Possible Audit log enrichment to be able log user logins and source IP on one place
search cancel

Possible Audit log enrichment to be able log user logins and source IP on one place

book

Article ID: 414341

calendar_today

Updated On:

Products

VMware Smart Assurance

Issue/Introduction

  • What are all properties available in the MDC context (MDC,application; MDC,username; etc).

  • What are all possible values for MDC,message_code (AUTH_000, AUTH_001, DEVICE_DISCOVERY_DISCOVERER_009, etc).

Environment

All supported releases of M&R|Watch4net

Resolution

  • At M&R configuration level, we have only MDC-application, MDC-username, MDC-message_code.

  • Below are the message_codes which M&R supports:

    • APP_AUDIT_000 - Application has been started and audit functions are initialized

      APP_AUDIT_001 - Application has been stopped and audit functions are uninitialized

      WEBAPP_CONTEXT_000 - Web application context '{}' has been started

      WEBAPP_CONTEXT_001 - Web application context '{}' has been stopped

      AUTH_000 - User '{}' has successfully logged in to tomcat realm", new Object[] { "User1" }

      AUTH_001 - Attempt to login to tomcat realm as '{}' has failed from '{}'.", new Object[] { "User1", "127.0.0.1" }

      AUTH_002 - User '{}' has logged out from tomcat realm successfully", new Object[] { "User1" }

      APPLICATION_ACCESS_000 - Access to web application '{}' has been granted to user '{}'.", new Object[] { "/APG", "User1" }

      APPLICATION_ACCESS_001 - Access to web application '{}' has been denied to user '{}' (Reason: {}).", new Object[] {"/APG", "User1", "User is disabled." }

      ACCESS_001 - An attempt to access page '{}' was denied from ip '{}({})'", new Object[] { "invalidPage", "127.0.0.1", "User1" }

      APG_USER_000 - User with id '{}' ('{}') has been created

      APG_USER_001 - User with id '{}' ('{}') has been modified

      APG_USER_002 - User with id '{}' ('{}') has been deleted

      APG_USER_003 - User with id '{}' ('{}') been enabled

      APG_USER_004 - User with id '{}' ('{}') has been disabled

      APG_PROFILE_000 - Profile with id '{}' ('{}') has been created

      APG_PROFILE_001 - Profile with id '{}' ('{}') has been modified

      APG_PROFILE_002 - Profile with id '{}' ('{}') has been deleted

      APG_REPORTPACK_000 - ReportPack with id '{}' ('{}') has been created

      APG_REPORTPACK_001 - ReportPack with id '{}' ('{}') has been modified

      APG_REPORTPACK_002 - ReportPack with id '{}' ('{}') has been deleted

      APG_ROLE_000 - Role with id '{}' ('{}') has been created

      APG_ROLE_001 - Role with id '{}' ('{}') has been modified

      APG_ROLE_002 - Role with id '{}' ('{}') has been deleted

      APG_MODULE_000 - Module with name '{}' has been created

      APG_MODULE_001 - Module with name '{}' has been modified

      APG_MODULE_002 - Module with name '{}' has been deleted

      APG_RESTRICTION_000 - Restriction with name '{}' has been created

      APG_RESTRICTION_001 - Restriction with name '{}' has been modified

      APG_RESTRICTION_002 - Restriction with name '{}' has been deleted

      APG_RESOURCE_000 - Resource with name '{}' has been created

      APG_RESOURCE_001 - Resource with name '{}' has been modified

      APG_RESOURCE_002 - Resource with name '{}' has been deleted

      APG_SEARCH_000 - User '{}' searched for '{}' and it took '{}' second(s)
Powered by Wolken Software