26.10 Access Manager Audit Events and Data

The sections contains all the Novell audit events logged by Access Manager Appliance. Each event has EventID, Description, Originator Title, Target Title, Subtarget Title, Text1 Title, Text2 Title, Text3 Title, Value1 Title, Value1 Type, Group Title, Data Length, and Data Type values stored. Each field contains a single character token (such as B, U, Y, and so on) that represent the data fields of the audit event, with each letter representing a different data field. The mapping of the character tokens to data fields is found in the nids_en.lsc file.

Access Manager is listed among the log applications on the General tab on the Logging Server Options page (Auditing and Logging > Logging Server Options). You can view events on the Event list page in Auditing and Logging > Logging Server Options > [Name of Novell Audit Secure Logging Server] > Novell Access Manager > Events.

When you run an SQL query (Auditing and Logging > Queries > [Name] > Run), the system displays the results on the Query Results page. The EventID column displays the description of the event. Below, the event ID is listed with the description, to help you quickly locate the data for each audit event.

This section discusses the following audit events:

26.10.1 NIDS: Sent a Federate Request (002e0001)

This event is generated when you select the Federation Request Sent option under Novell Audit Logging on the Logging page of an Identity Server configuration.

Description: NIDS: Sent a federate request.

Originator (B): Schema Title: Originator Data Description: JCC Device ID (AMDEVICEID#device_id:)

Target (U): Schema Title: User Identifier Data Description: LDAP Auth: User DN Other Auth: User GUID

SubTarget (Y): null

Text1 (S): null

Text2 (T): null

Text3 (F): null

Value1 (1): 0

Group (G): 0

Data Length (X): 0

Data (D): null

26.10.2 NIDS: Received a Federate Request (002e0002)

This event is generated when you select the Federation Request Handled option under Novell Audit Logging on the Logging page of an Identity Server configuration.

Description: NIDS: Received a federate request.

Originator (B): Schema Title: Originator Data Description: JCC Device ID (AMDEVICEID#device_id:)

Target (U): Schema Title: User Identifier Data Description: LDAP Auth: User DN Other Auth: User GUID

SubTarget (Y): null

Text1 (S): Schema Title: Provider Identifier; Data Description: Service Provider ID

Text2 (T): null

Value1 (1): 0

Group (G): 0

Data Length (X): 0

Data (D): null

26.10.3 NIDS: Sent a Defederate Request (002e0003)

This event is generated when you select the Defederation Request Sent option under Novell Audit Logging on the Logging page of an Identity Server configuration.

Description: NIDS: Sent a defederate request.

Originator (B): Schema Title: Originator Data Description: JCC Device ID (AMDEVICEID#device_id:)

Target (U): Schema Title: User Identifier Data Description: LDAP Auth: User DN Other Auth: User GUID

SubTarget (Y): null

Text1 (S): Schema Title: Provider Identifier; Data Description: Service Provider ID

Text2 (T): null

Value1 (1): 0

Group (G): 0

Data Length (X): 0

Data (D): null

26.10.4 NIDS: Received a Defederate Request (002e0004)

This event is generated when you select the Defederation Request Handled option under Novell Audit Logging on the Logging page of an Identity Server configuration.

Description: NIDS: Received a defederate request

Originator (B): Schema Title: Originator Data Description: JCC Device ID (AMDEVICEID#device_id:)

Target (U): Schema Title: User Identifier Data Description: LDAP Auth: User DN Other Auth: User GUID

SubTarget (Y): null

Text1 (S): Schema Title: Provider Identifier Data Description: Service Provider ID

Text2 (T): null

Text3 (F): null

Value1 (1): 0

Group (G): 0

Data Length (X): 0

Data (D): null

26.10.5 NIDS: Sent a Register Name Request (002e0005)

Description: NIDS: Sent a register name request

Originator (B): Schema Title: Originator Data Description: JCC Device ID (AMDEVICEID#device_id:)

Target (U): null

SubTarget (Y): null

Text1 (S): null

Text2 (T): null

Text3 (F): null

Value1 (1): 0

Group (G): 0

Data Length (X): 0

Data (D): null

26.10.6 NIDS: Received a Register Name Request (002e0006)

This event is generated when you select the Register Name Request Handled option under Novell Audit Logging on the Logging page of an Identity Server configuration.

Description: NIDS: Received a register name request

Originator (B): Schema Title: Originator Data Description: JCC Device ID (AMDEVICEID#device_id:)

Target (U): null

SubTarget (Y): null

Text1 (S): null

Text2 (T): null

Text3 (F): null

Value1 (1): 0

Group (G): 0

Data Length (X): 0

Data (D): null

26.10.7 NIDS: Logged Out an Authentication that Was Provided to a Remote Consumer (002e0007)

This event is generated when you select the Logout Provided option under Novell Audit Logging on the Logging page of an Identity Server configuration.

Description: NIDS: Logged out an authentication that was provided to a remote consumer

Originator (B): Schema Title: Originator Data Description: JCC Device ID (AMDEVICEID#device_id:)

Target (U): Schema Title: User Identifier Data Description: LDAP Auth: User DN Other Auth: User GUID

SubTarget (Y): null

Text1 (S): Schema Title: Authentication Identifier Data Description: IDP Session ID (AMAUTHID#auth_id:)

Text2 (T): null

Text3 (F): null

Value1 (1): Schema Title: Timed Out Data Description: 0 = other reason 1 = timed out

Group (G): 0

Data Length (X): 0

Data (D): null

26.10.8 NIDS: Logged out a Local Authentication (002e0008)

This event is generated when you select the Logout Local option under Novell Audit Logging on the Logging page of an Identity Server configuration.

Description: NIDS: Logged out a local authentication

Originator (B): Schema Title: Originator Data Description: JCC Device ID (AMDEVICEID#device_id:)

Target (U): Schema Title: User Identifier Data Description: LDAP Auth: User DN Other Auth: User GUID

SubTarget (Y): null

Text1 (S): Schema Title: Authentication Identifier Data Description: IDP Session ID (AMAUTHID#auth_id:

Text2 (T): null

Text3 (F): null

Value1 (1): Schema Title: Timed Out Data Description: 0 = other reason 1 = timed out

Group (G): 0

Data Length (X): 0

Data (D): null

26.10.9 NIDS: Provided an Authentication to a Remote Consumer (002e0009)

This event is generated when you select the Login Consumed option under Novell Audit Logging on the Logging page of an Identity Server configuration.

Description: NIDS: Provided an authentication to a remote consumer

Originator (B): Schema Title: Originator Data Description: JCC Device ID (AMDEVICEID#device_id:)

Target (U): Schema Title: User Identifier Data Description: User DN

SubTarget (Y): Schema Title: Authentication Identifier Data Description: IDP Session ID (AMAUTHID#auth_id:)

Text1 (S): Schema Title: Authentication Type Data Description: Authentication Profile

Text2 (T): Schema Title: Authentication Entity Name Data Description: Authentication Source

Text3 (F): Schema Title: Contract Class or Method Name Data Description: Authentication Contract URI

Value1 (1): 0

Group (G): 0

Data Length (X): 0

Data (D): Schema Title: Client IP Address Description: IP Address of the host from which the authentication succeeded.

