These logs contain information about the system events and actions. The log message is displayed in the format <date> <host> CEF:0|<vendor>|<product>|<version>|<code>|<message>|<severity>|<endpoint>|<event>|<authentication method name>|<template owner>|<tenant name>|<user name>|<uwsgi process id>.
On the server, the Syslog is stored in /var/log/messages.
After you export the logs, you can find the messages file in the \var\log\host\ of the exported logs package.
NOTE:The CEF header information, <vendor> and <product> have been changed to NetIQ and AA respectively. Ensure that any existing CEF integration is familiar with this change.
The Syslogs are classified as follows:
0 - 100: Maintenance
100 - 200: Access
200 - 300: App data
300 - 400: Endpoints
400 - 500: Repositories
500 - 600: Local Users
600 - 700: Repository Users
700 - 800: User templates
800 - 900: Policies
900 - 1000: Licenses
1000 - 1100: Settings
1100 - 1200: Password filter
1201 - 1300: Background logon
1301 - 1400: Events
1401 - 1500: Chains
To monitor the risk related audit logs, see Monitoring Risk Audit Logs.
To configure logs forwarding to a third-party syslog server, see CEF Log Forward Policy.
Code |
Name |
Class |
Severity |
Optional Parameters |
Example |
---|---|---|---|---|---|
1 |
New request |
operational |
1 |
CEF:0|NetIQ|AA|6.3.0.0|1|New request|1| |
|
2 |
Request failed |
operational |
1 |
CEF:0|NetIQ|AA|6.3.0.0|2|Request failed|1| |
|
10 |
Server started |
operational |
4 |
CEF:0|NetIQ|AA|6.3.0.0|10|Server started|4| |
|
12 |
Server stopped |
operational |
7 |
CEF:0|NetIQ|AA|6.3.0.0|12|Server stopped|7| |
|
13 |
Server unexpectedly stopped |
operational |
10 |
CEF:0|NetIQ|AA|6.3.0.0|13|Server unexpectedly stopped|10| |
|
50 |
Message |
operational |
5 |
msg |
CEF:0|NetIQ|AA|6.3.0.0|50|Message|5|msg=Failed |
100 |
User logon started |
security |
4 |
user_name, ep, ep_addr, session_id, unit_id, session_id, event, method_name, tenant_name |
CEF:0|NetIQ|AA|6.3.0.0|100|User logon started|4|ep=SampleEp ep_addr=10.20.22.23 event=Portal method_name=SMARTPHONE:1 session_id=G861nae15NAVC4JoxkTkNYNlGgpRpd7W tenant_name=TOP unit_id=PSlpIe12Jn30JpXLSzXWfKRzwLpHV2nu user_name=LOCAL\ADMIN |
101 |
User was successfully logged on |
security |
7 |
user_name, ep, ep_addr, session_id, method_name, method_comment, method_info, event, tenant_name, template_owner, chain_name |
CEF:0|NetIQ|AA|6.3.0.0|101|User was successfully logged on|7|chain_name=Password Only ep=SampleEp ep_addr=10.20.22.23 event=Portal method_comment=comment method_info=shared-authenticator-used method_name=SMARTPHONE:1 session_id=G861nae15NAVC4JoxkTkNYNlGgpRpd7W template_owner=LOCAL\USER1 tenant_name=TOP user_name=LOCAL\ADMIN |
102 |
User was failed to authenticate |
security |
9 |
user_name, ep, ep_addr, session_id, method_name, tenant_name, template_owner |
CEF:0|NetIQ|AA|6.3.0.0|102|User was failed to authenticate|9|ep=SampleEp ep_addr=10.20.22.23 method_name=SMARTPHONE:1 session_id=G861nae15NAVC4JoxkTkNYNlGgpRpd7W template_owner=LOCAL\USER1 tenant_name=TOP user_name=LOCAL\ADMIN |
103 |
User was switched to different method |
security |
2 |
user_name, ep, ep_addr, session_id, old_method_name, new_method_name, tenant_name |
