This section contains all the audit events logged by Access Manager Appliance. Each event has EventID, Description, Originator Title, Target Title, Subtarget Title, Text1 Title, Text2 Title, Text3 Title, Value1 Title, Value1 Type, Group Title, Data Length, and Data Type values stored. Each field contains a single character token (such as B, U, Y, and so on) that represent the data fields of the audit event, with each letter representing a different data field. The mapping of the character tokens to data fields is found in the nids_en.lscfile.
Access Manager is listed among the log applications on the General tab on the Logging Server Options page (Auditing and Logging > Logging Server Options). You can view events on the Event list page in Auditing and Logging > Logging Server Options > [Name of Novell Audit Secure Logging Server] > Novell Access Manager > Events.
When you run an SQL query (Auditing and Logging > Queries > [Name] > Run), the system displays the results on the Query Results page. The EventID column displays the description of the event. Below, the event ID is listed with the description, to help you quickly locate the data for each audit event.
JavaScript Object Notation (JSON) Event Format
Sample JSON Format
This event is generated when you select the Risk-Based Authentication Succeeded option under Novell Audit Logging on the Logging page of an Identity Server configuration.
The following is a sample JSON event format of a Risk-Based authentication:
{ "appName" : "Novell Access Manager", "Component" : "nidp", "timeStamp" : "Fri, 31 Jul 2015 17:30:57 +0530", "eventId" : "002E0025", "Description": "NIDS: Risk based additional authentication executed successfully for user", "Originator": "9772686A5705BA6C", "Target": "cn=admin,o=novell", "SubTarget": "3883A05A302BA3BDC7899AF05810B08B", "stringValue1": "35", "stringValue2": "medium", "stringValue3": "null", "numericValue1": "0", "numericValue2": "0", "numericValue3": "0", "Data": "MTY0Ljk5LjEzNy41Mg==", "Message": "[Fri, 31 Jul 2015 17:30:57 +0530] [Novell Access Manager\nidp]: AMDEVICEID#9772686A5705BA6C: AMAUTHID#3883A05A302BA3BDC7899AF05810B08B: Risk based authentication successful for user: [cn=admin,o=novell]. RiskScore: [35] RiskLevel: [Medium] Additional authentication class: [$SF] Client IP Address: [164.99.137.52]", }
The following table lists the event fields with its corresponding description:
Field |
Description |
---|---|
appName |
Specifies the name of the product. |
Component |
Specifies the name of the NetIQ Access Manager component. For example, “nipd” identifies that the audit is triggered by the Identity Server. |
timeStamp |
Specifies the time when the event occurred. |
eventId |
Specifies the event ID. For example, 002E0025. To view all the events and their corresponding event IDs, see the below sections. |
Description |
Describes the event. |
Originator |
Specifies the ID of the device that generated this event. For example, 9772686A5705BA6C is the device with ID “idp-9772686A5705BA6C” |
Target |
Specifies the target on which this action is executed. In the above example, the action is risk-based authentication, hence the target is the user id for which the risk was assessed. |
SubTarget |
Specifies the additional details about the target. |
stringValue1 |
Specifies an event-specific string value. The value of this field varies from event to event. For example, it is null if the event has no value to pass. |
stringValue2 |
Specifies an event-specific string value. The value of this field varies from event to event. For example, it is null if the event has no value to pass. |
stringValue3 |
Specifies an event-specific string value. The value of this field varies from event to event. For example, it is null if the event has no value to pass. |
numbericValue1 |
Specifies an event-specific string value. The value of this field varies from event to event. For example, it is null if the event has no value to pass. |
numbericValue2 |
Specifies an event-specific string value. The value of this field varies from event to event. For example, it is null if the event has no value to pass. |
numbericValue3 |
Specifies an event-specific string value. The value of this field varies from event to event. For example, it is null if the event has no value to pass. |
Data |
Specifies an event-specific data. |
Message |
Specifies a friendly detailed message related to the event. |
NOTE:The Syslog agents use the following message format: rfc3164. For more information, see RFC 3164 documentation.
This section discusses the following audit events:
NIDS: Logged Out an Authentication that Was Provided to a Remote Consumer (002e0007)
NIDS: Provided an Authentication to a Remote Consumer (002e0009)
NIDS: Failed to Provide an Authentication to a Remote Consumer (002e000b)
NIDS: Connection to User Store Replica Reestablished (002e0013)
NIDS: Brokered an Authentication from Identity Provider to Service Provider (002E001C)
NIDS: OAuth2 client has been registered successfully (002e0036)
NIDS: OAuth2 client has been modified successfully (002e0037)
NIDS: OAuth2 client has been deleted successfully (002e0038)
Access Gateway: Identity Injection Policy Evaluation (002e0323)
Access Gateway: Form Fill Authentication Failed (0x002e050f)
Access Gateway: All WebServers for a Service is Down (0x002e0516)
Management Communication Channel: Health Change (0x002e0601)
Management Communication Channel: Device Imported (0x002e0602)
Management Communication Channel: Device Deleted (0x002e0603)
Management Communication Channel: Device Configuration Changed (0x002e0604)
This event is generated when you select the Federation Request Sent option under Novell Audit Logging on the Logging page of an Identity Server configuration.
Description: NIDS: Sent a federate request.
Originator (B): Schema Title: Originator Data Description: JCC Device ID (AMDEVICEID#device_id:)
Target (U): Schema Title: User Identifier Data Description: LDAP Auth: User DN Other Auth: User GUID
SubTarget (Y): null
Text1 (S): null
Text2 (T): null
Text3 (F): null
Value1 (1): 0
Group (G): 0
Data Length (X): 0
Data (D): null
This event is generated when you select the Federation Request Handled option under Novell Audit Logging on the Logging page of an Identity Server configuration.
Description: NIDS: Received a federate request.
Originator (B): Schema Title: Originator Data Description: JCC Device ID (AMDEVICEID#device_id:)
Target (U): Schema Title: User Identifier Data Description: LDAP Auth: User DN Other Auth: User GUID
SubTarget (Y): null
Text1 (S): Schema Title: Provider Identifier; Data Description: Service Provider ID
Text2 (T): null
Value1 (1): 0
Group (G): 0
Data Length (X): 0
Data (D): null
This event is generated when you select the Defederation Request Sent option under Novell Audit Logging on the Logging page of an Identity Server configuration.
Description: NIDS: Sent a defederate request.
Originator (B): Schema Title: Originator Data Description: JCC Device ID (AMDEVICEID#device_id:)
Target (U): Schema Title: User Identifier Data Description: LDAP Auth: User DN Other Auth: User GUID
SubTarget (Y): null
Text1 (S): Schema Title: Provider Identifier; Data Description: Service Provider ID
Text2 (T): null
Value1 (1): 0
Group (G): 0
Data Length (X): 0
Data (D): null
This event is generated when you select the Defederation Request Handled option under Novell Audit Logging on the Logging page of an Identity Server configuration.
