Identity Router Audit Log Messages Identity Router Audit Log Messages
The SecurID Identity Router generates audit log messages describing user activities and other events that occur on the identity router. You can configure the identity router to send these details to a syslog server where you can view them directly.
Note: User events available through the syslog from the identity router apply only to the identity router.
For more information on identity router logs and files, see Identity Router Logging and Contents of Identity Router Log Bundle.
See the CODE and MESSAGE fields of these events for more details.
User Audit Events | Description |
---|---|
USER_AUTHZ | A user established a session to access applications available to that user. |
USER_EDIT_KEYCHAIN | A user profile (keychain) was edited. |
USER_LOGIN |
A user attempted to authenticate and establish a session through the application portal. If the user is redirected using the singlepoint-next-redirect parameter, the message contains the redirect details. The identity router allows redirects only to hostnames associated with your Protected Domain Name, configured applications, or configured identity providers. To view a list of the allowed redirects for your deployment:
|
USER_LOGOUT |
Either a user initiated a sign-out or the session expired. If the user is redirected using the singlepoint-next-redirect parameter, the message contains the redirect details. The identity router allows redirects only to hostnames associated with your Protected Domain Name, configured applications, or configured identity providers. To view a list of the allowed redirects for your deployment:
|
USER_PROTECTED_APP_AUTHN | A user attempted to access an application through single sign-on. |
USER_REQUEST_AUTHZ | A user attempted to access an application that requires authorization. |
USER_STEPUP_AUTHN | A user attempted to perform additional authentication. |
Web Services Audit Events | Description |
---|---|
WEB_SERVICES_CREATE | The web services API created a resource. |
WEB_SERVICES_DELETE | The web services API deleted a resource. |
WEB_SERVICES_EDIT | The web services API performed full edit of a resource. |
WEB_SERVICES_PARTIALEDIT | The web services API partially edited a resource. |
WEB_SERVICES_VERIFY_TOKEN | The web services API verified an SecurID Authenticate Tokencode. See the STATUS and DESCRIPTION fields for this event for more details. |
WEB_SERVICES_USER_STATUS | The web services API verified the presence and status of a user within all identity sources configured for the Cloud Authentication Service. See the STATUS and DESCRIPTION fields for this event for more details. |
System Audit Events | Description |
---|---|
SYSTEM_BACKUP | User keychains on the identity router were backed up. |
SYSTEM_BOOTSTRAP | The identity router configuration was modified. |
SYSTEM_CONFIG_FIREWALL | A firewall rule for the identity router was modified. |
SYSTEM_CONFIG_HOST | A static host entry for the identity router was modified. |
SYSTEM_CONFIG_ROUTE | A routing rule for the identity router was modified. |
SYSTEM_CONFIG_UPDATE | Configuration settings were published to the identity router. |
SYSTEM_ERROR | An error occurred on the identity router. |
SYSTEM_REBOOT | The identity router rebooted. |
SYSTEM_STARTUP | The identity router services started. |
Identity Router Status Events | Description |
---|---|
SYSTEM_IDENTITY_SOURCE_STATUS |
Connectivity status changed for one or more identity sources:
|
SYSTEM_DNS_STATUS |
Connectivity status changed for one or more DNS servers:
|
SYSTEM_AM_STATUS |
Connectivity status changed for Authentication Manager. This status applies to the connection that allows SecurID Token users to access resources protected by the Cloud Authentication Service.
|
SYSTEM_UPGRADE_CONNECTION_STATUS |
Connectivity status for the Software Update Service changed to Healthy or Unhealthy. |
SYSTEM_ADAPTER_UPGRADE_CONNECTION_STATUS |
Connectivity status for the Adapter Update Service changed to Healthy or Unhealthy. |
SYSTEM_NTP_STATUS | Connectivity status for the NTP server changed to Healthy or Unhealthy. |
SYSTEM_CLOUD_TIME_SYNC_STATUS |
Time synchronization between the identity router and the Cloud Authentication Service changed.
|
SYSTEM_CPU_STATUS |
CPU usage status on the identity router machine changed.
|
SYSTEM_CLUSTER_STATUS |
Cluster status changed.
|
SYSTEM_MEMORY_STATUS |
Memory usage on the identity router machine changed.
|
SYSTEM_CLOUD_AUTHENTICATION_SERVICE_CONNECTIONS_STATUS |
Reachability status for any of the Cloud Authentication Service IP addresses changed.
|
SYSTEM_CLOUD_CONNECTIVITY_STATUS | Connectivity status for the current Cloud Authentication Service IP address changed to Healthy or Unhealthy. |
RADIUS Audit Events | Description |
---|---|
RADIUS_REQUEST_VALIDATION | A RADIUS authentication request was rejected due to character limits, null values, or an invalid response to a menu prompt. |
RADIUS_USER_LDAP_AUTHENTICATION | A user attempted RADIUS authentication using LDAP credentials. |
RADIUS_USER_APPROVE_AUTHENTICATION | A user attempted RADIUS authentication using the Approve method. |
RADIUS_USER_TOKENCODE_AUTHENTICATION | A user attempted RADIUS authentication using Authenticate OTP. |
RADIUS_USER_SECURID_AUTHENTICATION | A user attempted RADIUS authentication using a SecurID Token. |
RADIUS_USER_SECURID_NEW_PIN_AUTHENTICATION | A user attempted RADIUS authentication using a SecurID Token in New PIN mode. |
RADIUS_USER_SECURID_NEXT_CODE_AUTHENTICATION | A user attempted RADIUS authentication using a SecurID Token in Next Tokencode mode. |
RADIUS_USER_DEVICE_BIOMETRICS_AUTHENTICATION | A user attempted RADIUS authentication using Fingerprint. |
RADIUS_CHALLENGE_METHODS_NOT_SUPPORTED | A user attempted RADIUS authentication, but RADIUS or the user's device does not support any of the authentication methods allowed by the access policy. |
RADIUS_USER_DEVICE_NOT_REGISTERED | A user attempted RADIUS authentication using a method that requires a mobile device, but no device is registered for the user. |
RADIUS_INTERNAL_ERROR | The RADIUS service encountered an error. |