CEF:0|NetIQ|AA|6.3.0.0|103|User was switched to different method|2|ep=SampleEp ep_addr=10.20.22.23 new_method_name=LDAP_PASSWORD:1 old_method_name=PASSWORD:1 session_id=G861nae15NAVC4JoxkTkNYNlGgpRpd7W tenant_name=TOP user_name=LOCAL\ADMIN |
104 |
User logon session was ended |
security |
2 |
user_name, ep, ep_addr, session_id, tenant_name |
CEF:0|NetIQ|AA|6.3.0.0|104|User logon session was ended|2|ep=SampleEp ep_addr=10.20.22.23 session_id=G861nae15NAVC4JoxkTkNYNlGgpRpd7W tenant_name=TOP user_name=LOCAL\ADMIN |
105 |
User cancelled the logon |
security |
9 |
user_name, ep, ep_addr, method_name, session_id, tenant_name |
CEF:0|NetIQ|AA|6.3.0.0|105|User cancelled the logon|9|ep=SampleEp ep_addr=10.20.22.23 method_name=SMARTPHONE:1 session_id=G861nae15NAVC4JoxkTkNYNlGgpRpd7W tenant_name=TOP user_name=LOCAL\ADMIN |
106 |
User was failed to authenticate method in the middle of a chain |
security |
2 |
user_name, ep, ep_addr, session_id, method_name, tenant_name |
CEF:0|NetIQ|AA|6.3.0.0|106|User was failed to authenticate method in the middle of a chain|2|ep=SampleEp ep_addr=10.20.22.23 method_name=SMARTPHONE:1 session_id=G861nae15NAVC4JoxkTkNYNlGgpRpd7W tenant_name=TOP user_name=LOCAL\ADMIN |
200 |
User read data |
security |
3 |
user_name, ep, ep_addr, session_id, data_id, record_id, tenant_name |
CEF:0|NetIQ|AA|6.3.0.0|200|User read data|3|data_id=fLQJRq4WBDk8znNXp9Hh93W373oGA930 ep=SampleEp ep_addr=10.20.22.23 record_id=WtxZyc6bynIFdKOw02FgmCQUAEcFuua0 session_id=G861nae15NAVC4JoxkTkNYNlGgpRpd7W tenant_name=TOP user_name=LOCAL\ADMIN |
201 |
User write data |
security |
4 |
user_name, ep, ep_addr, session_id, data_id, record_id, tenant_name |
CEF:0|NetIQ|AA|6.3.0.0|201|User write data|4|data_id=fLQJRq4WBDk8znNXp9Hh93W373oGA930 ep=SampleEp ep_addr=10.20.22.23 record_id=WtxZyc6bynIFdKOw02FgmCQUAEcFuua0 session_id=G861nae15NAVC4JoxkTkNYNlGgpRpd7W tenant_name=TOP user_name=LOCAL\ADMIN |
300 |
Endpoint joined |
security |
4 |
ep_name, ep_addr, ep_id, user_name, tenant_name |
CEF:0|NetIQ|AA|6.3.0.0|300|Endpoint joined|4|ep_addr=10.20.22.23 ep_id=F6EP7N0eIqKWjn28zQXi7cQcRNIMuT2m ep_name=SampleEp tenant_name=TOP user_name=LOCAL\ADMIN |
301 |
No rights to join endpoint |
security |
7 |
ep_name, ep_addr, ep_id, user_name, tenant_name |
CEF:0|NetIQ|AA|6.3.0.0|301|No rights to join endpoint|7|ep_addr=10.20.22.23 ep_id=F6EP7N0eIqKWjn28zQXi7cQcRNIMuT2m ep_name=SampleEp tenant_name=TOP user_name=LOCAL\ADMIN |
302 |
Failed to join endpoint |
operational |
7 |
ep_name, ep_addr, ep_id, user_name, reason, tenant_name |
CEF:0|NetIQ|AA|6.3.0.0|302|Failed to join endpoint|7|ep_addr=10.20.22.23 ep_id=F6EP7N0eIqKWjn28zQXi7cQcRNIMuT2m ep_name=SampleEp reason=Failed tenant_name=TOP user_name=LOCAL\ADMIN |
303 |
Endpoint remove |
security |
4 |
ep_name, ep_addr, ep_id, user_name, tenant_name |
CEF:0|NetIQ|AA|6.3.0.0|303|Endpoint remove|4|ep_addr=10.20.22.23 ep_id=F6EP7N0eIqKWjn28zQXi7cQcRNIMuT2m ep_name=SampleEp tenant_name=TOP user_name=LOCAL\ADMIN |
304 |
No rights to remove endpoint |
security |
7 |
ep_name, ep_addr, ep_id, user_name, tenant_name |
CEF:0|NetIQ|AA|6.3.0.0|304|No rights to remove endpoint|7|ep_addr=10.20.22.23 ep_id=F6EP7N0eIqKWjn28zQXi7cQcRNIMuT2m ep_name=SampleEp tenant_name=TOP user_name=LOCAL\ADMIN |
305 |
Failed to remove endpoint |
operational |
7 |
ep_name, ep_addr, ep_id, user_name, reason, tenant_name |