Description: NIDS: Received a defederate request
Originator (B): Schema Title: Originator Data Description: JCC Device ID (AMDEVICEID#device_id:)
Target (U): Schema Title: User Identifier Data Description: LDAP Auth: User DN Other Auth: User GUID
SubTarget (Y): null
Text1 (S): Schema Title: Provider Identifier Data Description: Service Provider ID
Text2 (T): null
Text3 (F): null
Value1 (1): 0
Group (G): 0
Data Length (X): 0
Data (D): null
Description: NIDS: Sent a register name request
Originator (B): Schema Title: Originator Data Description: JCC Device ID (AMDEVICEID#device_id:)
Target (U): null
SubTarget (Y): null
Text1 (S): null
Text2 (T): null
Text3 (F): null
Value1 (1): 0
Group (G): 0
Data Length (X): 0
Data (D): null
This event is generated when you select the Register Name Request Handled option under Novell Audit Logging on the Logging page of an Identity Server configuration.
Description: NIDS: Received a register name request
Originator (B): Schema Title: Originator Data Description: JCC Device ID (AMDEVICEID#device_id:)
Target (U): null
SubTarget (Y): null
Text1 (S): null
Text2 (T): null
Text3 (F): null
Value1 (1): 0
Group (G): 0
Data Length (X): 0
Data (D): null
This event is generated when you select the Logout Provided option under Novell Audit Logging on the Logging page of an Identity Server configuration.
Description: NIDS: Logged out an authentication that was provided to a remote consumer
Originator (B): Schema Title: Originator Data Description: JCC Device ID (AMDEVICEID#device_id:)
Target (U): Schema Title: User Identifier Data Description: LDAP Auth: User DN Other Auth: User GUID
SubTarget (Y): null
Text1 (S): Schema Title: Authentication Identifier Data Description: IDP Session ID (AMAUTHID#auth_id:)
Text2 (T): null
Text3 (F): null
Value1 (1): Schema Title: Timed Out Data Description: 0 = other reason 1 = timed out
Group (G): 0
Data Length (X): 0
Data (D): null
This event is generated when you select the Logout Local option under Novell Audit Logging on the Logging page of an Identity Server configuration.
Description: NIDS: Logged out a local authentication
Originator (B): Schema Title: Originator Data Description: JCC Device ID (AMDEVICEID#device_id:)
Target (U): Schema Title: User Identifier Data Description: LDAP Auth: User DN Other Auth: User GUID
SubTarget (Y): null
Text1 (S): Schema Title: Authentication Identifier Data Description: IDP Session ID (AMAUTHID#auth_id:
Text2 (T): null
Text3 (F): null
Value1 (1): Schema Title: Timed Out Data Description: 0 = other reason 1 = timed out
Group (G): 0
Data Length (X): 0
Data (D): null
This event is generated when you select the Login Consumed option under Novell Audit Logging on the Logging page of an Identity Server configuration.
Description: NIDS: Provided an authentication to a remote consumer
Originator (B): Schema Title: Originator Data Description: JCC Device ID (AMDEVICEID#device_id:)
Target (U): Schema Title: User Identifier Data Description: User DN
SubTarget (Y): Schema Title: Authentication Identifier Data Description: IDP Session ID (AMAUTHID#auth_id:)
Text1 (S): Schema Title: Authentication Type Data Description: Authentication Profile
Text2 (T): Schema Title: Authentication Entity Name Data Description: Authentication Source
Text3 (F): Schema Title: Contract Class or Method Name Data Description: Authentication Contract URI
Value1 (1): 0
Group (G): 0
Data Length (X): 0
Data (D): Schema Title: Client IP Address Description: IP Address of the host from which the authentication succeeded.
This event is generated when you select the Login Provided option under Novell Audit Logging on the Logging page of an Identity Server configuration.
Description: NIDS: User session was authenticated
Originator (B): Schema Title: Originator Data Description: JCC Device ID (AMDEVICEID#device_id:)
Target (U): Schema Title: User Identifier Data Description: User DN
SubTarget (Y): Schema Title: Authentication Identifier Data Description: IDP Session ID (AMAUTHID#auth_id:)
Text1 (S): Schema Title: Authentication Type Data Description: Authentication Profile
Text2 (T): Schema Title: Authentication Entity Name Data Description: Authentication Source
Text3 (F): Schema Title: Contract Class or Method Name Data Description: Authentication Contract URI
Value1 (1): 0
Group (G): 0
Data Length (X): 0
Data (D): Schema Title: Client IP Address Description: IP Address of the host from which the authentication succeeded.
This event is generated when you select the Login Consumed Failure option under Novell Audit Logging on the Logging page of an Identity Server configuration.
Description: NIDS: Failed to provide an authentication to a remote consumer
Originator (B): Schema Title: Originator Data Description: JCC Device ID (AMDEVICEID#device_id:)
Target (U): Schema Title: User Identifier Data Description: User DN
SubTarget (Y): null
Text1 (S): Schema Title: Authentication Identifier Data Description: IDP Session ID (AMAUTHID#auth_id:)
Text2 (T): Schema Title: Provider Identifier Data Description: Service Provider ID
Text3 (F): Schema Title: Reason Data Description: Reason Message
Value1 (1): 0
Group (G): 0
Data Length (X): 0
Data (D): null
This event is generated when you select the Login Provided Failure option under Novell Audit Logging on the Logging page of an Identity Server configuration. Use the Description field and the Text3 (F) field to determine whether the failure came from a contract, SAML 1.1, SAML 2.0, or Liberty.
Description: NIDS: User session authentication failed. This string plus one of the following phrases: for a contract failure, Contract Execution; for a SAML 1.1 failure, SAML Assertion; for a SAML 2.0 failure, SAML2 SSO; for a Liberty failure, Liberty SSO.
Originator (B): Schema Title: Originator Data Description: JCC Device ID (AMDEVICEID#device_id:)
Target (U): Schema Title: Authentication Contract Name Data Description: Contract URI
SubTarget (Y): Schema Title: User Identifier Data Description: User DN
Text1 (S): Schema Title: Authentication Identifier Data Description: IDP Session ID (AMAUTHID#auth_id:)
Text2 (T): Schema Title: Reason Data Description: Reason Message
Text3 (F): Schema Title: Authentication Source Data Description: For a contract, contains the authentication method name; for Liberty, contains the service provider IP; for SAML 1.1, contains the SAML assertion issuer; for SAML 2.0, contains the service provider IP.
Value1 (1): 0
Group (G): 0
Data Length (X): 0
Data (D): Schema Title: Client IP Address Description: IP Address of the host from which the authentication failed.
This event is generated when you select the Attribute Query Request Handled option under Novell Audit Logging on the Logging page of an Identity Server configuration.
Description: NIDS: Received an attribute query request
Originator (B): Schema Title: Originator Data Description: JCC Device ID (AMDEVICEID#device_id:)
Target (U): Schema Title: User Identifier Data Description: LDAP Auth: User DN Other Auth: User GUID
SubTarget (Y): null
Text1 (S): Schema Title: Provider Identifier Data Description: Service Provider ID
Text2 (T): Schema Title: Attribute Names Data Description: Requested Attributes
Text3 (F): null
Value1 (1): 0
Group (G): 0
Data Length (X): 0
Data (D): null
This event is generated when you select the User Account Provisioned option under Novell Audit Logging on the Logging page of an Identity Server configuration.
