What are the various access log events and when are these events logged into the smacess.log (text based audit log) or audit database
PS: Any
OS: Any
Following are the various access log events which are logged into the audit logs
AuthAccept : Occurs if authentication was successful
AuthReject : Occurs if authentication failed for a user
AuthAttempt : Occurs if the user is rejected because CA Single Sign-On does not know this user
AuthChallenge : Occurs when authenticated user is challenged (for example, custom challenge-response authentication schemes , moving from authentication scheme with low priority to higher priority).
AzAccept : Occurs as the result of successful authorization
AzReject : Occurs as the result of failed authorization
AdminLogin : Occurs as the result of successful administrator login (e.g Administrative UI, FSS UI, XPS Tools etc)
AdminLogout : Occurs as the result of administrator logout
AdminReject : Occurs as the result of failed administrator login
AuthLogout : Occurs when the authentication server logs out a session.
ValidateAccept – Occurs as the result of successful validation of the session by the Policy server
ValidateReject – Occurs as the result of failed validation of the session by the Policy server (e.g session spec is bad, expired etc
If using audit database, these events are recorded as sm_event_id.
Here is the mapping of various event IDs corresponding to the above access log events :
1 = AuthAccept
2 = AuthReject
3 = AuthAttempt
4 = AuthChallenge
5 = AzAccept
6 = AzReject
7 = AdminLogin
8 = AdminLogout
9 = AdminReject
10 = AuthLogout
11 = ValidateAccept
12 = ValidateReject
13 = Visit