000034720 - The time in the RSA Adaptive Authentication (On Premise) 7.1 Backoffice log is not matching.

Document created by RSA Customer Support Employee on Jan 23, 2017Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000034720
Applies ToRSA Product Set: Adaptive Authentication (OnPrem)
RSA Product/Service Type: Back Office Applications
RSA Version/Condition: 7.1
IssueA customer noticed that the time in the aa_server.audit.log did not match the time on related records in the aa_server_admin.audit.log.
TasksAn end-user of Adaptive Authentication (On Premise) (AAOP) had tried to log into the application a number of times, and had locked themselves out.  An admin of AAOP 
logged into Back Office to investigate the end-user.
The actions of the end-user were written into the aa_server.audit.log, while the actions of the admin were written into the aa_server_admin.audit.log.
The SHA1 hash of the end-user's account name is created, and written in both records above.
ResolutionSince the hash of the end-user's account was in records of the aa_server.audit.log and the aa_server_admin.audit.log, the customer thought that just the end-user's actions 
had caused the writing of the records to both log files.  Once the explanation above was provided, it became clear that two actions had occurred, that each action resulted in the records being written to separate log files, and that the timestamps on the records, while related by the hashed user account name, were not meant to be the same.