
[varies] |
This shows the previous policy and the new policy assigned to the device. |
|
Policy Name |
[varies] |
This is the name of the policy assigned to the device. |
|
Renamed |
“device_name” to “device_name” |
This shows the previous name and the new name for the device. |
|
User |
[varies] |
This is the name of the user updating the device. |
|
Zones Added |
[varies] |
These are the zone names to which the device has been added. |
|
Zone Name |
[varies] |
These are the zone names to which the device is assigned. |
New device registration events
When a new device is registered, you will receive two messages for this event: Registration and SystemSecurity.
SystemSecurity messages are also generated when a user logs on to a device, so you may receive this message after registration.
BlackBerry Protect Desktop: Event Type: Device, Event Name: Registration, Device Name: WIN-55NATVQHBUBlackBerry Protect Desktop: Event Type: Device, Event Name: SystemSecurity, Device Name: WIN-55NATVQHBUU, Agent Version: 1.1.1270.58, IP Address: (10.3.0.154), MAC Address: (005056881877), Logged On Users: (WIN-55NATVQHBUU\Administrator), OS: Microsoft Windows Server 2008 R2 Standard Service Pack 1 x64 6.1.7601Example message when removing a device
When a device is removed, you will receive the following message for this event: Device Removed.
BlackBerry Protect Desktop: Event Type: Device, Event Name: Device Removed, Device Names: (jsmithxp-test), User: (jsmith@contoso.com)Example message when updating a device
When a device’s policy, zone, name, or logging level has changed, you will receive the following message for this event: Device Updated.
BlackBerry Protect Desktop: Event Type: Device, Event Name: Device Updated, Device Message: Renamed: 'WIN-55NATVQHBUU' to 'WIN-2008R2-IRV1'; Policy Changed: 'Default' to 'IRVPolicy1'; Zones Added: 'IRV1', User: John Smith (johnsmith@contoso.com)