000031211 - IMG How to run a report showing failed authentication attempts

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000031211
Applies ToRSA Product Set: Identity Management and Governance, RSA Via Lifecycle and Governance
RSA Product/Service Type: Appliance
RSA Version/Condition: 6.9.1, 7.0
IssueHow do you audit successful and unsuccessful authentication attempts to the Aveksa console?
ResolutionFor Aveksa 6.9.1 and later the information about successful and unsuccessful authentication attempts is stored in the view V_AUDIT_EVENTS_LAST30 and is reported in the default report "Audit Events for the Past 30 Days" that is available under the Reports menu.  
NotesHere is an example of the report format showing examples for invalid username, invalid password, and valid username and password. 
User IDFirst NameLast NameEmailTimestampClient IpClientServer IpEventEvent Name
AveksaAdminAveksaAdmin AveksaAdmin@vcloud.local9/10/2015 11:57127.0.0.1AveksaAdmin192.168.26.114LOGINLoginUserSessionId
    9/10/2015 11:57127.0.0.1AveksaAdmin192.168.26.114LOGINLoginFailureAttempt
    9/10/2015 11:57127.0.0.1AveksaAdmin192.168.26.114LOGINLoginUserSessionId
    9/10/2015 11:56127.0.0.1BadUserName192.168.26.114LOGINLoginFailureAttempt
    9/10/2015 11:56127.0.0.1BadUserName192.168.26.114LOGINLoginUserSessionId