CEF:0|NetIQ|AA|6.3.0.0|305|Failed to remove endpoint|7|ep_addr=10.20.22.23 ep_id=F6EP7N0eIqKWjn28zQXi7cQcRNIMuT2m ep_name=SampleEp reason=Failed tenant_name=TOP user_name=LOCAL\ADMIN |
306 |
Endpoint session started |
operational |
2 |
ep_name, ep_addr, ep_id, tenant_name |
CEF:0|NetIQ|AA|6.3.0.0|306|Endpoint session started|2|ep_addr=10.20.22.23 ep_id=F6EP7N0eIqKWjn28zQXi7cQcRNIMuT2m ep_name=SampleEp tenant_name=TOP |
307 |
Endpoint session ended |
operational |
2 |
ep_name, ep_addr, ep_id, tenant_name |
CEF:0|NetIQ|AA|6.3.0.0|307|Endpoint session ended|2|ep_addr=10.20.22.23 ep_id=F6EP7N0eIqKWjn28zQXi7cQcRNIMuT2m ep_name=SampleEp tenant_name=TOP |
308 |
Invalid endpoint secret |
security |
7 |
ep_name, ep_addr, ep_id, tenant_name |
CEF:0|NetIQ|AA|6.3.0.0|308|Invalid endpoint secret|7|ep_addr=10.20.22.23 ep_id=F6EP7N0eIqKWjn28zQXi7cQcRNIMuT2m ep_name=SampleEp tenant_name=TOP |
309 |
Failed to create endpoint session |
operational |
7 |
ep_name, ep_addr, ep_id, reason, tenant_name |
CEF:0|NetIQ|AA|6.3.0.0|309|Failed to create endpoint session|7|ep_addr=10.20.22.23 ep_id=F6EP7N0eIqKWjn28zQXi7cQcRNIMuT2m ep_name=SampleEp reason=Failed tenant_name=TOP |
310 |
Failed to end endpoint session |
operational |
7 |
ep_name, ep_addr, ep_id, reason, tenant_name |
CEF:0|NetIQ|AA|6.3.0.0|310|Failed to end endpoint session|7|ep_addr=10.20.22.23 ep_id=F6EP7N0eIqKWjn28zQXi7cQcRNIMuT2m ep_name=SampleEp reason=Failed tenant_name=TOP |
311 |
Endpoint changed |
security |
4 |
ep_name, ep_addr, ep_id, user_name, tenant_name |
CEF:0|NetIQ|AA|6.3.0.0|311|Endpoint changed|4|ep_addr=10.20.22.23 ep_id=F6EP7N0eIqKWjn28zQXi7cQcRNIMuT2m ep_name=SampleEp tenant_name=TOP user_name=LOCAL\ADMIN |
312 |
Failed to change endpoint |
operational |
7 |
ep_name, ep_addr, ep_id, user_name, reason, tenant_name |
CEF:0|NetIQ|AA|6.3.0.0|312|Failed to change endpoint|7|ep_addr=10.20.22.23 ep_id=F6EP7N0eIqKWjn28zQXi7cQcRNIMuT2m ep_name=SampleEp reason=Failed tenant_name=TOP user_name=LOCAL\ADMIN |
401 |
New repository was added |
operational |
4 |
repo_name, repo_type, session_id, user_name, tenant_name |
CEF:0|NetIQ|AA|6.3.0.0|401|New repository was added|4|repo_name=LOCAL repo_type=LDAP session_id=G861nae15NAVC4JoxkTkNYNlGgpRpd7W tenant_name=TOP user_name=LOCAL\ADMIN |
402 |
Failed to add repository |
operational |
7 |
repo_name, repo_type, session_id, reason, user_name, tenant_name |
CEF:0|NetIQ|AA|6.3.0.0|402|Failed to add repository|7|reason=Failed repo_name=LOCAL repo_type=LDAP session_id=G861nae15NAVC4JoxkTkNYNlGgpRpd7W tenant_name=TOP user_name=LOCAL\ADMIN |
403 |
Repository was removed |
operational |
4 |
repo_name, repo_type, session_id, user_name, tenant_name |
CEF:0|NetIQ|AA|6.3.0.0|403|Repository was removed|4|repo_name=LOCAL repo_type=LDAP session_id=G861nae15NAVC4JoxkTkNYNlGgpRpd7W tenant_name=TOP user_name=LOCAL\ADMIN |
404 |
Failed to remove repository |
operational |
7 |
repo_name, repo_type, session_id, reason, user_name, tenant_name |
CEF:0|NetIQ|AA|6.3.0.0|404|Failed to remove repository|7|reason=Failed repo_name=LOCAL repo_type=LDAP session_id=G861nae15NAVC4JoxkTkNYNlGgpRpd7W tenant_name=TOP user_name=LOCAL\ADMIN |
405 |
Repository configuration was changed |
operational |
4 |
repo_name, repo_type, session_id, reason, user_name, tenant_name |
CEF:0|NetIQ|AA|6.3.0.0|405|Repository configuration was changed|4|reason=Failed repo_name=LOCAL repo_type=LDAP session_id=G861nae15NAVC4JoxkTkNYNlGgpRpd7W tenant_name=TOP user_name=LOCAL\ADMIN |