Description: NIDS: User account provisioned
Originator (B): Schema Title: Originator Data Description: JCC Device ID (AMDEVICEID#device_id:)
Target (U): Schema Title: User Store Identifier Data Description: Displayable user name
SubTarget (Y): null
Text1 (S): Schema Title: User Identifier Data Description: Authentication User Name
Text2 (T): Schema Title: Authentication Identifier Data Description: IDP Session ID (AMAUTHID#auth_id:)
Text3 (F): null
Value1 (1): 0
Group (G): 0
Data Length (X): 0
Data (D): null
This event is generated when you select the User Account Provisioned Failure option under Novell Audit Logging on the Logging page of an Identity Server configuration.
Description: NIDS: Failed to provision a user account
Originator (B): Schema Title: Originator Data Description: JCC Device ID (AMDEVICEID#device_id:)
Target (U): Schema Title: User Store Identifier Data Description: Displayable User Name
SubTarget (Y): null
Text1 (S): Schema Title: User Identifier Data Description: Authentication User Name
Text2 (T): Schema Title: Reason Data Description: Reason Message
Text3 (F): null
Value1 (1): 0
Group (G): 0
Data Length (X): 0
Data (D): null
This event is generated when you select the Web Service Query Handled option under Novell Audit Logging on the Logging page of an Identity Server configuration. The Identity Server uses this event for two types of Web service queries:
Discovery: This is a query to discover a service. For this type of query, the Group (G) field is not used. For a remote query, the Data Description of the Value1 field is set to 0. For a local query, the Data Description of the Value1 field is set to 1.
Profile: This is a query to get attributes for a user from a profile (personal, credential, etc.). For this type of query, the Group (G) field contains a GroupingID for all attributes selected in the request. A separate event is generated for each attribute select list in the request. For a remote query, the Data Description of the Value1 field is set to 0. For a local query, the Data Description of the Value1 field is set to 1.
Description: NIDS: Web Service query
Originator (B): Schema Title: Originator Data Description: JCC Device ID (AMDEVICEID#device_id:)
Target (U): Schema Title: User Identifier Data Description: User DN
SubTarget (Y): null
Text1 (S): Schema Title: Provider Identifier Data Description: Requesting Provider ID
Text2 (T): Schema Title: Select String Data Description: Requested attributes; select string
Text3 (F): Schema Title: Service Identifier Data Description: Web Service URI
Value1 (1): Schema Title: Local Data Description: 0 – Remote 1 – Local
Group (G): Schema Title: Query Group Data Description: If this is a profile query, it contains the grouping ID for all attributes selected in this request. Otherwise, this field is not used in the event.
Data Length (X): 0
Data (D): null
This event is generated when you select the Web Service Modify Handled option under Novell Audit Logging on the Logging page of an Identity Server configuration. The Identity Server uses this event for two types of Web service modify requests:
Discovery: This is a request to discover a service to modify. For this type of request, the Group (G) field is not used. For a remote request, the Data Description of the Value1 field is set to 0. For a local request, the Data Description of the Value1 field is set to 1.
Profile: This is a request to modify the attributes of a user in a profile (personal, credential, etc.). For this type of request, the Group (G) field contains a GroupingID for all attributes selected in the request. A separate event is generated for each attribute select list in the modify request. For a remote request, the Data Description of the Value1 field is set to 0. For a local request, the Data Description of the Value1 field is set to 1.
Description: NIDS: Web Service modify
Originator (B): Schema Title: Originator Data Description: JCC Device ID (AMDEVICEID#device_id:)
Target (U): Schema Title: User Identifier Data Description: User DN
SubTarget (Y): null
Text1 (S): Schema Title: Provider Identifier Data Description: Requesting Provider ID
Text2 (T): Schema Title: Select String Data Description: Modified attributes select string
Text3 (F): Schema Title: Service Identifier Data Description: Web Service URI
Value1 (1): Schema Title: Local Data Description: 0 – Remote; 1 – Local
Group (G): Schema Title: Modify Group Data Description: If this is a profile modify, it contains the grouping ID for each attribute select list in the request. Otherwise, this field is not used in the event.
Data Length (X): 0
Data (D): null
This event is generated when you select the LDAP Connection Lost option under Novell Audit Logging on the Logging page of an Identity Server configuration.
Description: NIDS: Connection to user store replica lost
Originator (B): Schema Title: Originator Data Description: JCC Device ID (AMDEVICEID#device_id:)
Target (U): Schema Title: User Store Replica Name Data Description: Replica name
SubTarget (Y): null
Text1 (S): Schema Title: User Store Replica Host Data Description: IP Address of User Store replica server
Text2 (T): null
Text3 (F): null
Value1 (1): 0
Group (G): 0
Data Length (X): 0
Data (D): null
This event is generated when you select the LDAP Connection Reestablished option under Novell Audit Logging on the Logging page of an Identity Server configuration.
Description: NIDS: Connection to user store replica reestablished
Originator (B): Schema Title: Originator Data Description: JCC Device ID (AMDEVICEID#device_id:)
Target (U): Schema Title: User Store Replica Name Data Description: Replica name
SubTarget (Y): null
Text1 (S): Schema Title: User Store Replica Host Data Description: IP Address of User Store replica server
Text2 (T): null
Text3 (F): null
Value1 (1): 0
Group (G): 0
Data Length (X): 0
Data (D): null
This event is generated when you select the Server Started option under Novell Audit Logging on the Logging page of an Identity Server configuration.
Description: NIDS: Server started
Originator (B): Schema Title: Originator Data Description: JCC Device ID (AMDEVICEID#device_id:)
Target (U): Schema Title: Configuration Identifier Data Description: Configuration Object DN
SubTarget (Y): null
Text1 (S): Schema Title: Server Identifier Data Description: Unique server ID also used to create Liberty and SAML artifacts
Text2 (T): null
Text3 (F): null
Value1 (1): 0
Group (G): 0
Data Length (X): 0
Data (D): null
This event is generated when you select the Server Stopped option under Novell Audit Logging on the Logging page of an Identity Server configuration.
Description: NIDS: Server stopped
Originator (B): Schema Title: Originator Data Description: JCC Device ID (AMDEVICEID#device_id:)
Target (U): Schema Title: Configuration Identifier Data Description: Configuration object DN
SubTarget (Y): null
Text1 (S): Schema Title: Server Identifier Data Description: Unique server ID also used to create Liberty and SAML artifacts
Text2 (T): null
Text3 (F): null
Value1 (1): 0
Group (G): 0
Data Length (X): 0
Data (D): null
This event is generated when you select the Server Refreshed option under Novell Audit Logging on the Logging page of an Identity Server configuration.
Description: NIDS: Server Refreshed
Originator (B): Schema Title: Originator Data Description: JCC Device ID (AMDEVICEID#device_id:)
Target (U): Schema Title: Configuration Identifier Data Description: Configuration Object DN
SubTarget (Y): null
Text1 (S): Schema Title: Server Identifier Data Description: Unique server ID also used to create Liberty and SAML artifacts
Text2 (T): null
Text3 (F): null
Value1 (1): 0
Group (G): 0
Data Length (X): 0
Data (D): null
This event is generated when you select the Intruder Lockout Detected option under Novell Audit Logging on the Logging page of an Identity Server configuration.