26.10.10 NIDS: User Session Was Authenticated (002e000a)

This event is generated when you select the Login Provided option under Novell Audit Logging on the Logging page of an Identity Server configuration.

Description: NIDS: User session was authenticated

Originator (B): Schema Title: Originator Data Description: JCC Device ID (AMDEVICEID#device_id:)

Target (U): Schema Title: User Identifier Data Description: User DN

SubTarget (Y): Schema Title: Authentication Identifier Data Description: IDP Session ID (AMAUTHID#auth_id:)

Text1 (S): Schema Title: Authentication Type Data Description: Authentication Profile

Text2 (T): Schema Title: Authentication Entity Name Data Description: Authentication Source

Text3 (F): Schema Title: Contract Class or Method Name Data Description: Authentication Contract URI

Value1 (1): 0

Group (G): 0

Data Length (X): 0

Data (D): Schema Title: Client IP Address Description: IP Address of the host from which the authentication succeeded.

26.10.11 NIDS: Failed to Provide an Authentication to a Remote Consumer (002e000b)

This event is generated when you select the Login Consumed Failure option under Novell Audit Logging on the Logging page of an Identity Server configuration.

Description: NIDS: Failed to provide an authentication to a remote consumer

Originator (B): Schema Title: Originator Data Description: JCC Device ID (AMDEVICEID#device_id:)

Target (U): Schema Title: User Identifier Data Description: User DN

SubTarget (Y): null

Text1 (S): Schema Title: Authentication Identifier Data Description: IDP Session ID (AMAUTHID#auth_id:)

Text2 (T): Schema Title: Provider Identifier Data Description: Service Provider ID

Text3 (F): Schema Title: Reason Data Description: Reason Message

Value1 (1): 0

Group (G): 0

Data Length (X): 0

Data (D): null

26.10.12 NIDS: User Session Authentication Failed (002e000c)

This event is generated when you select the Login Provided Failure option under Novell Audit Logging on the Logging page of an Identity Server configuration. Use the Description field and the Text3 (F) field to determine whether the failure came from a contract, SAML 1.1, SAML 2.0, or Liberty.

Description: NIDS: User session authentication failed. This string plus one of the following phrases: for a contract failure, Contract Execution; for a SAML 1.1 failure, SAML Assertion; for a SAML 2.0 failure, SAML2 SSO; for a Liberty failure, Liberty SSO.

Originator (B): Schema Title: Originator Data Description: JCC Device ID (AMDEVICEID#device_id:)

Target (U): Schema Title: Authentication Contract Name Data Description: Contract URI

SubTarget (Y): Schema Title: User Identifier Data Description: User DN

Text1 (S): Schema Title: Authentication Identifier Data Description: IDP Session ID (AMAUTHID#auth_id:)

Text2 (T): Schema Title: Reason Data Description: Reason Message

Text3 (F): Schema Title: Authentication Source Data Description: For a contract, contains the authentication method name; for Liberty, contains the service provider IP; for SAML 1.1, contains the SAML assertion issuer; for SAML 2.0, contains the service provider IP.

Value1 (1): 0

Group (G): 0

Data Length (X): 0

Data (D): Schema Title: Client IP Address Description: IP Address of the host from which the authentication failed.

26.10.13 NIDS: Received an Attribute Query Request (002e000d)

This event is generated when you select the Attribute Query Request Handled option under Novell Audit Logging on the Logging page of an Identity Server configuration.

Description: NIDS: Received an attribute query request

Originator (B): Schema Title: Originator Data Description: JCC Device ID (AMDEVICEID#device_id:)

Target (U): Schema Title: User Identifier Data Description: LDAP Auth: User DN Other Auth: User GUID

SubTarget (Y): null

Text1 (S): Schema Title: Provider Identifier Data Description: Service Provider ID

Text2 (T): Schema Title: Attribute Names Data Description: Requested Attributes

Text3 (F): null

Value1 (1): 0

Group (G): 0

Data Length (X): 0

Data (D): null

26.10.14 NIDS: User Account Provisioned (002e000e)

This event is generated when you select the User Account Provisioned option under Novell Audit Logging on the Logging page of an Identity Server configuration.

Description: NIDS: User account provisioned

Originator (B): Schema Title: Originator Data Description: JCC Device ID (AMDEVICEID#device_id:)

Target (U): Schema Title: User Store Identifier Data Description: Displayable user name

SubTarget (Y): null

Text1 (S): Schema Title: User Identifier Data Description: Authentication User Name

Text2 (T): Schema Title: Authentication Identifier Data Description: IDP Session ID (AMAUTHID#auth_id:)

Text3 (F): null

Value1 (1): 0

Group (G): 0

Data Length (X): 0

Data (D): null

26.10.15 NIDS: Failed to Provision a User Account (002e000f)

This event is generated when you select the User Account Provisioned Failure option under Novell Audit Logging on the Logging page of an Identity Server configuration.

Description: NIDS: Failed to provision a user account

Originator (B): Schema Title: Originator Data Description: JCC Device ID (AMDEVICEID#device_id:)

Target (U): Schema Title: User Store Identifier Data Description: Displayable User Name

SubTarget (Y): null

Text1 (S): Schema Title: User Identifier Data Description: Authentication User Name

Text2 (T): Schema Title: Reason Data Description: Reason Message

Text3 (F): null

Value1 (1): 0

Group (G): 0

Data Length (X): 0

Data (D): null

26.10.16 NIDS: Web Service Query (002e0010)

This event is generated when you select the Web Service Query Handled option under Novell Audit Logging on the Logging page of an Identity Server configuration. The Identity Server uses this event for two types of Web service queries:

  • Discovery: This is a query to discover a service. For this type of query, the Group (G) field is not used. For a remote query, the Data Description of the Value1 field is set to 0. For a local query, the Data Description of the Value1 field is set to 1.

  • Profile: This is a query to get attributes for a user from a profile (personal, credential, etc.). For this type of query, the Group (G) field contains a GroupingID for all attributes selected in the request. A separate event is generated for each attribute select list in the request. For a remote query, the Data Description of the Value1 field is set to 0. For a local query, the Data Description of the Value1 field is set to 1.

Description: NIDS: Web Service query

Originator (B): Schema Title: Originator Data Description: JCC Device ID (AMDEVICEID#device_id:)

Target (U): Schema Title: User Identifier Data Description: User DN

SubTarget (Y): null

Text1 (S): Schema Title: Provider Identifier Data Description: Requesting Provider ID

Text2 (T): Schema Title: Select String Data Description: Requested attributes; select string

Text3 (F): Schema Title: Service Identifier Data Description: Web Service URI

Value1 (1): Schema Title: Local Data Description: 0 – Remote 1 – Local

Group (G): Schema Title: Query Group Data Description: If this is a profile query, it contains the grouping ID for all attributes selected in this request. Otherwise, this field is not used in the event.

Data Length (X): 0

Data (D): null

26.10.17 NIDS: Web Service Modify (002e0011)

This event is generated when you select the Web Service Modify Handled option under Novell Audit Logging on the Logging page of an Identity Server configuration. The Identity Server uses this event for two types of Web service modify requests:

  • Discovery: This is a request to discover a service to modify. For this type of request, the Group (G) field is not used. For a remote request, the Data Description of the Value1 field is set to 0. For a local request, the Data Description of the Value1 field is set to 1.