501 |
Local user was created |
operational |
4 |
user_name, target_user_name, session_id, tenant_name |
CEF:0|NetIQ|AA|6.3.0.0|501|Local user was created|4|session_id=G861nae15NAVC4JoxkTkNYNlGgpRpd7W target_user_name=LOCAL\USER2 tenant_name=TOP user_name=LOCAL\ADMIN |
502 |
Local user was removed |
operational |
5 |
user_name, target_user_name, session_id, tenant_name |
CEF:0|NetIQ|AA|6.3.0.0|502|Local user was removed|5|session_id=G861nae15NAVC4JoxkTkNYNlGgpRpd7W target_user_name=LOCAL\USER2 tenant_name=TOP user_name=LOCAL\ADMIN |
503 |
Failed to create local user |
operational |
4 |
user_name, target_user_name, session_id, reason, tenant_name |
CEF:0|NetIQ|AA|6.3.0.0|503|Failed to create local user|4|reason=Failed session_id=G861nae15NAVC4JoxkTkNYNlGgpRpd7W target_user_name=LOCAL\USER2 tenant_name=TOP user_name=LOCAL\ADMIN |
504 |
No rights to remove local user |
security |
7 |
user_name, session_id, tenant_name |
CEF:0|NetIQ|AA|6.3.0.0|504|No rights to remove local user|7|session_id=G861nae15NAVC4JoxkTkNYNlGgpRpd7W tenant_name=TOP user_name=LOCAL\ADMIN |
505 |
Failed to remove local user |
operational |
5 |
user_name, session_id, reason, tenant_name |
CEF:0|NetIQ|AA|6.3.0.0|505|Failed to remove local user|5|reason=Failed session_id=G861nae15NAVC4JoxkTkNYNlGgpRpd7W tenant_name=TOP user_name=LOCAL\ADMIN |
506 |
No rights to create local user |
security |
7 |
user_name, session_id, tenant_name |
CEF:0|NetIQ|AA|6.3.0.0|506|No rights to create local user|7|session_id=G861nae15NAVC4JoxkTkNYNlGgpRpd7W tenant_name=TOP user_name=LOCAL\ADMIN |
601 |
User was created |
operational |
4 |
user_name, session_id, repo_name, tenant_name |
CEF:0|NetIQ|AA|6.3.0.0|601|User was created|4|repo_name=LOCAL session_id=G861nae15NAVC4JoxkTkNYNlGgpRpd7W tenant_name=TOP user_name=LOCAL\ADMIN |
602 |
No rights to create user |
security |
7 |
user_name, session_id, repo_name, tenant_name |
CEF:0|NetIQ|AA|6.3.0.0|602|No rights to create user|7|repo_name=LOCAL session_id=G861nae15NAVC4JoxkTkNYNlGgpRpd7W tenant_name=TOP user_name=LOCAL\ADMIN |
603 |
Failed to create user |
operational |
4 |
user_name, session_id, repo_name, reason, tenant_name |
CEF:0|NetIQ|AA|6.3.0.0|603|Failed to create user|4|reason=Failed repo_name=LOCAL session_id=G861nae15NAVC4JoxkTkNYNlGgpRpd7W tenant_name=TOP user_name=LOCAL\ADMIN |
604 |
User was removed |
operational |
5 |
user_name, target_user_name, session_id, repo_name, tenant_name |
CEF:0|NetIQ|AA|6.3.0.0|604|User was removed|5|repo_name=LOCAL session_id=G861nae15NAVC4JoxkTkNYNlGgpRpd7W target_user_name=LOCAL\USER2 tenant_name=TOP user_name=LOCAL\ADMIN |
605 |
No rights to remove user |
security |
7 |
user_name, session_id, repo_name, tenant_name |
CEF:0|NetIQ|AA|6.3.0.0|605|No rights to remove user|7|repo_name=LOCAL session_id=G861nae15NAVC4JoxkTkNYNlGgpRpd7W tenant_name=TOP user_name=LOCAL\ADMIN |
606 |
Failed to remove user |
operational |
5 |
user_name, target_user_name, session_id, repo_name, reason, tenant_name |
CEF:0|NetIQ|AA|6.3.0.0|606|Failed to remove user|5|reason=Failed repo_name=LOCAL session_id=G861nae15NAVC4JoxkTkNYNlGgpRpd7W target_user_name=LOCAL\USER2 tenant_name=TOP user_name=LOCAL\ADMIN |
607 |
Role has been granted to user |
security |
7 |
user_name, target_user_name, role_name, session_id, tenant_name |
