Run external program variables in LA
The Run an external program rule actions allow you to set command line arguments for your executed program or script. As a parameter, you can use variables which will translate to a corresponding string before the program/script is executed.
List of available variables
| General variable definition | Description |
|---|---|
|
${IpAddress} |
The IP address of the source device |
|
${DateTime} |
The current date and time - String format MM/dd/yyyy hh:mm |
|
${Date} |
The current date - String format MM/dd/yyyy |
|
${LongDate} |
The current date - Example: "Tuesday, August 25, 2020" |
|
${LongTime} |
The current time - Example: 12:23:19 PM |
|
${DayOfWeek} |
The current day of the week - Example: "Tuesday" |
|
${Year} |
The current year |
|
${Hour} |
The current hour |
|
${Minute} |
The current minute |
|
${Second} |
The current second |
|
${NodeID} |
The node ID of the source device |
|
${Message} |
The message attached to this entry |
|
${Hostname} |
The node caption of the source device |
|
${Level} |
The severity level of the message |
|
${SourceType} |
The message source type (Syslog, Traps, WindowsEvents,VMwareEvents, FlatFiles) |
|
${Vendor} |
The vendor of the source device |
|
${MachineType} |
The machine type of the source device |
| Trap variable definition | Description |
|---|---|
|
${TrapType} |
The message trap type |
|
${TrapOid} |
The corresponding trap oid to trap type |
|
${Community} |
The SNMP trap community string for message entry |
|
${VarBindingNames} |
Dot notation (see chapter below) |
|
${VarBindingValues} |
Dot notation (see chapter below) |
| Syslog variable definition | Description |
|---|---|
|
${FacilityName} |
The Syslog facility name of this entry |
| Window event variable definition | Description |
|---|---|
|
${LogName} |
The name of the Windows log |
|
${ProviderName} |
The source of the software that logs the event |
|
${User} |
The Windows username for the corresponding message. Can be "N/A" |
|
${EventData} |
Dot notation (see chapter below) |
| Log files variable definition | Description |
|---|---|
|
${Filename} |
The name of the file to which the message belongs |
Accessing fields using Dot notation
Dot notation is available for following fields:
-
EventData (Windows Events)
-
VarBindingNames (Traps) - Returns human readable (oid converted to its string represantation, values converted to times, ...) varbinding values
-
VarBindingValues (Traps) - Returns raw varbinding values
Variables from these mentioned fields can be accessed using RootField.name of the variable.
Examples:
| Variable | Example output |
|---|---|
|
${EventData.SubjectDomainName} |
WORKGROUP |
|
${EventData.ProcessName} |
C:\Windows\System32\services.exe |
|
${VarBindingNames.sysUpTime} |
42 days 0 hours 34 minutes 15,25 seconds |
|
${VarBindingValues.1.3.6.1.2.1.1.3.0} |
363085525 |
|
${VarBindingNames.snmpTrapEnterprise} |
SNMPv2-SMI:enterprises.2854 |
|
${VarBindingValues.1.3.6.1.2.1.1.3.0} |
1.3.6.1.4.1.2854 |