  • Profile: This is a request to modify the attributes of a user in a profile (personal, credential, etc.). For this type of request, the Group (G) field contains a GroupingID for all attributes selected in the request. A separate event is generated for each attribute select list in the modify request. For a remote request, the Data Description of the Value1 field is set to 0. For a local request, the Data Description of the Value1 field is set to 1.

Description: NIDS: Web Service modify

Originator (B): Schema Title: Originator Data Description: JCC Device ID (AMDEVICEID#device_id:)

Target (U): Schema Title: User Identifier Data Description: User DN

SubTarget (Y): null

Text1 (S): Schema Title: Provider Identifier Data Description: Requesting Provider ID

Text2 (T): Schema Title: Select String Data Description: Modified attributes select string

Text3 (F): Schema Title: Service Identifier Data Description: Web Service URI

Value1 (1): Schema Title: Local Data Description: 0 – Remote; 1 – Local

Group (G): Schema Title: Modify Group Data Description: If this is a profile modify, it contains the grouping ID for each attribute select list in the request. Otherwise, this field is not used in the event.

Data Length (X): 0

Data (D): null

26.10.18 NIDS: Connection to User Store Replica Lost (002e0012)

This event is generated when you select the LDAP Connection Lost option under Novell Audit Logging on the Logging page of an Identity Server configuration.

Description: NIDS: Connection to user store replica lost

Originator (B): Schema Title: Originator Data Description: JCC Device ID (AMDEVICEID#device_id:)

Target (U): Schema Title: User Store Replica Name Data Description: Replica name

SubTarget (Y): null

Text1 (S): Schema Title: User Store Replica Host Data Description: IP Address of User Store replica server

Text2 (T): null

Text3 (F): null

Value1 (1): 0

Group (G): 0

Data Length (X): 0

Data (D): null

26.10.19 NIDS: Connection to User Store Replica Reestablished (002e0013)

This event is generated when you select the LDAP Connection Reestablished option under Novell Audit Logging on the Logging page of an Identity Server configuration.

Description: NIDS: Connection to user store replica reestablished

Originator (B): Schema Title: Originator Data Description: JCC Device ID (AMDEVICEID#device_id:)

Target (U): Schema Title: User Store Replica Name Data Description: Replica name

SubTarget (Y): null

Text1 (S): Schema Title: User Store Replica Host Data Description: IP Address of User Store replica server

Text2 (T): null

Text3 (F): null

Value1 (1): 0

Group (G): 0

Data Length (X): 0

Data (D): null

26.10.20 NIDS: Server Started (002e0014)

This event is generated when you select the Server Started option under Novell Audit Logging on the Logging page of an Identity Server configuration.

Description: NIDS: Server started

Originator (B): Schema Title: Originator Data Description: JCC Device ID (AMDEVICEID#device_id:)

Target (U): Schema Title: Configuration Identifier Data Description: Configuration Object DN

SubTarget (Y): null

Text1 (S): Schema Title: Server Identifier Data Description: Unique server ID also used to create Liberty and SAML artifacts

Text2 (T): null

Text3 (F): null

Value1 (1): 0

Group (G): 0

Data Length (X): 0

Data (D): null

26.10.21 NIDS: Server Stopped (002e0015)

This event is generated when you select the Server Stopped option under Novell Audit Logging on the Logging page of an Identity Server configuration.

Description: NIDS: Server stopped

Originator (B): Schema Title: Originator Data Description: JCC Device ID (AMDEVICEID#device_id:)

Target (U): Schema Title: Configuration Identifier Data Description: Configuration object DN

SubTarget (Y): null

Text1 (S): Schema Title: Server Identifier Data Description: Unique server ID also used to create Liberty and SAML artifacts

Text2 (T): null

Text3 (F): null

Value1 (1): 0

Group (G): 0

Data Length (X): 0

Data (D): null

26.10.22 NIDS: Server Refreshed (002e0016)

This event is generated when you select the Server Refreshed option under Novell Audit Logging on the Logging page of an Identity Server configuration.

Description: NIDS: Server Refreshed

Originator (B): Schema Title: Originator Data Description: JCC Device ID (AMDEVICEID#device_id:)

Target (U): Schema Title: Configuration Identifier Data Description: Configuration Object DN

SubTarget (Y): null

Text1 (S): Schema Title: Server Identifier Data Description: Unique server ID also used to create Liberty and SAML artifacts

Text2 (T): null

Text3 (F): null

Value1 (1): 0

Group (G): 0

Data Length (X): 0

Data (D): null

26.10.23 NIDS: Intruder Lockout (002e0017)

This event is generated when you select the Intruder Lockout Detected option under Novell Audit Logging on the Logging page of an Identity Server configuration.

Description: NIDS: Intruder Lockout

Originator (B): Schema Title: Originator Data Description: JCC Device ID (AMDEVICEID#device_id:)

Target (U): Schema Title: User Identifier Data Description: User DN

SubTarget (Y): null

Text1 (S): Schema Title: Server Identifier Data Description: IP address of the User Store replica server

Text2 (T): null

Text3 (F): null

Value1 (1): 0

Group (G): 0

Data Length (X): 0

Data (D): null

26.10.24 NIDS: Severe Component Log Entry (002e0018)

This event is generated when you select the Component Log Severe Messages option under Novell Audit Logging on the Logging page of an Identity Server configuration.

Description: NIDS: Severe Component Log Entry

Originator (B): Schema Title: Originator Data Description: JCC Device ID (AMDEVICEID#device_id:)

Target (U): null

SubTarget (Y): null

Text1 (S): Schema Title: Component Log Text Data Description: Server Error Text

Text2 (T): null

Text3 (F): null

Value1 (1): 0

Group (G): 0

Data Length (X): 0

Data (D): null

26.10.25 NIDS: Warning Component Log Entry (002e0019)

This event is generated when you select the Component Log Warning Messages option under Novell Audit Logging on the Logging page of an Identity Server configuration.

Description: NIDS: Warning Component Log Entry

Originator (B): Schema Title: Originator Data Description: JCC Device ID (AMDEVICEID#device_id:)

Target (U): null

SubTarget (Y): null

Text1 (S): Schema Title: Component Log Text Data Description: Warning Error Text

Text2 (T): null

Text3 (F): null

Value1 (1): 0

Group (G): 0

Data Length (X): 0

Data (D): null

26.10.26 NIDS: Failed to Broker an Authentication from Identity Provider to Service Provider as Identity Provider and Service Provider Are not in Same Group (002E001A)

This event is generated when you select the Brokering Across Groups Denied option under Novell Audit Logging on the Logging page of an Identity Server configuration.

Description: NIDS: Failed to broker an authentication from identity provider to service provider as identity provider and service provider are not in same group

Originator (B): Schema Title: Originator Data Description: JCC Device ID (AMDEVICEID#device_id:)

Target (U): Schema Title: User Identifier Data Description: User DN

SubTarget (Y): null

Text1 (S): Schema Title: Identity Provider IdentifierDescription : Identity Provider ID

Text2 (T): Schema Title: Service Provider IdentifierDescription: Service Provider ID

Text3 (F): null

Value1 (1): 0

Group (G): 0

Data Length (X): Schema Title: Target URL Length Description: Byte length of the target URL

Data (D): Schema Title: Target URL Description: Target URL

26.10.27 NIDS: Failed to Broker an Authentication from Identity Provider to Service Provider Because a Policy Evaluated to Deny (002E001B)

This event is generated when you select the Brokering Rule Evaluated to Deny option under Novell Audit Logging on the Logging page of an Identity Server configuration.

