000027029 - Determine the specific log events that correspond to the RSA Auhentication Manager 6.1 Usage Summary Report's Allowed Access and Denied Access messages

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 5Show Document
  • View in full screen mode

Article Content

Article Number000027029
Applies ToRSA Product Set: SecurID
RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 2.0, 6.1
IssueThis article provides information on how to determine the specific log events that correspond to the Usage Summary Report's "Allowed Access" and  "Denied Access" totals.
Resolution
  1. From Host Mode or Remote Mode, navigate to Add > Custom Queries > Reports to add these queries to your Authentication Manager.
  2. The following example custom query will output the specific log message, date/time, and user affected by each "Allowed Access" event:
SELECT SDLogMessage.chShortMessage, dtLocalDate, tLocalTOD, chLogin,chTokenSerialNum, chAffectedUserName 
FROM SDLogEntry JOIN SDLogMessage ON SDLogEntry.iMessageNum = SDLogMessage.iMessageNum
WHERE  SDLogEntry.iMessageNum = 1011 OR SDLogEntry.iMessageNum = 1057
OR SDLogEntry.iMessageNum = 8202 OR SDLogEntry.iMessageNum = 8231 OR SDLogEntry.iMessageNum = 8237

  1. The following custom query will output the specific log message, date/time, and user affected by each "Denied Access" event:
SELECT SDLogMessage.chShortMessage, dtLocalDate, tLocalTOD, chLogin,chTokenSerialNum, chAffectedUserName 
FROM SDLogEntry JOIN SDLogMessage ON SDLogEntry.iMessageNum = SDLogMessage.iMessageNum
WHERE SDLogEntry.iMessageNum = 144
OR SDLogEntry.iMessageNum = 146
OR SDLogEntry.iMessageNum = 147
OR SDLogEntry.iMessageNum = 1000
OR SDLogEntry.iMessageNum = 1001
OR SDLogEntry.iMessageNum = 1003
OR SDLogEntry.iMessageNum = 1004
OR SDLogEntry.iMessageNum = 1005
OR SDLogEntry.iMessageNum = 1006
OR SDLogEntry.iMessageNum = 1007
OR SDLogEntry.iMessageNum = 1008
OR SDLogEntry.iMessageNum = 1033
OR SDLogEntry.iMessageNum = 1038
OR SDLogEntry.iMessageNum = 1039
OR SDLogEntry.iMessageNum = 1041
OR SDLogEntry.iMessageNum = 1042
OR SDLogEntry.iMessageNum = 1046
OR SDLogEntry.iMessageNum = 1071
OR SDLogEntry.iMessageNum = 1072
OR SDLogEntry.iMessageNum = 1081
OR SDLogEntry.iMessageNum = 1082
OR SDLogEntry.iMessageNum = 1083
OR SDLogEntry.iMessageNum = 1091
OR SDLogEntry.iMessageNum = 1110
OR SDLogEntry.iMessageNum = 8207
OR SDLogEntry.iMessageNum = 8212
OR SDLogEntry.iMessageNum = 8233
OR SDLogEntry.iMessageNum = 8234
OR SDLogEntry.iMessageNum = 8235
OR SDLogEntry.iMessageNum = 8236

NotesSee how to determine the message numbers used in the SDLogMessage table (part of SDLog database) to create custom queries based on logged events to determine the specific SDLogEntry.iMessageNum values to use for your specific query needs.
Legacy Article IDa40458

Attachments

    Outcomes