Description: NIDS: Intruder Lockout
Originator (B): Schema Title: Originator Data Description: JCC Device ID (AMDEVICEID#device_id:)
Target (U): Schema Title: User Identifier Data Description: User DN
SubTarget (Y): null
Text1 (S): Schema Title: Server Identifier Data Description: IP address of the User Store replica server
Text2 (T): null
Text3 (F): null
Value1 (1): 0
Group (G): 0
Data Length (X): 0
Data (D): null
This event is generated when you select the Component Log Severe Messages option under Novell Audit Logging on the Logging page of an Identity Server configuration.
Description: NIDS: Severe Component Log Entry
Originator (B): Schema Title: Originator Data Description: JCC Device ID (AMDEVICEID#device_id:)
Target (U): null
SubTarget (Y): null
Text1 (S): Schema Title: Component Log Text Data Description: Server Error Text
Text2 (T): null
Text3 (F): null
Value1 (1): 0
Group (G): 0
Data Length (X): 0
Data (D): null
This event is generated when you select the Component Log Warning Messages option under Novell Audit Logging on the Logging page of an Identity Server configuration.
Description: NIDS: Warning Component Log Entry
Originator (B): Schema Title: Originator Data Description: JCC Device ID (AMDEVICEID#device_id:)
Target (U): null
SubTarget (Y): null
Text1 (S): Schema Title: Component Log Text Data Description: Warning Error Text
Text2 (T): null
Text3 (F): null
Value1 (1): 0
Group (G): 0
Data Length (X): 0
Data (D): null
This event is generated when you select the Brokering Across Groups Denied option under Novell Audit Logging on the Logging page of an Identity Server configuration.
Description: NIDS: Failed to broker an authentication from identity provider to service provider as identity provider and service provider are not in same group
Originator (B): Schema Title: Originator Data Description: JCC Device ID (AMDEVICEID#device_id:)
Target (U): Schema Title: User Identifier Data Description: User DN
SubTarget (Y): null
Text1 (S): Schema Title: Identity Provider IdentifierDescription : Identity Provider ID
Text2 (T): Schema Title: Service Provider IdentifierDescription: Service Provider ID
Text3 (F): null
Value1 (1): 0
Group (G): 0
Data Length (X): Schema Title: Target URL Length Description: Byte length of the target URL
Data (D): Schema Title: Target URL Description: Target URL
This event is generated when you select the Brokering Rule Evaluated to Deny option under Novell Audit Logging on the Logging page of an Identity Server configuration.
Description: NIDS: Failed to broker an authentication from identity provider to service provider because a policy evaluated to deny
Originator (B): Schema Title: Originator Data Description: JCC Device ID (AMDEVICEID#device_id:)
Target (U): Schema Title: User Identifier Data Description: User DN
SubTarget (Y): Schema Title: Broker Group Name Description: Name of the Brokering Group
Text1 (S): Schema Title: Identity Provider IdentifierDescription: Identity Provider ID
Text2 (T): Schema Title: Service Provider IdentifierDescription: Service Provider ID
Text3 (F): Schema Title: Broker Policy Description: Name of the Broker Policy that evaluated to deny
Value1 (1): 0
Group (G): 0
Data Length (X): Schema Title: Target URL Length Description: Byte length of the target URL
Data (D): Schema Title: Target URL Description: Target URL
This event is generated when you select the Brokering Handled option under Novell Audit Logging on the Logging page of an Identity Server configuration.
Description: NIDS: Brokered an authentication from identity provider to service provider
Originator (B): Schema Title: Originator Data Description: JCC Device ID (AMDEVICEID#device_id:)
Target (U): Schema Title: User Identifier Data Description: User DN
SubTarget (Y): Schema Title: Broker Group Name Description: Name of the Brokering Group
Text1 (S): Schema Title: Identity Provider Identifier Description: Identity Provider ID
Text2 (T): Schema Title: Service Provider Identifier Description: Service Provider ID
Text3 (F): null
Value1 (1): 0
Group (G): 0
Data Length (X): Schema Title: Target URL Length Description: Byte length of the target URL
Data (D): Schema Title: Target URL Description: Target URL
This event is generated when you select the OAuth & OpenID Token Issued option under Novell Audit Logging on the Logging page of an Identity Server configuration.
Description: NIDS: OAuth2 Authorization code issued
Originator (B): Schema Title: Originator
Data Description: JCC Device ID (AMDEVICEID#device_id:)
Target (U): Schema Title: User Identifier
Data Description: Authentication User Name
SubTarget (Y): null
Text1 (S): Schema Title: Issued At Data
Data Description: Token issued time stamp in Millisecond
Text2 (T): Schema Title: Issued To Data
Description: Client Name
Text3 (F): Schema Title: Validity Data
Description: From: Time in Milliseconds - To: Time in Milliseconds
This event is generated when you select the OAuth & OpenID Token Issued option under Novell Audit Logging on the Logging page of an Identity Server configuration.
Description: NIDS: OAuth2 token issued
Originator (B): Schema Title: Originator
Data Description: JCC Device ID (AMDEVICEID#device_id:)
Target (U): Schema Title: User Identifier
Data Description: Authentication User Name
SubTarget (Y): Schema Title: Grant Type
Data Description: Oauth grant type
Text1 (S): Schema Title: Issued At
Data Description: Token issued time stamp in Milliseconds
Text2 (T): Schema Title: Issued To
Data Description: Client Name
Text3 (F): Schema Title: Validity
Data Description: From: Time in Milliseconds - To: Time in Milliseconds
This event is generated when you select the OAuth & OpenID Token Issue Failed option under Novell Audit Logging on the Logging page of an Identity Server configuration.
Description: NIDS: OAuth2 Authorization code issue failed
Originator (B): Schema Title: Originator
Data Description: JCC Device ID (AMDEVICEID#device_id:)
Target (U): Schema Title: User Identifier
Data Description: Authentication User Name
SubTarget (Y): null
Text1 (S): Schema Title: Failed At
Data Description: Code issued failed time stamp in Milliseconds
Text2 (T): Schema Title: Reason
Data Description: Reason for failure
Text3 (F): null
This event is generated when you select the OAuth & OpenID Token Issue option under Novell Audit Logging on the Logging page of an Identity Server configuration.
Description: NIDS: OpenID token issued
Originator (B): Schema Title: Originator
Data Description: JCC Device ID (AMDEVICEID#device_id:)
Target (U): Schema Title: User Identifier
Data Description: Authentication User Name
SubTarget (Y): null
Text1(S): Schema Title: Issued At
Data Description: ID Token issued time stamp in Millisecond
Text2(T): Schema Title: Issued To
Data Description: Client Name s
Text3(F): Schema Title: Expires
Data Description: Expires in second
This event is generated when you select the OAuth & OpenID Token Issue option under Novell Audit Logging on the Logging page of an Identity Server configuration.