Description: NIDS: Failed to broker an authentication from identity provider to service provider because a policy evaluated to deny

Originator (B): Schema Title: Originator Data Description: JCC Device ID (AMDEVICEID#device_id:)

Target (U): Schema Title: User Identifier Data Description: User DN

SubTarget (Y): Schema Title: Broker Group Name Description: Name of the Brokering Group

Text1 (S): Schema Title: Identity Provider IdentifierDescription: Identity Provider ID

Text2 (T): Schema Title: Service Provider IdentifierDescription: Service Provider ID

Text3 (F): Schema Title: Broker Policy Description: Name of the Broker Policy that evaluated to deny

Value1 (1): 0

Group (G): 0

Data Length (X): Schema Title: Target URL Length Description: Byte length of the target URL

Data (D): Schema Title: Target URL Description: Target URL

26.10.28 NIDS: Brokered an Authentication from Identity Provider to Service Provider (002E001C)

This event is generated when you select the Brokering Handled option under Novell Audit Logging on the Logging page of an Identity Server configuration.

Description: NIDS: Brokered an authentication from identity provider to service provider

Originator (B): Schema Title: Originator Data Description: JCC Device ID (AMDEVICEID#device_id:)

Target (U): Schema Title: User Identifier Data Description: User DN

SubTarget (Y): Schema Title: Broker Group Name Description: Name of the Brokering Group

Text1 (S): Schema Title: Identity Provider Identifier Description: Identity Provider ID

Text2 (T): Schema Title: Service Provider Identifier Description: Service Provider ID

Text3 (F): null

Value1 (1): 0

Group (G): 0

Data Length (X): Schema Title: Target URL Length Description: Byte length of the target URL

Data (D): Schema Title: Target URL Description: Target URL

26.10.29 NIDS: OAuth2 Authorization code issued (002e0028)

This event is generated when you select the OAuth & OpenID Token Issued option under Novell Audit Logging on the Logging page of an Identity Server configuration.

Description: NIDS: OAuth2 Authorization code issued

Originator (B): Schema Title: Originator

Data Description: JCC Device ID (AMDEVICEID#device_id:)

Target (U): Schema Title: User Identifier

Data Description: Authentication User Name

SubTarget (Y): null

Text1 (S): Schema Title: Issued At Data

Data Description: Token issued time stamp in Millisecond

Text2 (T): Schema Title: Issued To Data

Description: Client Name

Text3 (F): Schema Title: Validity Data

Description: From: Time in Milliseconds - To: Time in Milliseconds

26.10.30 NIDS: OAuth2 token issued (002e0029)

This event is generated when you select the OAuth & OpenID Token Issued option under Novell Audit Logging on the Logging page of an Identity Server configuration.

Description: NIDS: OAuth2 token issued

Originator (B): Schema Title: Originator

Data Description: JCC Device ID (AMDEVICEID#device_id:)

Target (U): Schema Title: User Identifier

Data Description: Authentication User Name

SubTarget (Y): Schema Title: Grant Type

Data Description: Oauth grant type

Text1 (S): Schema Title: Issued At

Data Description: Token issued time stamp in Milliseconds

Text2 (T): Schema Title: Issued To

Data Description: Client Name

Text3 (F): Schema Title: Validity

Data Description: From: Time in Milliseconds - To: Time in Milliseconds

26.10.31 NIDS: OAuth2 Authorization code issue failed (002e0030)

This event is generated when you select the OAuth & OpenID Token Issue Failed option under Novell Audit Logging on the Logging page of an Identity Server configuration.

Description: NIDS: OAuth2 Authorization code issue failed

Originator (B): Schema Title: Originator

Data Description: JCC Device ID (AMDEVICEID#device_id:)

Target (U): Schema Title: User Identifier

Data Description: Authentication User Name

SubTarget (Y): null

Text1 (S): Schema Title: Failed At

Data Description: Code issued failed time stamp in Milliseconds

Text2 (T): Schema Title: Reason

Data Description: Reason for failure

Text3 (F): null

26.10.32 NIDS: OpenID token issued (002e0031)

This event is generated when you select the OAuth & OpenID Token Issue option under Novell Audit Logging on the Logging page of an Identity Server configuration.

Description: NIDS: OpenID token issued

Originator (B): Schema Title: Originator

Data Description: JCC Device ID (AMDEVICEID#device_id:)

Target (U): Schema Title: User Identifier

Data Description: Authentication User Name

SubTarget (Y): null

Text1(S): Schema Title: Issued At

Data Description: ID Token issued time stamp in Millisecond

Text2(T): Schema Title: Issued To

Data Description: Client Name s

Text3(F): Schema Title: Expires

Data Description: Expires in second

26.10.33 NIDS: OAuth2 refresh token issued (002e0032)

This event is generated when you select the OAuth & OpenID Token Issue option under Novell Audit Logging on the Logging page of an Identity Server configuration.

Description: NIDS: OAuth2 refresh token issued

Originator (B): Schema Title: Originator

Data Description: JCC Device ID (AMDEVICEID#device_id:)

Target (U): Schema Title: User Identifier

Data Description: Authentication User Name

SubTarget (Y): null

Text1 (S): Schema Title: Issued At

Data Description: Token issued time stamp in Millisecond

Text2 (T): Schema Title: Issued To

Data Description: Client Name

Text3 (F): Schema Title: Validity

Data Description: From: Time in Milliseconds - To: Time in Milliseconds

26.10.34 NIDS: OAuth2 token issue failed (002e0033)

This event is generated when you select the OAuth & OpenID Token Issue Failed option under Novell Audit Logging on the Logging page of an Identity Server configuration.

Description: NIDS: OAuth2 token issue failed

Originator (B): Schema Title: Originator

Data Description: JCC Device ID (AMDEVICEID#device_id:)

Target (U): Schema Title: User Identifier

Data Description: Authentication User Name

SubTarget (Y): Schema Title: Grant Type

Data Description: Oauth grant type

Text1 (S): Schema Title: Failed At

Data Description: Token issue failed time stamp in Milliseconds

Text2 (T): Schema Title: Issued To

Data Description: Client Name

Text3 (F): Schema Title: Reason

Data Description: Reason for failure

26.10.35 NIDS: OpenID token issue failed (002e0034)

This event is generated when you select the OAuth & OpenID Token Issue Failed option under Novell Audit Logging on the Logging page of an Identity Server configuration.

Description: NIDS: OpenID token issue failed

Originator (B): Schema Title: Originator

Data Description: JCC Device ID (AMDEVICEID#device_id:)

Target (U): Schema Title: User Identifier Data Description: Authentication User Name

SubTarget (Y): null

Text1 (S): Schema Title: Failed At

Data Description: Token issue failed time stamp in Milliseconds

Text2 (T): Schema Title: Issued To

Data Description: Client Name

Text31 (F): Schema Title: Reason

Data Description: Reason for failure

26.10.36 NIDS: OAuth2 refresh token issue failed (002e0035)

This event is generated when you select the OAuth & OpenID Token Issue Failed option under Novell Audit Logging on the Logging page of an Identity Server configuration.