CEF:0|NetIQ|AA|6.3.0.0|607|Role has been granted to user|7|role_name=ENROLL ADMINS session_id=G861nae15NAVC4JoxkTkNYNlGgpRpd7W target_user_name=LOCAL\USER2 tenant_name=TOP user_name=LOCAL\ADMIN |
608 |
Failed to grant role to user |
security |
8 |
user_name, target_user_name, role_name, session_id, tenant_name |
CEF:0|NetIQ|AA|6.3.0.0|608|Failed to grant role to user|8|role_name=ENROLL ADMINS session_id=G861nae15NAVC4JoxkTkNYNlGgpRpd7W target_user_name=LOCAL\USER2 tenant_name=TOP user_name=LOCAL\ADMIN |
609 |
Role has been revoked from user |
security |
7 |
user_name, target_user_name, role_name, session_id, tenant_name |
CEF:0|NetIQ|AA|6.3.0.0|609|Role has been revoked from user|7|role_name=ENROLL ADMINS session_id=G861nae15NAVC4JoxkTkNYNlGgpRpd7W target_user_name=LOCAL\USER2 tenant_name=TOP user_name=LOCAL\ADMIN |
610 |
Failed to revoke role from user |
security |
8 |
user_name, target_user_name, role_name, session_id, tenant_name |
CEF:0|NetIQ|AA|6.3.0.0|610|Failed to revoke role from user|8|role_name=ENROLL ADMINS session_id=G861nae15NAVC4JoxkTkNYNlGgpRpd7W target_user_name=LOCAL\USER2 tenant_name=TOP user_name=LOCAL\ADMIN |
611 |
User was unlocked |
operational |
7 |
user_name, target_user_name, session_id, repo_name, tenant_name |
CEF:0|NetIQ|AA|6.3.0.0|611|User was unlocked|7|repo_name=LOCAL session_id=G861nae15NAVC4JoxkTkNYNlGgpRpd7W target_user_name=LOCAL\USER2 tenant_name=TOP user_name=LOCAL\ADMIN |
612 |
Failed to unlock user |
operational |
8 |
user_name, target_user_name, session_id, repo_name, reason, tenant_name |
CEF:0|NetIQ|AA|6.3.0.0|612|Failed to unlock user|8|reason=Failed repo_name=LOCAL session_id=G861nae15NAVC4JoxkTkNYNlGgpRpd7W target_user_name=LOCAL\USER2 tenant_name=TOP user_name=LOCAL\ADMIN |
701 |
Template was assigned to the user |
security |
7 |
user_name, session_id, ap_name, comment, tenant_name |
CEF:0|NetIQ|AA|6.3.0.0|701|Template was assigned to the user|7|ap_name=SMARTPHONE:1 comment=Sample session_id=G861nae15NAVC4JoxkTkNYNlGgpRpd7W tenant_name=TOP user_name=LOCAL\ADMIN |
702 |
Template was enrolled for the user |
security |
7 |
user_name, session_id, ap_name, comment, tenant_name |
CEF:0|NetIQ|AA|6.3.0.0|702|Template was enrolled for the user|7|ap_name=SMARTPHONE:1 comment=Sample session_id=G861nae15NAVC4JoxkTkNYNlGgpRpd7W tenant_name=TOP user_name=LOCAL\ADMIN |
703 |
User enroll the assigned template |
security |
7 |
user_name, session_id, ap_name, comment, tenant_name |
CEF:0|NetIQ|AA|6.3.0.0|703|User enroll the assigned template|7|ap_name=SMARTPHONE:1 comment=Sample session_id=G861nae15NAVC4JoxkTkNYNlGgpRpd7W tenant_name=TOP user_name=LOCAL\ADMIN |
704 |
Template was linked |
security |
8 |
user_name, target_user_name, session_id, ap_name, comment, tenant_name, template_owner |
CEF:0|NetIQ|AA|6.3.0.0|704|Template was linked|8|ap_name=SMARTPHONE:1 comment=Sample session_id=G861nae15NAVC4JoxkTkNYNlGgpRpd7W target_user_name=LOCAL\USER2 template_owner=LOCAL\USER1 tenant_name=TOP user_name=LOCAL\ADMIN |
705 |
Failed to assign template to the user |
security |
7 |
user_name, session_id, ap_name, comment, reason, tenant_name |
CEF:0|NetIQ|AA|6.3.0.0|705|Failed to assign template to the user|7|ap_name=SMARTPHONE:1 comment=Sample reason=Failed session_id=G861nae15NAVC4JoxkTkNYNlGgpRpd7W tenant_name=TOP user_name=LOCAL\ADMIN |
