000022584 - How to determine the message numbers used in the SDLogMessage table (part of SDLog database) to create custom queries based on logged events

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000022584
Applies ToRSA ACE/Server 5.2 and later
RSA Authentication Manager
message numbers
IssueHow to determine the message numbers used in the SDLogMessage table (part of SDLog database) to create custom queries based on logged events
Part of the "Recent_User_Additions" custom query searches for SDLogEntries where SDLogEntry.iMessageNum = 4014
Resolution

Custom query "List_All_Log_Activity_Except_Incident_Events" provides the log message numbers (SDLogEntry.iMessageNum) values that can be used to query for events using the same technique as the "Recent User Additions" query.  Some interesting SDLogEntry message numbers output by the query include:

"140","PIN created by user"

"143","Token disabled  suspect stolen"
...
"4014","Added user"
"4017","Deleted user"

...


 

Legacy Article IDa39410

Attachments

    Outcomes