Description: NIDS: OAuth2 refresh token issue failed

Originator (B): Schema Title: Originator

Data Description: JCC Device ID (AMDEVICEID#device_id:)

Target (U): Schema Title: User Identifier

Data Description: Authentication User Name

SubTarget (Y): null

Text1 (S): Schema Title: Failed At

Data Description: Token issue failed time stamp in Milliseconds

Text2 (T): Schema Title: Issued To

Data Description: Client Name

Text31 (F): Schema Title: Reason

Data Description: Reason for failure

26.10.37 NIDS: OAuth2 client has been registered successfully (002e0036)

This event is generated when you select the OAuth Client Applications option under Novell Audit Logging on the Logging page of an Identity Server configuration.

Description: NIDS: OAuth2 client has been registered successfully

Originator (B): Schema Title: Originator

Data Description: JCC Device ID (AMDEVICEID#device_id:)

Target (U): Schema Title: User Identifier

Data Description: Authentication User Name

SubTarget (Y): null

Text1 (S): Schema Title: Registered At

Data Description: Client registered time stamp in Milliseconds

Text2 (T): Schema Title: Client Name Data Description: Client Name

Text31 (F): Schema Title: Client ID

Data Description: Client ID

26.10.38 NIDS: OAuth2 client has been modified successfully (002e0037)

This event is generated when you select the OAuth Client Applications option under Novell Audit Logging on the Logging page of an Identity Server configuration.

Description: NIDS: OAuth2 client has been modified successfully

Originator (B): Schema Title: Originator

Data Description: JCC Device ID (AMDEVICEID#device_id:)

Target (U): Schema Title: User Identifier

Data Description: Authentication User Name

SubTarget (Y): null

Text1 (S): Schema Title: Modified At

Data Description: Client modify time stamp in Milliseconds

Text2 (T): Schema Title: Client Name

Data Description: Client Name

Text31 (F): Schema Title: Client ID Description: Client ID

26.10.39 NIDS: OAuth2 client has been deleted successfully (002e0038)

This event is generated when you select the OAuth Client Applications option under Novell Audit Logging on the Logging page of an Identity Server configuration.

Description: NIDS: OAuth2 client has been deleted successfully

Originator (B): Schema Title: Originator

Data Description: JCC Device ID (AMDEVICEID#device_id:)

Target (U): Schema Title: User Identifier

Data Description: Authentication User Name

SubTarget (Y): null

Text1 (S): Schema Title: Removed At

Data Description: Client deleted time stamp in Milliseconds

Text2 (T): Schema Title: Client Name

Data Description: Client Name

Text31 (F): Schema Title: Client ID Description: Client ID

26.10.40 NIDS: OAuth2 user has provided consent (002e0039)

This event is generated when you select the OAuth Consent Provided option under Novell Audit Logging on the Logging page of an Identity Server configuration.

Description: NIDS: OAuth2 user has provided consent

Originator (B): Schema Title: Originator

Data Description: JCC Device ID (AMDEVICEID#device_id:)

Target (U): Schema Title: User Identifier

Data Description: Authentication User Name

SubTarget (Y): null

Text1 (S): Schema Title: Provided At

Data Description: Consent provided time stamp in Milliseconds

Text2 (T): null

Text31 (F): null

26.10.41 NIDS: OAuth2 user has revoked consent (002e0040)

This event is generated when you select the OAuth Consent Revoked option under Novell Audit Logging on the Logging page of an Identity Server configuration.

Description: NIDS: OAuth2 user has revoked consent

Originator (B): Schema Title: Originator

Data Description: JCC Device ID (AMDEVICEID#device_id:)

Target (U): Schema Title: User Identifier

Data Description: Authentication User Name

SubTarget (Y): null

Text1 (S): Schema Title: Revoked At

Data Description: Consent revoked time stamp in Milliseconds

Text2 (T): null

Text31 (F): null

26.10.42 NIDS: OAuth2 token validation success (002e0041)

This event is generated when you select the OAuth & OpenID Token Validation Success option under Novell Audit Logging on the Logging page of an Identity Server configuration.

Description: NIDS: OAuth2 token validation success

Originator (B): Schema Title: Originator

Data Description: JCC Device ID (AMDEVICEID#device_id:)

Target (U): Schema Title: User Identifier

Data Description: Authentication User Name

SubTarget (Y): null

Text1 (S): Schema Title: Validated At

Data Description: Validated time stamp in Milliseconds

Text2 (T): null

Text31 (F): Schema Title: Expires

Data Description: Expires in seconds

26.10.43 NIDS: OAuth2 token validation failed (002e0042)

This event is generated when you select the OAuth & OpenID Token Validation Failed option under Novell Audit Logging on the Logging page of an Identity Server configuration.

Description: NIDS: OAuth2 token validation failed

Originator (B): Schema Title: Originator

Data Description: JCC Device ID (AMDEVICEID#device_id:)

Target (U): null

SubTarget (Y): null

Text1 (S): Schema Title: Validated At

Data Description: Validated time stamp in Milliseconds

Text2 (T): null

Text31 (F): Schema Title: Reason

Data Description: Validation failure reason

Data (D): Schema Title: Client IP Address

Description: IP Address of the host from which the token received

26.10.44 NIDS: OAuth2 client registration failed (002e0043)

This event is generated when you select the OAuth Client Applications option under Novell Audit Logging on the Logging page of an Identity Server configuration.

Description: NIDS: OAuth2 client registration failed

Originator (B): Schema Title: Originator

Data Description: JCC Device ID (AMDEVICEID#device_id:)

Target (U): Schema Title: User Identifier

Data Description: Authentication User Name

SubTarget (Y): null

Text1 (S): Schema Title: Failed At

Data Description: Client registration failed time stamp in Milliseconds

Text2 (T): Schema Title: Client Name

Data Description: Client Name

Text31 (F): Schema Title: Reason

Data Description: Reason for failure

26.10.45 NIDS: Roles PEP Configured (002e0300)

This event is generated for Identity Server roles.

Description: NIDS: Roles PEP Configured

Originator (B): Schema Title: Originator Data Description: JCC Device ID (AMDEVICEID#device_id:)

Target (U): null

SubTarget (Y): null

Text1 (S): null

Text2 (T): null

Text3 (F): null

Value1 (1): 0

Group (G): 0

Data Length (X): Schema Title: Policy Enforcement List Length Data Description: Byte length of PEL

Data (D): Schema Title: Policy Enforcement List Data Description: Policy Enforcement List (PEL) data

26.10.46 Access Gateway: PEP Configured (002e0301)

This event is generated when you enable auditing.

Description: Access Gateway: policy enforcement point (PEP) configured

Originator (B): Schema Title: Originator Data Description: JCC Device ID (AMDEVICEID#device_id:)

Target (U): null

SubTarget (Y): null

Text1 (S): Schema Title: Event Identifier Data Description: Event Tracking Identifier

Text2 (T): null

Text3 (F): null

Value1 (1): Schema Title: Audit Enabled Data Description: 0 = No; 1 = Yes

Group (G): 0

Data Length (X): Schema Title: Policy Enforcement List Length Data Description: Byte length of PEL

Data (D): Schema Title: Policy Enforcement List Data Description: Policy Enforcement List (PEL) data

26.10.47 Roles Assignment Policy Evaluation (002e0320)

This event is generated when you enable auditing.

