Identity Portal: What information is recorded in the logs for a successful user login?

book

Article ID: 193808

calendar_today

Updated On:

Products

CA Identity Manager CA Identity Governance CA Identity Portal CA Identity Suite

Issue/Introduction

Log of identity portal (tail_ip_log) when user do login in identity portal.  Is their information in the Portal log which identifies the user login?  IP or host information os the user?  This would be used to integrate with products such as SIEM QRadar.

Environment

Release : 14.2

Component : CA IDENTITY SUITE (VIRTUAL APPLIANCE)

Resolution

Test with imadmin user.  This is what the Identity Portal returns:

IP returns the following in the log about the user logging in. It does not return IP or host information which would be an ideation:
["%USER_ID%","%CITY%","%LOGIN_ID%","%WORK_PHONE%","%FIRST_NAME%","%ADMIN_ROLE_CONSTRAINT%","%EMAIL%","%MEMBER_OF%","%EMPLOYEE_TYPE%","%LAST_NAME%","%FULL_NAME%","%TITLE%","%STRING_00%","%STRING_01%","%MANAGER%"],"filtersConj":"And","globalFilter":null,"filters":[{"filters":[{"field":"%USER_ID%","operation":"EQUALS","value":"imadmin","conj":null}]}]}
2020-06-23 03:46:07,407 INFO [stdout] (default task-25) --------------------------------------
2020-06-23 03:46:07,536 INFO [stdout] (default task-25) [SIGMA APPENDER - FROM WEB] 2020-06-23 03:46:07,536 - INFO org.apache.cxf.interceptor.LoggingInInterceptor - Inbound Message
2020-06-23 03:46:07,536 INFO [stdout] (default task-25) ----------------------------
2020-06-23 03:46:07,536 INFO [stdout] (default task-25) ID: 23
2020-06-23 03:46:07,536 INFO [stdout] (default task-25) Response-Code: 200

No IP or port information is returned.  Response code 200 means successful.