706 |
Failed to enroll template for the user |
security |
7 |
user_name, session_id, ap_name, comment, reason, tenant_name |
CEF:0|NetIQ|AA|6.3.0.0|706|Failed to enroll template for the user|7|ap_name=SMARTPHONE:1 comment=Sample reason=Failed session_id=G861nae15NAVC4JoxkTkNYNlGgpRpd7W tenant_name=TOP user_name=LOCAL\ADMIN |
707 |
User can't enroll the assigned template |
security |
7 |
user_name, session_id, ap_name, comment, reason, tenant_name |
CEF:0|NetIQ|AA|6.3.0.0|707|User can't enroll the assigned template|7|ap_name=SMARTPHONE:1 comment=Sample reason=Failed session_id=G861nae15NAVC4JoxkTkNYNlGgpRpd7W tenant_name=TOP user_name=LOCAL\ADMIN |
708 |
Failed to link template |
security |
8 |
user_name, target_user_name, session_id, ap_name, comment, reason, tenant_name, template_owner |
CEF:0|NetIQ|AA|6.3.0.0|708|Failed to link template|8|ap_name=SMARTPHONE:1 comment=Sample reason=Failed session_id=G861nae15NAVC4JoxkTkNYNlGgpRpd7W target_user_name=LOCAL\USER2 template_owner=LOCAL\USER1 tenant_name=TOP user_name=LOCAL\ADMIN |
709 |
Template link was removed |
security |
6 |
user_name, target_user_name, session_id, ap_name, comment, tenant_name, template_owner |
CEF:0|NetIQ|AA|6.3.0.0|709|Template link was removed|6|ap_name=SMARTPHONE:1 comment=Sample session_id=G861nae15NAVC4JoxkTkNYNlGgpRpd7W target_user_name=LOCAL\USER2 template_owner=LOCAL\USER1 tenant_name=TOP user_name=LOCAL\ADMIN |
710 |
Failed to remove template link |
security |
6 |
user_name, target_user_name, session_id, ap_name, comment, reason, tenant_name, template_owner |
CEF:0|NetIQ|AA|6.3.0.0|710|Failed to remove template link|6|ap_name=SMARTPHONE:1 comment=Sample reason=Failed session_id=G861nae15NAVC4JoxkTkNYNlGgpRpd7W target_user_name=LOCAL\USER2 template_owner=LOCAL\USER1 tenant_name=TOP user_name=LOCAL\ADMIN |
711 |
Template was removed |
security |
6 |
user_name, ap_name, comment, session_id, template_owner, target_user_name, tenant_name |
CEF:0|NetIQ|AA|6.3.0.0|711|Template was removed|6|ap_name=SMARTPHONE:1 comment=Sample session_id=G861nae15NAVC4JoxkTkNYNlGgpRpd7W target_user_name=LOCAL\USER2 template_owner=LOCAL\USER1 tenant_name=TOP user_name=LOCAL\ADMIN |
712 |
Failed to remove template |
security |
6 |
user_name, ap_name, comment, session_id, reason, template_owner, target_user_name, tenant_name |
CEF:0|NetIQ|AA|6.3.0.0|712|Failed to remove template|6|ap_name=SMARTPHONE:1 comment=Sample reason=Failed session_id=G861nae15NAVC4JoxkTkNYNlGgpRpd7W target_user_name=LOCAL\USER2 template_owner=LOCAL\USER1 tenant_name=TOP user_name=LOCAL\ADMIN |
713 |
Template was changed |
security |
7 |
user_name, ap_name, comment, session_id, template_owner, tenant_name |
CEF:0|NetIQ|AA|6.3.0.0|713|Template was changed|7|ap_name=SMARTPHONE:1 comment=Sample session_id=G861nae15NAVC4JoxkTkNYNlGgpRpd7W template_owner=LOCAL\USER1 tenant_name=TOP user_name=LOCAL\ADMIN |
714 |
Failed to change template |
security |
6 |
user_name, ap_name, comment, session_id, reason, template_owner, tenant_name |
CEF:0|NetIQ|AA|6.3.0.0|714|Failed to change template|6|ap_name=SMARTPHONE:1 comment=Sample reason=Failed session_id=G861nae15NAVC4JoxkTkNYNlGgpRpd7W template_owner=LOCAL\USER1 tenant_name=TOP user_name=LOCAL\ADMIN |
715 |
Template was changed during logon |
security |
5 |
user_name, ap_name, comment, session_id, tenant_name |