Description: NIDS: OAuth2 refresh token issued
Originator (B): Schema Title: Originator
Data Description: JCC Device ID (AMDEVICEID#device_id:)
Target (U): Schema Title: User Identifier
Data Description: Authentication User Name
SubTarget (Y): null
Text1 (S): Schema Title: Issued At
Data Description: Token issued time stamp in Millisecond
Text2 (T): Schema Title: Issued To
Data Description: Client Name
Text3 (F): Schema Title: Validity
Data Description: From: Time in Milliseconds - To: Time in Milliseconds
This event is generated when you select the OAuth & OpenID Token Issue Failed option under Novell Audit Logging on the Logging page of an Identity Server configuration.
Description: NIDS: OAuth2 token issue failed
Originator (B): Schema Title: Originator
Data Description: JCC Device ID (AMDEVICEID#device_id:)
Target (U): Schema Title: User Identifier
Data Description: Authentication User Name
SubTarget (Y): Schema Title: Grant Type
Data Description: Oauth grant type
Text1 (S): Schema Title: Failed At
Data Description: Token issue failed time stamp in Milliseconds
Text2 (T): Schema Title: Issued To
Data Description: Client Name
Text3 (F): Schema Title: Reason
Data Description: Reason for failure
This event is generated when you select the OAuth & OpenID Token Issue Failed option under Novell Audit Logging on the Logging page of an Identity Server configuration.
Description: NIDS: OpenID token issue failed
Originator (B): Schema Title: Originator
Data Description: JCC Device ID (AMDEVICEID#device_id:)
Target (U): Schema Title: User Identifier Data Description: Authentication User Name
SubTarget (Y): null
Text1 (S): Schema Title: Failed At
Data Description: Token issue failed time stamp in Milliseconds
Text2 (T): Schema Title: Issued To
Data Description: Client Name
Text31 (F): Schema Title: Reason
Data Description: Reason for failure
This event is generated when you select the OAuth & OpenID Token Issue Failed option under Novell Audit Logging on the Logging page of an Identity Server configuration.
Description: NIDS: OAuth2 refresh token issue failed
Originator (B): Schema Title: Originator
Data Description: JCC Device ID (AMDEVICEID#device_id:)
Target (U): Schema Title: User Identifier
Data Description: Authentication User Name
SubTarget (Y): null
Text1 (S): Schema Title: Failed At
Data Description: Token issue failed time stamp in Milliseconds
Text2 (T): Schema Title: Issued To
Data Description: Client Name
Text31 (F): Schema Title: Reason
Data Description: Reason for failure
This event is generated when you select the OAuth Client Applications option under Novell Audit Logging on the Logging page of an Identity Server configuration.
Description: NIDS: OAuth2 client has been registered successfully
Originator (B): Schema Title: Originator
Data Description: JCC Device ID (AMDEVICEID#device_id:)
Target (U): Schema Title: User Identifier
Data Description: Authentication User Name
SubTarget (Y): null
Text1 (S): Schema Title: Registered At
Data Description: Client registered time stamp in Milliseconds
Text2 (T): Schema Title: Client Name Data Description: Client Name
Text31 (F): Schema Title: Client ID
Data Description: Client ID
This event is generated when you select the OAuth Client Applications option under Novell Audit Logging on the Logging page of an Identity Server configuration.
Description: NIDS: OAuth2 client has been modified successfully
Originator (B): Schema Title: Originator
Data Description: JCC Device ID (AMDEVICEID#device_id:)
Target (U): Schema Title: User Identifier
Data Description: Authentication User Name
SubTarget (Y): null
Text1 (S): Schema Title: Modified At
Data Description: Client modify time stamp in Milliseconds
Text2 (T): Schema Title: Client Name
Data Description: Client Name
Text31 (F): Schema Title: Client ID Description: Client ID
This event is generated when you select the OAuth Client Applications option under Novell Audit Logging on the Logging page of an Identity Server configuration.
Description: NIDS: OAuth2 client has been deleted successfully
Originator (B): Schema Title: Originator
Data Description: JCC Device ID (AMDEVICEID#device_id:)
Target (U): Schema Title: User Identifier
Data Description: Authentication User Name
SubTarget (Y): null
Text1 (S): Schema Title: Removed At
Data Description: Client deleted time stamp in Milliseconds
Text2 (T): Schema Title: Client Name
Data Description: Client Name
Text31 (F): Schema Title: Client ID Description: Client ID
This event is generated when you select the OAuth Consent Provided option under Novell Audit Logging on the Logging page of an Identity Server configuration.
Description: NIDS: OAuth2 user has provided consent
Originator (B): Schema Title: Originator
Data Description: JCC Device ID (AMDEVICEID#device_id:)
Target (U): Schema Title: User Identifier
Data Description: Authentication User Name
SubTarget (Y): null
Text1 (S): Schema Title: Provided At
Data Description: Consent provided time stamp in Milliseconds
Text2 (T): null
Text31 (F): null
This event is generated when you select the OAuth Consent Revoked option under Novell Audit Logging on the Logging page of an Identity Server configuration.
Description: NIDS: OAuth2 user has revoked consent
Originator (B): Schema Title: Originator
Data Description: JCC Device ID (AMDEVICEID#device_id:)
Target (U): Schema Title: User Identifier
Data Description: Authentication User Name
SubTarget (Y): null
Text1 (S): Schema Title: Revoked At
Data Description: Consent revoked time stamp in Milliseconds
Text2 (T): null
Text31 (F): null
This event is generated when you select the OAuth & OpenID Token Validation Success option under Novell Audit Logging on the Logging page of an Identity Server configuration.
Description: NIDS: OAuth2 token validation success
Originator (B): Schema Title: Originator
Data Description: JCC Device ID (AMDEVICEID#device_id:)
Target (U): Schema Title: User Identifier
Data Description: Authentication User Name
SubTarget (Y): null
Text1 (S): Schema Title: Validated At
Data Description: Validated time stamp in Milliseconds
Text2 (T): null
Text31 (F): Schema Title: Expires
Data Description: Expires in seconds
This event is generated when you select the OAuth & OpenID Token Validation Failed option under Novell Audit Logging on the Logging page of an Identity Server configuration.
Description: NIDS: OAuth2 token validation failed
Originator (B): Schema Title: Originator
Data Description: JCC Device ID (AMDEVICEID#device_id:)
Target (U): null
SubTarget (Y): null
Text1 (S): Schema Title: Validated At
Data Description: Validated time stamp in Milliseconds
Text2 (T): null
Text31 (F): Schema Title: Reason
Data Description: Validation failure reason
Data (D): Schema Title: Client IP Address
Description: IP Address of the host from which the token received
This event is generated when you select the OAuth Client Applications option under Novell Audit Logging on the Logging page of an Identity Server configuration.
Description: NIDS: OAuth2 client registration failed
Originator (B): Schema Title: Originator
Data Description: JCC Device ID (AMDEVICEID#device_id:)
Target (U): Schema Title: User Identifier
Data Description: Authentication User Name
SubTarget (Y): null
Text1 (S): Schema Title: Failed At
Data Description: Client registration failed time stamp in Milliseconds
Text2 (T): Schema Title: Client Name
Data Description: Client Name
Text31 (F): Schema Title: Reason
Data Description: Reason for failure
This event is generated for Identity Server roles.
