Logging details for SSL Visibility.
Article ID: 259691
Updated On:
Products
SV-2800
SV-S550
SV-800
SV-3800
SV-1800
Issue/Introduction
This article details logging activity on the SSL Visibility Appliances.
Environment
Release : 4.5.9.1
Resolution
| Event | Description | Applicable for Device? | Log line |
| User Account Creation | This event is generated when an user account is created | Y | [admin]: Add user: uid[fred] unix_uid[32768] |
| User Account Deletion | This event is generated when an user account is deleted | Y | [admin]: Delete user: uid[fred] |
| User Account Disabled | This event is generated when an user account is disabled | N/A | A user cannot be disabled, only created and deleted |
| User Account Enabled | This event is generated when an user account is enabled | N/A | A user cannot be disabled, only created and deleted |
| User Account Locked | This event is generated when an user account is locked | N/A | A user cannot be disabled, only created and deleted |
| User Account Modification | This event is generated when an user account is modified | Y | When a user role is changed it is logged. [admin]: Update role: uid[fred] can no longer modify the PKI store |
| User Account Unlocked | This event is generated when an user account is unlocked | N/A | A user cannot be locked, only created and deleted |
| Authentication Success | This event is generated when an user authentication is successful | Y | [admin]: login successful |
| Authentication Failed | This event is generated when an user authentication is failed | Y | WARN EventLog.confd- AuditNotification[logno=99, user=admin, usid=0, msg="Provided bad password"] |
| User Logout | This event is generated when an user is logging out. | Y | [admin]: logout successful |
| Password Reset | This event is generated when an user's password is reset | Y | [admin]: Set password: uid[fred] |
| User Group Created | This event is generated whenever someone is creating an user group | N/A | User groups cannot be created locally |
| User Group Deleted | This event is generated whenever someone is deleting an user group | N/A | There are no user groups |
| User Group Modified | This event is generated whenever someone is modifying an user group | N/A | There are no user groups |
| User Added to Group | This event is generated whenever someone is adding an user to group | N/A | There are no user groups |
| User Removed from Group | This event is generated whenever someone is deleting an user from the group | N/A | There are no user groups |
| Audit Log Cleared | This event is generated when the audit log is cleared from the system/application | N/A | Logging is tracked via syslog. It cannot be deleted from the GUI or SSH. |
| Audit Logging level Changed | This event is generated when the audit logging is level is changed from the system/application | N/a | Unsupported |
| Audit Logging turned off | This event is generated when the audit logging is turned off from the system/application | N/A | Unsupported |
| Authentication Mode changed | This event is generated when the authentication mode is changed on the system/application | Y | When authentication mode is enabled/disabled it is logged. |
| Sensitive Application commands | This event is generated whenever sensitive application commands are executed | Y | User management and policy management is logged |
| Sensitive Database Commands | This event is generated whenever sensitive database commands are executed | Y | User management and policy management is logged |
| Application Configuration Change | This event is generated when application configuration are changed | Y | User management and policy management is logged |
| User Role/Privileges Created | This event is generated when a new user role/privilege is created on the application | Y | This is logged in system log |
| User Role/Privileges Deleted | This event is generated when user role/privilege is deleted on the application | Y | Logged in system log |
| User Role/Privileges Modified | This event is generated when user role/privilege is modified on the application | Y | When a user role is changed it is logged. [admin]: Update role: uid[fred] can no longer modify the PKI store |
| User added to Role/Privileges | This event is generated when an user added to role/privilege on the application | Y | When a user role is changed it is logged. [admin]: Update role: uid[fred] can no longer modify the PKI store |
| User removed from Role/Privileges | This event is generated when an user removed from role/privilege on the application | Y | [admin]: Delete user: uid[fred] |
| Critical File Deleted | This event is generated when an critical file is deleted | Y | No access to backend files. Policy changes/deletion are logged. |
| Critical File Modified | This event is generated when an critical file is modified | Y | No access to backend files. Policy changes/deletion are logged. |
| Sensitive Tables Accessed | N/A | ||
| Records Deleted from Sensitive Tables | N/A | No access to backend files. Policy changes/deletion are logged. | |
| Records Modified on Sensitive Tables | N/A | No access to backend files. Policy changes/deletion are logged. |
Feedback
Yes
No
Powered by