CEF:0|NetIQ|AA|6.3.0.0|715|Template was changed during logon|5|ap_name=SMARTPHONE:1 comment=Sample session_id=G861nae15NAVC4JoxkTkNYNlGgpRpd7W tenant_name=TOP user_name=LOCAL\ADMIN |
801 |
Policy was changed |
security |
7 |
session_id, scope, component_id, user_name, obj_id, obj_name, obj_type, tenant_name |
CEF:0|NetIQ|AA|6.3.0.0|801|Policy was changed|7|component_id=PKIMethod obj_id=G861nae15NAVC4JoxkTkNYNlGgpRpd7D obj_name=testUser obj_type=User scope=global session_id=G861nae15NAVC4JoxkTkNYNlGgpRpd7W tenant_name=TOP user_name=LOCAL\ADMIN |
802 |
No rights to change policy |
security |
8 |
session_id, scope, component_id, user_name, obj_id, obj_name, obj_type, tenant_name |
CEF:0|NetIQ|AA|6.3.0.0|802|No rights to change policy|8|component_id=PKIMethod obj_id=G861nae15NAVC4JoxkTkNYNlGgpRpd7D obj_name=testUser obj_type=User scope=global session_id=G861nae15NAVC4JoxkTkNYNlGgpRpd7W tenant_name=TOP user_name=LOCAL\ADMIN |
803 |
Failed to change policy |
operational |
7 |
session_id, scope, component_id, user_name, obj_id, obj_name, obj_type, tenant_name |
CEF:0|NetIQ|AA|6.3.0.0|803|Failed to change policy|7|component_id=PKIMethod obj_id=G861nae15NAVC4JoxkTkNYNlGgpRpd7D obj_name=testUser obj_type=User scope=global session_id=G861nae15NAVC4JoxkTkNYNlGgpRpd7W tenant_name=TOP user_name=LOCAL\ADMIN |
901 |
New license was added |
operational |
3 |
session_id, license_id, users_count, enabled_features, expire_date |
CEF:0|NetIQ|AA|6.3.0.0|901|New license was added|3|enabled_features=super expire_date=2018/12/12 license_id=kAi22UNwgKJnldwQ30okbPRBduoveSD2 session_id=G861nae15NAVC4JoxkTkNYNlGgpRpd7W users_count=42 |
902 |
Failed to add license |
operational |
8 |
session_id, license_id, users_count, enabled_features, expire_date, reason |
CEF:0|NetIQ|AA|6.3.0.0|902|Failed to add license|8|enabled_features=super expire_date=2018/12/12 license_id=kAi22UNwgKJnldwQ30okbPRBduoveSD2 reason=Failed session_id=G861nae15NAVC4JoxkTkNYNlGgpRpd7W users_count=42 |
1001 |
Global setting was changed |
security |
9 |
session_id, setting_name |
CEF:0|NetIQ|AA|6.3.0.0|1001|Global setting was changed|9|session_id=G861nae15NAVC4JoxkTkNYNlGgpRpd7W setting_name=HTTPSCert |
1002 |
No rights to change global setting |
security |
9 |
session_id, setting_name |
CEF:0|NetIQ|AA|6.3.0.0|1002|No rights to change global setting|9|session_id=G861nae15NAVC4JoxkTkNYNlGgpRpd7W setting_name=HTTPSCert |
1003 |
Failed to change global setting |
operational |
9 |
session_id, setting_name, reason |
CEF:0|NetIQ|AA|6.3.0.0|1003|Failed to change global setting|9|reason=Failed session_id=G861nae15NAVC4JoxkTkNYNlGgpRpd7W setting_name=HTTPSCert |
1101 |
Password was changed |
security |
5 |
user_name, ep, ep_addr, tenant_name |
CEF:0|NetIQ|AA|6.3.0.0|1101|Password was changed|5|ep=SampleEp ep_addr=10.20.22.23 tenant_name=TOP user_name=LOCAL\ADMIN |
1102 |
Password was reset |
security |
8 |
user_name, ep, ep_addr, tenant_name |
CEF:0|NetIQ|AA|6.3.0.0|1102|Password was reset|8|ep=SampleEp ep_addr=10.20.22.23 tenant_name=TOP user_name=LOCAL\ADMIN |
1201 |
User was successfully logged on using local cache |
security |
8 |
user_name, ep, ep_addr, event, chain_name, logon_time, tenant_name |
CEF:0|NetIQ|AA|6.3.0.0|1201|User was successfully logged on using local cache|8|chain_name=Password Only ep=SampleEp ep_addr=10.20.22.23 event=Portal logon_time=2019-05-13 12:05:00 tenant_name=TOP user_name=LOCAL\ADMIN |