Description: Roles assignment policy evaluation

Originator (B): Schema Title: Originator Data Description: JCC Device ID (AMDEVICEID#device_id:)

Target (U): null

SubTarget (Y): null

Text1 (S): Schema Title: Authentication Identifier Data Description: IDP Session ID (AMAUTHID#auth_id:)

Text2 (T): Schema Title: Assigned Roles Data Description: Assigned Role or error message

Text3 (F): Schema Title: Policy Action Data Description: Policy Action FDN

Value1 (1): 0

Group (G): 0

Data Length (X): 0

Data (D): null

26.10.48 Access Gateway: Authorization Policy Evaluation (002e0321)

This event is generated when you enable auditing.

Description: Access Gateway: Authorization policy evaluation

Originator (B): Schema Title: Originator Data Description: JCC Device ID (AMDEVICEID#device_id:)

Target (U): null

SubTarget (Y): null

Text1 (S): Schema Title: Authentication Identifier Data Description: IDP Session ID (AMAUTHID#auth_id:)

Text2 (T): Schema Title: Event Identifier Data Description: Event Tracking Identifier

Text3 (F): Schema Title: Policy Action Data Description: Policy Action FDN

Value1 (1): 0

Group (G): 0

Data Length (X): 0

Data (D): null

26.10.49 Access Gateway: Form Fill Policy Evaluation (002e0322)

This event is generated when you enable auditing.

Description: Access Gateway: Form Fill policy evaluation

Originator (B): Schema Title: Originator Data Description: JCC Device ID (AMDEVICEID#device_id:)

Target (U): null

SubTarget (Y): null

Text1 (S): Schema Title: Authentication Identifier Data Description: IDP Session ID (AMAUTHID#auth_id:)

Text2 (T): Schema Title: Event Identifier Data Description: Event Tracking Identifier

Text3 (F): Schema Title: Policy Action Data Description: Policy Action FDN

Value1 (1): 0

Group (G): 0

Data Length (X): 0

Data (D): null

26.10.50 Access Gateway: Identity Injection Policy Evaluation (002e0323)

This event is generated when you enable auditing.

Description: Access Gateway: Identity Injection policy evaluation

Originator (B): Schema Title: Originator Data Description: JCC Device ID (AMDEVICEID#device_id:)

Target (U): null

SubTarget (Y): null

Text1 (S): Schema Title: Authentication Identifier Data Description: IDP Session ID (AMAUTHID#auth_id:)

Text2 (T): Schema Title: Event Identifier Data Description: Event Tracking Identifier

Text3 (F): Schema Title: Policy Action Data Description: Policy Action FDN

Value1 (1): 0

Group (G): 0

Data Length (X): 0

Data (D): null

26.10.51 Access Gateway: Access Denied (0x002e0505)

This event is generated when you select the Access Denied option on the Novell Audit page of an Access Gateway.

Description: Access Gateway: Access Denied

In the Event list (Auditing and Logging > Logging Server Options > [Name of Novell Audit Secure Logging Server] > Novell Access Manager > Events), this column is called Event Name.

In a query, this column is called EventID.

Event ID: 0x002e0505

Originator (B): Schema Title: Originator Data Description: JCC Device ID (AMDEVICEID#device_id:)

Target (U): Schema Title: Protected Resource Name Data Description: Configured Name of Protected Resource

SubTarget (Y): Schema Title: Protected Resource URL Data Description: Protected Resource URL

Text1 (S): Schema Title: User Identifier Data Description: User DN

Text2 (T): Schema Title: Authentication Identifier Data Description: IDP Session ID (AMAUTHID#auth_id:)

Text3 (F): Schema Title: Event Identifier Data Description: Event Tracking Identifier

Value1 (1): Schema Title: Source IP Address Data Description: User IP address (numeric format – host order)

Group (G): 0

Data Length (X): 0

Data (D): null

26.10.52 Access Gateway: URL Not Found (0x002e0508)

This event is generated when you select the URL Not Found option on the Novell Audit page of an Access Gateway.

Description: Access Gateway: URL Not Found

In the Event list (Auditing and Logging > Logging Server Options > [Name of Novell Audit Secure Logging Server] > Novell Access Manager > Events), this column is called Event Name.

In a query, this column is called EventID.

Event ID: 0x002e0508

Originator (B): Schema Title: Originator Data Description: JCC Device ID (AMDEVICEID#device_id:)

Target (U): null

SubTarget (Y): Schema Title: Protected Resource URL Data Description: Protected Resource URL

Text1 (S): Schema Title: User Identifier Data Description: User DN

Text2 (T): Schema Title: Authentication Identifier Data Description: IDP Session ID (AMAUTHID#auth_id:)

Text3 (F): Schema Title: Event Identifier Data Description: Event Tracking Identifier

Value1 (1): Schema Title: Source IP Address Data Description: User IP address (numeric format – host order)

Group (G): 0

Data Length (X): 0

Data (D): null

26.10.53 Access Gateway: System Started (0x002e0509)

This event is generated when you select the System Started option on the Novell Audit page of an Access Gateway.

Description: Access Gateway: System Started

In the Event list (Auditing and Logging > Logging Server Options > [Name of Novell Audit Secure Logging Server] > Novell Access Manager > Events), this column is called Event Name.

In a query, this column is called EventID.

Event ID: 0x002e0509

Originator (B): Schema Title: Originator Data Description: JCC Device ID (AMDEVICEID#device_id:)

Target (U): null

SubTarget (Y): null

Text1 (S): null

Text2 (T): null

Text3 (F): null

Value1 (1): 0

Group (G): 0

Data Length (X): 0

Data (D): null

26.10.54 Access Gateway: System Shutdown (0x002e050a)

This event is generated when you select the System Shutdown option on the Novell Audit page of an Access Gateway.

Description: Access Gateway: System Shutdown

In the Event list (Auditing and Logging > Logging Server Options > [Name of Novell Audit Secure Logging Server] > Novell Access Manager > Events), this column is called Event Name.

In a query, this column is called EventID.

Event ID: 0x002e050a

Originator (B): Schema Title: Originator Data Description: JCC Device ID (AMDEVICEID#device_id:)

Target (U): null

SubTarget (Y): null

Text1 (S): null

Text2 (T): null

Text3 (F): null

Value1 (1): 0

Group (G): 0

Data Length (X): 0

Data (D): null

26.10.55 Access Gateway: Identity Injection Parameters (0x002e050c)

This event is generated when you select the Identity Injection Parameters option on the Novell Audit page of an Access Gateway.

Description: Access Gateway: Identity Injection Parameters

In the Event list (Auditing and Logging > Logging Server Options > [Name of Novell Audit Secure Logging Server] > Novell Access Manager > Events), this column is called Event Name.

In a query, this column is called EventID.

