What are the various access log events and when are these events logged into the smacess.log (text based audit log) or audit database?
Following are the various access log events which are logged into the audit logs
- AuthAccept : Occurs if authentication was successful
- AuthReject : Occurs if authentication failed for a user
- AuthAttempt : Occurs if the user is rejected because CA Single Sign-On does not know this user
- AuthChallenge : Occurs when authenticated user is challenged (for example, custom challenge-response authentication schemes , moving from authentication scheme with low priority to higher priority).
- AzAccept : Occurs as the result of successful authorization
- AzReject : Occurs as the result of failed authorization
- AdminLogin : Occurs as the result of successful administrator login (e.g Administrative UI, FSS UI, XPS Tools etc)
- AdminLogout : Occurs as the result of administrator logout
- AdminReject : Occurs as the result of failed administrator login
- AuthLogout : Occurs when the authentication server logs out a session.
- ValidateAccept – Occurs as the result of successful validation of the session by the Policy server
- ValidateReject – Occurs as the result of failed validation of the session by the Policy server (e.g session spec is bad, expired etc)
If using audit database, these events are recorded as sm_event_id.
Here is the mapping of various event IDs corresponding to above access log events :
1 = AuthAccept
2 = AuthReject
3 = AuthAttempt
4 = AuthChallenge
5 = AzAccept
6 = AzReject
7 = AdminLogin
8 = AdminLogout
9 = AdminReject
10 = AuthLogout
11 = ValidateAccept
12 = ValidateReject
13 = Visit