Description: NIDS: Roles PEP Configured
Originator (B): Schema Title: Originator Data Description: JCC Device ID (AMDEVICEID#device_id:)
Target (U): null
SubTarget (Y): null
Text1 (S): null
Text2 (T): null
Text3 (F): null
Value1 (1): 0
Group (G): 0
Data Length (X): Schema Title: Policy Enforcement List Length Data Description: Byte length of PEL
Data (D): Schema Title: Policy Enforcement List Data Description: Policy Enforcement List (PEL) data
This event is generated when you enable auditing.
Description: Access Gateway: policy enforcement point (PEP) configured
Originator (B): Schema Title: Originator Data Description: JCC Device ID (AMDEVICEID#device_id:)
Target (U): null
SubTarget (Y): null
Text1 (S): Schema Title: Event Identifier Data Description: Event Tracking Identifier
Text2 (T): null
Text3 (F): null
Value1 (1): Schema Title: Audit Enabled Data Description: 0 = No; 1 = Yes
Group (G): 0
Data Length (X): Schema Title: Policy Enforcement List Length Data Description: Byte length of PEL
Data (D): Schema Title: Policy Enforcement List Data Description: Policy Enforcement List (PEL) data
This event is generated when you enable auditing.
Description: Roles assignment policy evaluation
Originator (B): Schema Title: Originator Data Description: JCC Device ID (AMDEVICEID#device_id:)
Target (U): null
SubTarget (Y): null
Text1 (S): Schema Title: Authentication Identifier Data Description: IDP Session ID (AMAUTHID#auth_id:)
Text2 (T): Schema Title: Assigned Roles Data Description: Assigned Role or error message
Text3 (F): Schema Title: Policy Action Data Description: Policy Action FDN
Value1 (1): 0
Group (G): 0
Data Length (X): 0
Data (D): null
This event is generated when you enable auditing.
Description: Access Gateway: Authorization policy evaluation
Originator (B): Schema Title: Originator Data Description: JCC Device ID (AMDEVICEID#device_id:)
Target (U): null
SubTarget (Y): null
Text1 (S): Schema Title: Authentication Identifier Data Description: IDP Session ID (AMAUTHID#auth_id:)
Text2 (T): Schema Title: Event Identifier Data Description: Event Tracking Identifier
Text3 (F): Schema Title: Policy Action Data Description: Policy Action FDN
Value1 (1): 0
Group (G): 0
Data Length (X): 0
Data (D): null
This event is generated when you enable auditing.
Description: Access Gateway: Form Fill policy evaluation
Originator (B): Schema Title: Originator Data Description: JCC Device ID (AMDEVICEID#device_id:)
Target (U): null
SubTarget (Y): null
Text1 (S): Schema Title: Authentication Identifier Data Description: IDP Session ID (AMAUTHID#auth_id:)
Text2 (T): Schema Title: Event Identifier Data Description: Event Tracking Identifier
Text3 (F): Schema Title: Policy Action Data Description: Policy Action FDN
Value1 (1): 0
Group (G): 0
Data Length (X): 0
Data (D): null
This event is generated when you enable auditing.
Description: Access Gateway: Identity Injection policy evaluation
Originator (B): Schema Title: Originator Data Description: JCC Device ID (AMDEVICEID#device_id:)
Target (U): null
SubTarget (Y): null
Text1 (S): Schema Title: Authentication Identifier Data Description: IDP Session ID (AMAUTHID#auth_id:)
Text2 (T): Schema Title: Event Identifier Data Description: Event Tracking Identifier
Text3 (F): Schema Title: Policy Action Data Description: Policy Action FDN
Value1 (1): 0
Group (G): 0
Data Length (X): 0
Data (D): null
This event is generated when you select the Access Denied option on the Novell Audit page of an Access Gateway.
Description: Access Gateway: Access Denied
In the Event list (Auditing and Logging > Logging Server Options > [Name of Novell Audit Secure Logging Server] > Novell Access Manager > Events), this column is called Event Name.
In a query, this column is called EventID.
Event ID: 0x002e0505
Originator (B): Schema Title: Originator Data Description: JCC Device ID (AMDEVICEID#device_id:)
Target (U): Schema Title: Protected Resource Name Data Description: Configured Name of Protected Resource
SubTarget (Y): Schema Title: Protected Resource URL Data Description: Protected Resource URL
Text1 (S): Schema Title: User Identifier Data Description: User DN
Text2 (T): Schema Title: Authentication Identifier Data Description: IDP Session ID (AMAUTHID#auth_id:)
Text3 (F): Schema Title: Event Identifier Data Description: Event Tracking Identifier
Value1 (1): Schema Title: Source IP Address Data Description: User IP address (numeric format – host order)
Group (G): 0
Data Length (X): 0
Data (D): null
This event is generated when you select the URL Not Found option on the Novell Audit page of an Access Gateway.
Description: Access Gateway: URL Not Found
In the Event list (Auditing and Logging > Logging Server Options > [Name of Novell Audit Secure Logging Server] > Novell Access Manager > Events), this column is called Event Name.
In a query, this column is called EventID.
Event ID: 0x002e0508
Originator (B): Schema Title: Originator Data Description: JCC Device ID (AMDEVICEID#device_id:)
Target (U): null
SubTarget (Y): Schema Title: Protected Resource URL Data Description: Protected Resource URL
Text1 (S): Schema Title: User Identifier Data Description: User DN
Text2 (T): Schema Title: Authentication Identifier Data Description: IDP Session ID (AMAUTHID#auth_id:)
Text3 (F): Schema Title: Event Identifier Data Description: Event Tracking Identifier
Value1 (1): Schema Title: Source IP Address Data Description: User IP address (numeric format – host order)
Group (G): 0
Data Length (X): 0
Data (D): null
This event is generated when you select the System Started option on the Novell Audit page of an Access Gateway.
Description: Access Gateway: System Started
In the Event list (Auditing and Logging > Logging Server Options > [Name of Novell Audit Secure Logging Server] > Novell Access Manager > Events), this column is called Event Name.
In a query, this column is called EventID.
Event ID: 0x002e0509
Originator (B): Schema Title: Originator Data Description: JCC Device ID (AMDEVICEID#device_id:)
Target (U): null
SubTarget (Y): null
Text1 (S): null
Text2 (T): null
Text3 (F): null
Value1 (1): 0
Group (G): 0
Data Length (X): 0
Data (D): null
This event is generated when you select the System Shutdown option on the Novell Audit page of an Access Gateway.
Description: Access Gateway: System Shutdown
In the Event list (Auditing and Logging > Logging Server Options > [Name of Novell Audit Secure Logging Server] > Novell Access Manager > Events), this column is called Event Name.
In a query, this column is called EventID.
Event ID: 0x002e050a
Originator (B): Schema Title: Originator Data Description: JCC Device ID (AMDEVICEID#device_id:)
Target (U): null
SubTarget (Y): null
Text1 (S): null
Text2 (T): null
Text3 (F): null
Value1 (1): 0
Group (G): 0
Data Length (X): 0
Data (D): null
This event is generated when you select the Identity Injection Parameters option on the Novell Audit page of an Access Gateway.
