Authentication ASIM parser for OpenSSH sshd
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
Parser Information
| Property | Value |
|---|---|
| Parser Name | ASimAuthenticationSshd |
| Built-in Parser | _ASim_Authentication_Sshd |
| Schema | Authentication |
| Schema Version | 0.1.3 |
| Parser Type | 🔌 Source (product-specific) |
| Product | OpenSSH |
| Parser Version | 0.3.1 (version history) |
| Last Updated | Jan 29, 2026 |
| Unifying Parser | ASimAuthentication |
| Source File | Parsers\ASimAuthentication\Parsers\ASimAuthenticationSshd.yaml |
Description
This ASIM parser supports normalizing OpenSSH server (sshd) sign in logs, collected using Syslog to the ASIM Authentication schema.
Source Tables
This parser reads from the following tables:
| Table | Selection Criteria | Transformations | Ingestion API | Lake-Only |
|---|---|---|---|---|
Syslog |
ProcessName == "sshd"SyslogMessage has "Failed"SyslogMessage has "but this does not map back to the address"SyslogMessage has "key RSA"SyslogMessage has "publickey"SyslogMessage startswith "Accepted"SyslogMessage startswith "Failed"SyslogMessage startswith "Invalid user"SyslogMessage startswith "Nasty PTR record"SyslogMessage startswith "Timeout"SyslogMessage startswith "message repeated"SyslogMessage startswith "reverse mapping checking getaddrinfo for" |
✓ | ✓ | ? |
Parameters
| Name | Type | Default |
|---|---|---|
disabled |
bool | False |
Associated Connectors
The following connectors provide data for this parser:
| Connector | Solution |
|---|---|
| SyslogAma | Syslog |
Solutions: Syslog
References
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