1301 |
Event was created sucessfully |
security |
4 |
event, session_id, user_name, tenant_name |
CEF:0|NetIQ|AA|6.3.0.0|1301|Event was created sucessfully|4|event=Portal session_id=G861nae15NAVC4JoxkTkNYNlGgpRpd7W tenant_name=TOP user_name=LOCAL\ADMIN |
1302 |
Failed to create event |
operational |
7 |
event, session_id, reason, user_name, tenant_name |
CEF:0|NetIQ|AA|6.3.0.0|1302|Failed to create event|7|event=Portal reason=Failed session_id=G861nae15NAVC4JoxkTkNYNlGgpRpd7W tenant_name=TOP user_name=LOCAL\ADMIN |
1303 |
Event was changed sucessfully |
security |
4 |
event, session_id, user_name, tenant_name |
CEF:0|NetIQ|AA|6.3.0.0|1303|Event was changed sucessfully|4|event=Portal session_id=G861nae15NAVC4JoxkTkNYNlGgpRpd7W tenant_name=TOP user_name=LOCAL\ADMIN |
1304 |
Failed to change event |
operational |
7 |
event, session_id, reason, user_name, tenant_name |
CEF:0|NetIQ|AA|6.3.0.0|1304|Failed to change event|7|event=Portal reason=Failed session_id=G861nae15NAVC4JoxkTkNYNlGgpRpd7W tenant_name=TOP user_name=LOCAL\ADMIN |
1305 |
Event was removed sucessfully |
security |
4 |
event, session_id, user_name, tenant_name |
CEF:0|NetIQ|AA|6.3.0.0|1305|Event was removed sucessfully|4|event=Portal session_id=G861nae15NAVC4JoxkTkNYNlGgpRpd7W tenant_name=TOP user_name=LOCAL\ADMIN |
1306 |
Failed to remove event |
operational |
7 |
event, session_id, reason, user_name, tenant_name |
CEF:0|NetIQ|AA|6.3.0.0|1306|Failed to remove event|7|event=Portal reason=Failed session_id=G861nae15NAVC4JoxkTkNYNlGgpRpd7W tenant_name=TOP user_name=LOCAL\ADMIN |
1401 |
Chain was created successfully |
security |
4 |
chain_name, session_id, user_name, tenant_name |
CEF:0|NetIQ|AA|6.3.0.0|1401|Chain was created successfully|4|chain_name=Password Only session_id=G861nae15NAVC4JoxkTkNYNlGgpRpd7W tenant_name=TOP user_name=LOCAL\ADMIN |
1402 |
Failed to create chain |
operational |
7 |
chain_name, session_id, reason, user_name, tenant_name |
CEF:0|NetIQ|AA|6.3.0.0|1402|Failed to create chain|7|chain_name=Password Only reason=Failed session_id=G861nae15NAVC4JoxkTkNYNlGgpRpd7W tenant_name=TOP user_name=LOCAL\ADMIN |
1403 |
Chain was changed sucessfully |
security |
4 |
chain_name, session_id, user_name, tenant_name |
CEF:0|NetIQ|AA|6.3.0.0|1403|Chain was changed sucessfully|4|chain_name=Password Only session_id=G861nae15NAVC4JoxkTkNYNlGgpRpd7W tenant_name=TOP user_name=LOCAL\ADMIN |
1404 |
Failed to change chain |
operational |
7 |
chain_name, session_id, reason, user_name, tenant_name |
CEF:0|NetIQ|AA|6.3.0.0|1404|Failed to change chain|7|chain_name=Password Only reason=Failed session_id=G861nae15NAVC4JoxkTkNYNlGgpRpd7W tenant_name=TOP user_name=LOCAL\ADMIN |
1405 |
Chain was removed sucessfully |
security |
4 |
chain_name, session_id, user_name, tenant_name |
CEF:0|NetIQ|AA|6.3.0.0|1405|Chain was removed sucessfully|4|chain_name=Password Only session_id=G861nae15NAVC4JoxkTkNYNlGgpRpd7W tenant_name=TOP user_name=LOCAL\ADMIN |
1406 |
Failed to remove chain |
operational |
7 |
chain_name, session_id, reason, user_name, tenant_name |
CEF:0|NetIQ|AA|6.3.0.0|1406|Failed to remove chain|7|chain_name=Password Only reason=Failed session_id=G861nae15NAVC4JoxkTkNYNlGgpRpd7W tenant_name=TOP user_name=LOCAL\ADMIN |