Description: Access Gateway: Identity Injection Parameters
In the Event list (Auditing and Logging > Logging Server Options > [Name of Novell Audit Secure Logging Server] > Novell Access Manager > Events), this column is called Event Name.
In a query, this column is called EventID.
Event ID: 0x002e050c
Originator (B): Schema Title: Originator Data Description: JCC Device ID (AMDEVICEID#device_id:)
Target (U): null
SubTarget (Y): Schema Title: Protected Resource URL Data Description: Protected Resource URL
Text1 (S): Schema Title: User Identifier Data Description: User DN
Text2 (T): Schema Title: Authentication Identifier Data Description: IDP Session ID (AMAUTHID#auth_id:)
Text3 (F): Schema Title: Event Identifier Data Description: Event Tracking Identifier
Value1 (1): Schema Title: Injection Location Data Description: 2710 – Auth Header 2720 – Custom Header 2730 – Query Parameters
Group (G): 0
Data Length (X): 0
Data (D): null
This event is generated when you select the Identity Injection Failed option on the Novell Audit page of an Access Gateway.
Description: Access Gateway: Identity Injection Failed
In the Event list (Auditing and Logging > Logging Server Options > [Name of Novell Audit Secure Logging Server] > Novell Access Manager > Events), this column is called Event Name.
In a query, this column is called EventID.
Event ID: 0x002e050d
Originator (B): Schema Title: Originator Data Description: JCC Device ID (AMDEVICEID#device_id:)
Target (U): null
SubTarget (Y): Schema Title: Protected Resource URL Data Description: Protected Resource URL
Text1 (S): Schema Title: User Identifier Data Description: User DN
Text2 (T): Schema Title: Authentication Identifier Data Description: IDP Session ID (AMAUTHID#auth_id:)
Text3 (F): Schema Title: Event Identifier Data Description: Event Tracking Identifier
Value1 (1): Schema Title: Injection Location Data Description: 2710 – Auth Header 2720 – Custom Header 2730 – Query Parameters
Group (G): 0
Data Length (X): 0
Data (D): null
This event is generated when you select the Form Fill Success option on the Novell Audit page of an Access Gateway.
Description: Access Gateway: Form Fill Authentication
In the Event list (Auditing and Logging > Logging Server Options > [Name of Novell Audit Secure Logging Server] > Novell Access Manager > Events), this column is called Event Name.
In a query, this column is called EventID.
Event ID: 0x002e050e
Originator (B): Schema Title: Originator Data Description: JCC Device ID (AMDEVICEID#device_id:)
Target (U): Schema Title: Protected Resource Name Data Description: Configured name of protected resource
SubTarget (Y): Schema Title: Protected Resource URL Data Description: Protected Resource URL
Text1 (S): Schema Title: User Identifier Data Description: User DN
Text2 (T): Schema Title: Authentication Identifier Data Description: IDP Session ID (AMAUTHID#auth_id:)
Text3 (F): Schema Title: Event Identifier Data Description: Event Tracking Identifier
Value1 (1): 0
Group (G): 0
Data Length (X): 0
Data (D): null
This event is generated when you select the Form Fill Failed option on the Novell Audit page of an Access Gateway.
Description: Access Gateway: Form Fill Authentication Failed
In the Event list (Auditing and Logging > Logging Server Options > [Name of Novell Audit Secure Logging Server] > Novell Access Manager > Events), this column is called Event Name.
In a query, this column is called EventID.
Event ID: 0x002e050f
Originator (B): Schema Title: Originator Data Description: JCC Device ID (AMDEVICEID#device_id:)
Target (U): Schema Title: Protected Resource Name Data Description: Configured name of protected resource
SubTarget (Y): Schema Title: Protected Resource URL Data Description: Protected Resource URL
Text1 (S): Schema Title: User Identifier Data Description: User DN
Text2 (T): Schema Title: Authentication Identifier Data Description: IDP Session ID (AMAUTHID#auth_id:)
Text3 (F): Schema Title: Event Identifier Data Description: Event Tracking Identifier
Value1 (1): 0
Group (G): 0
Data Length (X): 0
Data (D): null
This event is generated when you select the URL Accessed option on the Novell Audit page of an Access Gateway.
Description: Access Gateway: URL Accessed
In the Event list (Auditing and Logging > Logging Server Options > [Name of Novell Audit Secure Logging Server] > Novell Access Manager > Events), this column is called Event Name.
In a query, this column is called EventID.
Event ID: 0x002e0512
Originator (B): Schema Title: Originator Data Description: JCC Device ID (AMDEVICEID#device_id:)
Target (U): null
SubTarget (Y): Schema Title: Protected Resource URL Data Description: Protected Resource URL
Text1 (S): Schema Title: User Identifier Data Description: User DN
Text2 (T): Schema Title: Authentication Identifier Data Description: IDP Session ID (AMAUTHID#auth_id:)
Text3 (F): Schema Title: Event Identifier Data Description: Event Tracking Identifier
Value1 (1): Schema Title: Source IP Address Data Description: User IP address (numeric format – host order)
Group (G): 0
Data Length (X): 0
Data (D): null
This event is generated when you select the IP Access Attempted option on the Novell Audit page of an Access Gateway.
Description: Access Gateway: IP Access Attempted
In the Event list (Auditing and Logging > Logging Server Options > [Name of Novell Audit Secure Logging Server] > Novell Access Manager > Events), this column is called Event Name.
In a query, this column is called EventID.
Event ID: 0x002e0513
Originator (B): Schema Title: Originator Data Description: JCC Device ID (AMDEVICEID#device_id:)
Target (U): null
SubTarget (Y): Schema Title: Protected Resource URL Data Description: Protected Resource URL
Text1 (S): Schema Title: User Identifier Data Description: User DN
Text2 (T): Schema Title: Authentication Identifier Data Description: IDP Session ID (AMAUTHID#auth_id:)
Text3 (F): Schema Title: Event Identifier Data Description: Event Tracking Identifier
Value1 (1): Schema Title: Source IP Address Data Description: User IP address (numeric format – host order)
Group (G): 0
Data Length (X): 0
Data (D): null
This event is generated when you select the IP Access Attempted option on the Novell Audit page of an Access Gateway.
Description: Access Gateway: One of the Web servers is not reachable
In the Event list (Auditing and Logging > Logging Server Options > [Name of Novell Audit Secure Logging Server] > Novell Access Manager > Events), this column is called Event Name.
In a query, this column is called EventID.
Event ID: 0x002e0515
Originator (B): Schema Title: Originator Data Description: JCC Device ID (AMDEVICEID#device_id:)
Target (U): null
SubTarget (Y): null
Text1 (S): WebServer hostname
Text2 (T): null
Text3 (F): null
Value1 (1): WebServer IP Address
Group (G): 0
Data Length (X): 0
Data (D): null
This event is generated when you select the IP Access Attempted option on the Novell Audit page of an Access Gateway.