Event ID: 0x002e050c

Originator (B): Schema Title: Originator Data Description: JCC Device ID (AMDEVICEID#device_id:)

Target (U): null

SubTarget (Y): Schema Title: Protected Resource URL Data Description: Protected Resource URL

Text1 (S): Schema Title: User Identifier Data Description: User DN

Text2 (T): Schema Title: Authentication Identifier Data Description: IDP Session ID (AMAUTHID#auth_id:)

Text3 (F): Schema Title: Event Identifier Data Description: Event Tracking Identifier

Value1 (1): Schema Title: Injection Location Data Description: 2710 – Auth Header 2720 – Custom Header 2730 – Query Parameters

Group (G): 0

Data Length (X): 0

Data (D): null

26.10.56 Access Gateway: Identity Injection Failed (0x002e050d)

This event is generated when you select the Identity Injection Failed option on the Novell Audit page of an Access Gateway.

Description: Access Gateway: Identity Injection Failed

In the Event list (Auditing and Logging > Logging Server Options > [Name of Novell Audit Secure Logging Server] > Novell Access Manager > Events), this column is called Event Name.

In a query, this column is called EventID.

Event ID: 0x002e050d

Originator (B): Schema Title: Originator Data Description: JCC Device ID (AMDEVICEID#device_id:)

Target (U): null

SubTarget (Y): Schema Title: Protected Resource URL Data Description: Protected Resource URL

Text1 (S): Schema Title: User Identifier Data Description: User DN

Text2 (T): Schema Title: Authentication Identifier Data Description: IDP Session ID (AMAUTHID#auth_id:)

Text3 (F): Schema Title: Event Identifier Data Description: Event Tracking Identifier

Value1 (1): Schema Title: Injection Location Data Description: 2710 – Auth Header 2720 – Custom Header 2730 – Query Parameters

Group (G): 0

Data Length (X): 0

Data (D): null

26.10.57 Access Gateway: Form Fill Authentication (0x002e050e)

This event is generated when you select the Form Fill Success option on the Novell Audit page of an Access Gateway.

Description: Access Gateway: Form Fill Authentication

In the Event list (Auditing and Logging > Logging Server Options > [Name of Novell Audit Secure Logging Server] > Novell Access Manager > Events), this column is called Event Name.

In a query, this column is called EventID.

Event ID: 0x002e050e

Originator (B): Schema Title: Originator Data Description: JCC Device ID (AMDEVICEID#device_id:)

Target (U): Schema Title: Protected Resource Name Data Description: Configured name of protected resource

SubTarget (Y): Schema Title: Protected Resource URL Data Description: Protected Resource URL

Text1 (S): Schema Title: User Identifier Data Description: User DN

Text2 (T): Schema Title: Authentication Identifier Data Description: IDP Session ID (AMAUTHID#auth_id:)

Text3 (F): Schema Title: Event Identifier Data Description: Event Tracking Identifier

Value1 (1): 0

Group (G): 0

Data Length (X): 0

Data (D): null

26.10.58 Access Gateway: Form Fill Authentication Failed (0x002e050f)

This event is generated when you select the Form Fill Failed option on the Novell Audit page of an Access Gateway.

Description: Access Gateway: Form Fill Authentication Failed

In the Event list (Auditing and Logging > Logging Server Options > [Name of Novell Audit Secure Logging Server] > Novell Access Manager > Events), this column is called Event Name.

In a query, this column is called EventID.

Event ID: 0x002e050f

Originator (B): Schema Title: Originator Data Description: JCC Device ID (AMDEVICEID#device_id:)

Target (U): Schema Title: Protected Resource Name Data Description: Configured name of protected resource

SubTarget (Y): Schema Title: Protected Resource URL Data Description: Protected Resource URL

Text1 (S): Schema Title: User Identifier Data Description: User DN

Text2 (T): Schema Title: Authentication Identifier Data Description: IDP Session ID (AMAUTHID#auth_id:)

Text3 (F): Schema Title: Event Identifier Data Description: Event Tracking Identifier

Value1 (1): 0

Group (G): 0

Data Length (X): 0

Data (D): null

26.10.59 Access Gateway: URL Accessed (0x002e0512)

This event is generated when you select the URL Accessed option on the Novell Audit page of an Access Gateway.

Description: Access Gateway: URL Accessed

In the Event list (Auditing and Logging > Logging Server Options > [Name of Novell Audit Secure Logging Server] > Novell Access Manager > Events), this column is called Event Name.

In a query, this column is called EventID.

Event ID: 0x002e0512

Originator (B): Schema Title: Originator Data Description: JCC Device ID (AMDEVICEID#device_id:)

Target (U): null

SubTarget (Y): Schema Title: Protected Resource URL Data Description: Protected Resource URL

Text1 (S): Schema Title: User Identifier Data Description: User DN

Text2 (T): Schema Title: Authentication Identifier Data Description: IDP Session ID (AMAUTHID#auth_id:)

Text3 (F): Schema Title: Event Identifier Data Description: Event Tracking Identifier

Value1 (1): Schema Title: Source IP Address Data Description: User IP address (numeric format – host order)

Group (G): 0

Data Length (X): 0

Data (D): null

26.10.60 Access Gateway: IP Access Attempted (0x002e0513)

This event is generated when you select the IP Access Attempted option on the Novell Audit page of an Access Gateway.

Description: Access Gateway: IP Access Attempted

In the Event list (Auditing and Logging > Logging Server Options > [Name of Novell Audit Secure Logging Server] > Novell Access Manager > Events), this column is called Event Name.

In a query, this column is called EventID.

Event ID: 0x002e0513

Originator (B): Schema Title: Originator Data Description: JCC Device ID (AMDEVICEID#device_id:)

Target (U): null

SubTarget (Y): Schema Title: Protected Resource URL Data Description: Protected Resource URL

Text1 (S): Schema Title: User Identifier Data Description: User DN

Text2 (T): Schema Title: Authentication Identifier Data Description: IDP Session ID (AMAUTHID#auth_id:)

Text3 (F): Schema Title: Event Identifier Data Description: Event Tracking Identifier

Value1 (1): Schema Title: Source IP Address Data Description: User IP address (numeric format – host order)

Group (G): 0

Data Length (X): 0

Data (D): null

26.10.61 Access Gateway: Webserver Down (0x002e0515)

This event is generated when you select the IP Access Attempted option on the Novell Audit page of an Access Gateway.

Description: Access Gateway: One of the Web servers is not reachable

In the Event list (Auditing and Logging > Logging Server Options > [Name of Novell Audit Secure Logging Server] > Novell Access Manager > Events), this column is called Event Name.

In a query, this column is called EventID.

Event ID: 0x002e0515

Originator (B): Schema Title: Originator Data Description: JCC Device ID (AMDEVICEID#device_id:)

Target (U): null

SubTarget (Y): null

Text1 (S): WebServer hostname

Text2 (T): null

Text3 (F): null

Value1 (1): WebServer IP Address

Group (G): 0

Data Length (X): 0

Data (D): null

26.10.62 Access Gateway: All WebServers for a Service is Down (0x002e0516)

This event is generated when you select the IP Access Attempted option on the Novell Audit page of an Access Gateway.

Description: Access Gateway: All Web servers for a service are down

In the Event list (Auditing and Logging > Logging Server Options > [Name of Novell Audit Secure Logging Server] > Novell Access Manager > Events), this column is called Event Name.

In a query, this column is called EventID.

