Audit Log Events for the Identity Router

Document created by RSA Information Design and Development on Jul 14, 2016Last modified by RSA Information Design and Development on Oct 20, 2017
Version 20Show Document
  • View in full screen mode
  

RSA SecurID Access generates audit log messages describing user activities and other events that occur on the identity router. You can configure the identity router to send these details to a syslog server where you can view them directly.

 
                                      
User Audit Events Descriptions
USER_AUTHZ A user established a session to access applications available to that user.
USER_EDIT_KEYCHAIN A user profile (keychain) was edited.
USER_LOGIN

A user attempted to authenticate and establish a session through the application portal.

If the user is redirected using the singlepoint-next-redirect parameter, the message contains the redirect details. The identity router allows redirects only to hostnames associated with your Protected Domain Name, configured applications, or configured identity providers.

To view a list of the allowed redirects for your deployment:

  1. Set the identity router logging level to debug.
  2. Publish changes.
  3. Either view the system log messages using the Cloud Administration Console, or generate a log bundle on the identity router and view the symplified.log file.
USER_LOGOUT

Either a user initiated a sign-out or the session expired.

If the user is redirected using the singlepoint-next-redirect parameter, the message contains the redirect details. The identity router allows redirects only to hostnames associated with your Protected Domain Name, configured applications, or configured identity providers.

To view a list of the allowed redirects for your deployment:

  1. Set the identity router logging level to debug.
  2. Publish changes.
  3. Either view the system log messages using the Cloud Administration Console, or generate a log bundle on the identity router and view the symplified.log file.
USER_PROTECTED_APP_AUTHN A user attempted to access an application through single sign-on.
USER_REQUEST_AUTHZ A user attempted to access an application that requires authorization.
USER_STEPUP_AUTHN A user attempted to perform additional authentication.
 

 

                                
Web Services Audit Events Descriptions
WEB_SERVICES_CREATE The web services API created a resource.
WEB_SERVICES_DELETE The web services API deleted a resource.
WEB_SERVICES_EDIT The web services API performed full edit of a resource.
WEB_SERVICES_PARTIALEDIT The web services API partially edited a resource.
WEB_SERVICES_VERIFY_TOKENThe web services API verified an RSA SecurID Authenticate Tokencode. See the STATUS and DESCRIPTION fields for this event for more details.
WEB_SERVICES_USER_STATUSThe web services API verified the presence and status of a user within all identity sources configured for the Cloud Authentication Service. See the STATUS and DESCRIPTION fields for this event for more details.
 

 

                                            
System Audit Events Descriptions
SYSTEM_BACKUP User keychains on the identity router were backed up.
SYSTEM_BOOTSTRAP The identity router configuration was modified.
SYSTEM_CONFIG_FIREWALL A firewall rule for the identity router was modified.
SYSTEM_CONFIG_HOST A static host entry for the identity router was modified.
SYSTEM_CONFIG_ROUTE A routing rule for the identity router was modified.
SYSTEM_CONFIG_UPDATE Configuration settings were published to the identity router.
SYSTEM_ERROR An error occurred on the identity router.
SYSTEM_REBOOT The identity router rebooted.
SYSTEM_STARTUP The identity router services started.

 

                                                        
RADIUS Audit Events Descriptions
RADIUS_REQUEST_VALIDATION A RADIUS authentication request was rejected due to character limits, null values, or an invalid response to a menu prompt.
RADIUS_USER_LDAP_AUTHENTICATION A user attempted RADIUS authentication using LDAP credentials.
RADIUS_USER_APPROVE_AUTHENTICATION A user attempted RADIUS authentication using the Approve method.
RADIUS_USER_TOKENCODE_AUTHENTICATION A user attempted RADIUS authentication using Authenticate Tokencode.
RADIUS_USER_SECURID_AUTHENTICATION A user attempted RADIUS authentication using an RSA SecurID Token.
RADIUS_USER_SECURID_NEW_PIN_AUTHENTICATION A user attempted RADIUS authentication using an RSA SecurID Token in New PIN mode.
RADIUS_USER_SECURID_NEXT_CODE_AUTHENTICATION A user attempted RADIUS authentication using an RSA SecurID Token in Next Tokencode mode.
RADIUS_USER_FINGERPRINT_AUTHENTICATION A user attempted RADIUS authentication using Fingerprint.
RADIUS_USER_EYEPRINTID_AUTHENTICATION A user attempted RADIUS authentication using Eyeprint ID.
RADIUS_CHALLENGE_METHODS_NOT_SUPPORTED A user attempted RADIUS authentication, but RADIUS or the user's device does not support any of the authentication methods allowed by the access policy.
RADIUS_USER_DEVICE_NOT_REGISTERED A user attempted RADIUS authentication using a method that requires a mobile device, but no device is registered for the user.
RADIUS_INTERNAL_ERROR The RADIUS service encountered an error.

 

 

You are here
Table of Contents > Logging > Audit Log Events for the Identity Router

Attachments

    Outcomes