Description: Access Gateway: All Web servers for a service are down
In the Event list (Auditing and Logging > Logging Server Options > [Name of Novell Audit Secure Logging Server] > Novell Access Manager > Events), this column is called Event Name.
In a query, this column is called EventID.
Event ID: 0x002e0516
Originator (B): Schema Title: Originator Data Description: JCC Device ID (AMDEVICEID#device_id:)
Target (U): null
SubTarget (Y): null
Text1 (S): WebServer Hostname
Text2 (T): null
Text3 (F): null
Value1 (1): WebServer IP address
Group (G): 0
Data Length (X): 0
Data (D): null
This event is generated when you select the Health Changes option on the Access Manager Auditing page.
Description: Management Communication Channel: Health Change
In the Event list (Auditing and Logging > Logging Server Options > [Name of Novell Audit Secure Logging Server] > Novell Access Manager > Events), this column is called Event Name.
In a query, this column is called EventID.
Event ID: 0x002e0601
Originator (B): Schema Title: Originator Data Description: “devmanagement” (AMDEVICEID#devmanagement:)
Target (U): null
SubTarget (Y): null
Text1 (S): Schema Title: Changed Device Data Description: IP address and device type of the changed device
Text2 (T): Schema Title: Old State Data Description: Old State
Text3 (F): Schema Title: New State Data Description: New State
Value1 (1): 0
Group (G): 0
Data Length (X): 0
Data (D): null
This event is generated when you select the Server Imports option on the Access Manager Auditing page.
Description: Management Communication Channel: Device Imported
In the Event list (Auditing and Logging > Logging Server Options > [Name of Novell Audit Secure Logging Server] > Novell Access Manager > Events), this column is called Event Name.
In a query, this column is called EventID.
Event ID: 0x002e0602
Originator (B): Schema Title: Originator Data Description: “devmanagement” (AMDEVICEID#devmanagement:)
Target (U): null
SubTarget (Y): null
Text1 (S): Schema Title: Device Data Description: IP address and device type of the changed device
Text2 (T): blank string
Text3 (F): blank string
Value1 (1): 0
Group (G): 0
Data Length (X): 0
Data (D): null
This event is generated when you select the Server Deletes option on the Access Manager Auditing page.
Description: Management Communication Channel: Device Deleted
In the Event list (Auditing and Logging > Logging Server Options > [Name of Novell Audit Secure Logging Server] > Novell Access Manager > Events), this column is called Event Name.
In a query, this column is called EventID.
Event ID: 0x002e0603
Originator (B): Schema Title: Originator Data Description: “devmanagement” (AMDEVICEID#devmanagement:)
Target (U): null
SubTarget (Y): null
Text1 (S): Schema Title: Device Data Description: IP address and device type of the changed device
Text2 (T): Schema Title: Administrator Data Description: DN of the administrator deleting the device
Text3 (F): blank string
Value1 (1): 0
Group (G): 0
Data Length (X): 0
Data (D): null
This event is generated when you select the Configuration Changes option on the Access Manager Auditing page.
Description: Management Communication Channel: Device Configuration Changed
In the Event list (Auditing and Logging > Logging Server Options > [Name of Novell Audit Secure Logging Server] > Novell Access Manager > Events), this column is called Event Name.
In a query, this column is called EventID.
Event ID: 0x002e0604
Originator (B): Schema Title: Originator Data Description: “devmanagement” (AMDEVICEID#devmanagement:)
Target (U): null
SubTarget (Y): null
Text1 (S): Schema Title: Device Data Description: IP address and device type of the changed device
Text2 (T): Schema Title: Administrator Data Description: DN of the administrator invoking the configuration change
Text3 (F): blank string
Value1 (1): 0
Group (G): 0
Data Length (X): 0
Data (D): null
This event is generated when you enable auditing.
Description: Management Communication Channel: Device Alert
In the Event list (Auditing and Logging > Logging Server Options > [Name of Novell Audit Secure Logging Server] > Novell Access Manager > Events), this column is called Event Name.
In a query, this column is called EventID.
Event ID: 0x002e0605
Originator (B): Schema Title: Originator Data Description: “devmanagement” (AMDEVICEID#devmanagement:)
Target (U): null
SubTarget (Y): null
Text1 (S): Schema Title: Device Data Description: IP address of the device generating the alert
Text2 (T): Schema Title: Alert Message Data Description: alert message string
Text3 (F): blank string
Value1 (1): 0
Group (G): 0
Data Length (X): 0
Data (D): null
This event is generated when you select the Risk-Based Authentication Succeeded option under Novell Audit Logging on the Logging page of an Identity Server configuration.
Description: Risk-Based additional authentication executed successfully for user.
Originator (B): Schema Title: Originator Data Description: JCC Device ID (AMDEVICEID#device_id:)
Target (U): Schema Title: User Identifier Data Description: User DN
SubTarget (Y): Schema Title: Authentication Identifier Description: IDP Session ID (AMAUTHID#auth_id:)
Text1 (S): Schema Title: RiskScore Description: Risk score(number).
Text2 (T): Schema Title: RiskLevel Description: Risk category defined by risk score value.
Text3 (F): Schema Title: Additional authentication class Description: Additional Authentication class name executed as part of risk based authentication.
Value1 (1): 0
Group (G): 0
Data Length (X): 0
Data (D): Schema Title: Client IP Address Description: IP Address of the host from which the authentication succeeded.
This event is generated when you select the Risk-Based Authentication Failed option under Novell Audit Logging on the Logging page of an Identity Server configuration.
Description: Risk-Based authentication failed for user.
Originator (B): Schema Title: Originator Data Description: JCC Device ID (AMDEVICEID#device_id:)
Target (U): Schema Title: User Identifier Data Description: User DN
SubTarget (Y): Schema Title: Authentication Identifier Description: IDP Session ID (AMAUTHID#auth_id:)
Text1 (S): Schema Title: RiskScore Description: Risk score(number).
Text2 (T): Schema Title: RiskLevel Description: Risk category defined by risk score value.
Text3 (F): Schema Title: Additional authentication class Description: Additional Authentication class name executed as part of risk based authentication.
Value1 (1): 0
Group (G): 0
Data Length (X): 0
Data (D): Schema Title: Client IP Address Description: IP Address of the host from which the authentication succeeded.
This event is generated when you select the Risk-Based Authentication Action Invoked option under Novell Audit Logging on the Logging page of an Identity Server configuration.
Description: Risk-Based authentication action for user.
Originator (B): Schema Title: Originator Data Description: JCC Device ID (AMDEVICEID#device_id:)
Target (U): Schema Title: User Identifier Data Description: User DN
SubTarget (Y): Schema Title: Authentication Identifier Description: IDP Session ID (AMAUTHID#auth_id:)
Text1 (S): Schema Title: RiskScore Description: Risk score(number).
Text2 (T): Schema Title: RiskLevel Description: Risk category defined by risk score value.
Text3 (F): Schema Title: Action taken Description: Risk category defined action taken as part of risk based authentication.
Value1 (1): 0
Group (G): 0
Data Length (X): 0
Data (D): Schema Title: Client IP Address Description: IP Address of the host from which the authentication succeeded.