Event ID: 0x002e0516

Originator (B): Schema Title: Originator Data Description: JCC Device ID (AMDEVICEID#device_id:)

Target (U): null

SubTarget (Y): null

Text1 (S): WebServer Hostname

Text2 (T): null

Text3 (F): null

Value1 (1): WebServer IP address

Group (G): 0

Data Length (X): 0

Data (D): null

26.10.63 Management Communication Channel: Health Change (0x002e0601)

This event is generated when you select the Health Changes option on the Access Manager Auditing page.

Description: Management Communication Channel: Health Change

In the Event list (Auditing and Logging > Logging Server Options > [Name of Novell Audit Secure Logging Server] > Novell Access Manager > Events), this column is called Event Name.

In a query, this column is called EventID.

Event ID: 0x002e0601

Originator (B): Schema Title: Originator Data Description: “devmanagement” (AMDEVICEID#devmanagement:)

Target (U): null

SubTarget (Y): null

Text1 (S): Schema Title: Changed Device Data Description: IP address and device type of the changed device

Text2 (T): Schema Title: Old State Data Description: Old State

Text3 (F): Schema Title: New State Data Description: New State

Value1 (1): 0

Group (G): 0

Data Length (X): 0

Data (D): null

26.10.64 Management Communication Channel: Device Imported (0x002e0602)

This event is generated when you select the Server Imports option on the Access Manager Auditing page.

Description: Management Communication Channel: Device Imported

In the Event list (Auditing and Logging > Logging Server Options > [Name of Novell Audit Secure Logging Server] > Novell Access Manager > Events), this column is called Event Name.

In a query, this column is called EventID.

Event ID: 0x002e0602

Originator (B): Schema Title: Originator Data Description: “devmanagement” (AMDEVICEID#devmanagement:)

Target (U): null

SubTarget (Y): null

Text1 (S): Schema Title: Device Data Description: IP address and device type of the changed device

Text2 (T): blank string

Text3 (F): blank string

Value1 (1): 0

Group (G): 0

Data Length (X): 0

Data (D): null

26.10.65 Management Communication Channel: Device Deleted (0x002e0603)

This event is generated when you select the Server Deletes option on the Access Manager Auditing page.

Description: Management Communication Channel: Device Deleted

In the Event list (Auditing and Logging > Logging Server Options > [Name of Novell Audit Secure Logging Server] > Novell Access Manager > Events), this column is called Event Name.

In a query, this column is called EventID.

Event ID: 0x002e0603

Originator (B): Schema Title: Originator Data Description: “devmanagement” (AMDEVICEID#devmanagement:)

Target (U): null

SubTarget (Y): null

Text1 (S): Schema Title: Device Data Description: IP address and device type of the changed device

Text2 (T): Schema Title: Administrator Data Description: DN of the administrator deleting the device

Text3 (F): blank string

Value1 (1): 0

Group (G): 0

Data Length (X): 0

Data (D): null

26.10.66 Management Communication Channel: Device Configuration Changed (0x002e0604)

This event is generated when you select the Configuration Changes option on the Access Manager Auditing page.

Description: Management Communication Channel: Device Configuration Changed

In the Event list (Auditing and Logging > Logging Server Options > [Name of Novell Audit Secure Logging Server] > Novell Access Manager > Events), this column is called Event Name.

In a query, this column is called EventID.

Event ID: 0x002e0604

Originator (B): Schema Title: Originator Data Description: “devmanagement” (AMDEVICEID#devmanagement:)

Target (U): null

SubTarget (Y): null

Text1 (S): Schema Title: Device Data Description: IP address and device type of the changed device

Text2 (T): Schema Title: Administrator Data Description: DN of the administrator invoking the configuration change

Text3 (F): blank string

Value1 (1): 0

Group (G): 0

Data Length (X): 0

Data (D): null

26.10.67 Management Communication Channel: Device Alert (0x002e0605)

This event is generated when you enable auditing.

Description: Management Communication Channel: Device Alert

In the Event list (Auditing and Logging > Logging Server Options > [Name of Novell Audit Secure Logging Server] > Novell Access Manager > Events), this column is called Event Name.

In a query, this column is called EventID.

Event ID: 0x002e0605

Originator (B): Schema Title: Originator Data Description: “devmanagement” (AMDEVICEID#devmanagement:)

Target (U): null

SubTarget (Y): null

Text1 (S): Schema Title: Device Data Description: IP address of the device generating the alert

Text2 (T): Schema Title: Alert Message Data Description: alert message string

Text3 (F): blank string

Value1 (1): 0

Group (G): 0

Data Length (X): 0

Data (D): null

26.10.68 Risk-Based Authentication: 002e0025

This event is generated when you select the Risk-Based Authentication Succeeded option under Novell Audit Logging on the Logging page of an Identity Server configuration.

Description: Risk-Based additional authentication executed successfully for user.

Originator (B): Schema Title: Originator Data Description: JCC Device ID (AMDEVICEID#device_id:)

Target (U): Schema Title: User Identifier Data Description: User DN

SubTarget (Y): Schema Title: Authentication Identifier Description: IDP Session ID (AMAUTHID#auth_id:)

Text1 (S): Schema Title: RiskScore Description: Risk score(number).

Text2 (T): Schema Title: RiskLevel Description: Risk category defined by risk score value.

Text3 (F): Schema Title: Additional authentication class Description: Additional Authentication class name executed as part of risk based authentication.

Value1 (1): 0

Group (G): 0

Data Length (X): 0

Data (D): Schema Title: Client IP Address Description: IP Address of the host from which the authentication succeeded.

26.10.69 Risk-Based Authentication: 002e0026

This event is generated when you select the Risk-Based Authentication Failed option under Novell Audit Logging on the Logging page of an Identity Server configuration.

Description: Risk-Based authentication failed for user.

Originator (B): Schema Title: Originator Data Description: JCC Device ID (AMDEVICEID#device_id:)

Target (U): Schema Title: User Identifier Data Description: User DN

SubTarget (Y): Schema Title: Authentication Identifier Description: IDP Session ID (AMAUTHID#auth_id:)

Text1 (S): Schema Title: RiskScore Description: Risk score(number).

Text2 (T): Schema Title: RiskLevel Description: Risk category defined by risk score value.

Text3 (F): Schema Title: Additional authentication class Description: Additional Authentication class name executed as part of risk based authentication.

Value1 (1): 0

Group (G): 0

Data Length (X): 0

Data (D): Schema Title: Client IP Address Description: IP Address of the host from which the authentication succeeded.

26.10.70 Risk-Based Authentication: 002e0027

This event is generated when you select the Risk-Based Authentication Action Invoked option under Novell Audit Logging on the Logging page of an Identity Server configuration.

Description: Risk-Based authentication action for user.

Originator (B): Schema Title: Originator Data Description: JCC Device ID (AMDEVICEID#device_id:)

Target (U): Schema Title: User Identifier Data Description: User DN

SubTarget (Y): Schema Title: Authentication Identifier Description: IDP Session ID (AMAUTHID#auth_id:)

Text1 (S): Schema Title: RiskScore Description: Risk score(number).

Text2 (T): Schema Title: RiskLevel Description: Risk category defined by risk score value.

Text3 (F): Schema Title: Action taken Description: Risk category defined action taken as part of risk based authentication.

Value1 (1): 0

Group (G): 0

Data Length (X): 0

Data (D): Schema Title: Client IP Address Description: IP Address of the host from which the authentication succeeded.