These logs contain information about the system events and actions. The log message is displayed in the format:
<PRI>VERSION TIMESTAMP HOSTNAME APP-NAME PROCID MSGID STRUCTURED-DATA CEF:Version|Device Vendor|Device Product|Device Version|Device Event Class ID|Name|Severity|[Extension]
On the server, the Syslog is stored in /var/log/messages.
After you export the logs, you can find the messages file in the \var\log\host\ of the exported logs packages.
NOTE:Previous versions of Advanced Authentication were not aligned to the standards of CEF. CEF Name, Severity and Extension have been changed to conform to the standard. New logs are available when you enable ArcSight CEF standard in Policies > CEF log forward. Disabling this policy allows you to use older versions of CEF. Ensure that any existing CEF integration is familiar with this change.
The CEF extensions are mapped as follows:
ArcSight CEF Field |
Advanced Authentication Event Field |
Field Type |
---|---|---|
dvc |
device address |
Required |
dvchost |
device host name |
Required |
dvcpid |
device process id |
Required |
dtz |
device time zone |
Required |
rt |
device receipt time |
Required |
cs flexString |
custom string- Depends on the event |
Optional |
deviceCustomDate1 |
custom date - Depends on the event |
Optional |
deviceExternalId |
endpoint id |
Optional |
duser |
destination user name |
Optional |
externalId |
session id |
Optional |
oldFileId |
Depends on the event |
Optional |
outcome |
Display the outcome, ‘success’ or ‘failure’ |
Optional |
reason |
The reason an audit event was generated |
Optional |
sourceServiceName |
endpoint name |
Optional |
src |
endpoint address |
Optional |
suser |
source user name |
Optional |
For more information about Syslog rules, see The Syslog Protocol.
For more information about CEF rules, see Implement ArcSight Common Event Format (CEF) -Version 26.
The Syslogs are classified as follows:
0 - 99: Maintenance
100 - 199: Access
200 - 299: App data
300 - 399: Endpoints
400 - 499: Repositories
500 - 599: Local Users
600 - 699: Repository Users
700 - 799: User templates
800 - 899: Policies
900 - 999: Licenses
1000 - 1099: Settings
1100 - 1199: Password filter
1200 - 1299: Cached logon
1300 - 1399: Events
1400 - 1499: Chains
1500 - 1599: Identity validations
To monitor the risk related audit logs, see Monitoring Risk Audit Logs.
Code |
Name |
Class |
Severity |
Optional Parameters |
Example |
---|---|---|---|---|---|
2 |
Request failed |
operational |
4 |
duser, externalId, outcome, reason |
CEF:0|NetIQ|AA|6.4.1.0|2|Request failed|4|duser=LOCAL\USER externalId=G861nae15NAVC4JoxkTkNYNlGgpRpd7W outcome=failure reason=request fail dvc=127.0.0.1 dvchost=dev-comp dvcpid=21 dtz=UTC rt=1660662337275 |
10 |
Server started |
operational |
4 |
CEF:0|NetIQ|AA|6.4.1.0|10|Server started|4|dvc=127.0.0.1 dvchost=dev-comp dvcpid=21 dtz=UTC rt=1660662337275 |
|
12 |
Server stopped |
operational |
7 |
CEF:0|NetIQ|AA|6.4.1.0|12|Server stopped|7|dvc=127.0.0.1 dvchost=dev-comp dvcpid=21 dtz=UTC rt=1660662337275 |
|
13 |
Server unexpectedly stopped |
operational |
9 |
CEF:0|NetIQ|AA|6.4.1.0|13|Server unexpectedly stopped|9|dvc=127.0.0.1 dvchost=dev-comp dvcpid=21 dtz=UTC rt=1660662337275 |
|
50 |
Server Message |
operational |
4 |
outcome, reason |
CEF:0|NetIQ|AA|6.4.1.0|50|Server Message|4|reason=unknown event 125 dvc=127.0.0.1 dvchost=dev-comp dvcpid=21 dtz=UTC rt=1660662337275 |
100 |
User logon started |
security |
1 |
cs1(tenant_id), cs2(tenant_name), cs3(method_id), cs4(event_name), cs5(unit_id), duser, externalId, sourceServiceName, src |
CEF:0|NetIQ|AA|6.4.1.0|100|User logon started|1|cs1=def0def0def0def0def0def0def0def0 cs1Label=tenant_id cs2=TOP cs2Label=tenant_name cs3=PASSWORD:1 cs3Label=method_id cs4=AdminUI cs4Label=event_name cs5=PSlpIe12Jn30JpXLSzXWfKRzwLpHV2nu cs5Label=unit_id duser=LOCAL\USER externalId=G861nae15NAVC4JoxkTkNYNlGgpRpd7W sourceServiceName=SampleEp src=10.20.22.23 dvc=127.0.0.1 dvchost=dev-comp dvcpid=21 dtz=UTC rt=1660662337275 |
101 |
User was successfully logged on |
security |
1 |
cs1(tenant_id), cs2(tenant_name), cs3(method_id), cs4(event_name), cs5(template_owner), cs6(chain_name), duser, externalId, flexString1(method_info), outcome, sourceServiceName, src |
CEF:0|NetIQ|AA|6.4.1.0|101|User successfully logged on|1|cs1=def0def0def0def0def0def0def0def0 cs1Label=tenant_id cs2=TOP cs2Label=tenant_name cs3=PASSWORD:1 cs3Label=method_id cs4=AdminUI cs4Label=event_name cs5=LOCAL\USER cs5Label=template_owner cs6=password-chain cs6Label=chain_name duser=LOCAL\USER externalId=G861nae15NAVC4JoxkTkNYNlGgpRpd7W flexString1=shared-authenticator-used flexString1Label=method_info outcome=success sourceServiceName=SampleEp src=10.20.22.23 dvc=127.0.0.1 dvchost=dev-comp dvcpid=21 dtz=UTC rt=1660662337275 |
102 |
User was failed to authenticate |
security |
4 |
cs1(tenant_id), cs2(tenant_name), cs3(method_id), duser, externalId, outcome, reason, sourceServiceName, src |
CEF:0|NetIQ|AA|6.4.1.0|102|User failed to authenticate|4|cs1=def0def0def0def0def0def0def0def0 cs1Label=tenant_id cs2=TOP cs2Label=tenant_name cs3=PASSWORD:1 cs3Label=method_id duser=LOCAL\USER externalId=G861nae15NAVC4JoxkTkNYNlGgpRpd7W outcome=failure reason=PASSWORD_WRONG sourceServiceName=SampleEp src=10.20.22.23 dvc=127.0.0.1 dvchost=dev-comp dvcpid=21 dtz=UTC rt=1660662337275 |
103 |
User was switched logo method |
security |
2 |
cs1(tenant_id), cs2(tenant_name), cs3(method_id), duser, externalId, oldFileId(old_method_id), outcome, sourceServiceName, src |
CEF:0|NetIQ|AA|6.4.1.0|103|User switched logon method|2|cs1=def0def0def0def0def0def0def0def0 cs1Label=tenant_id cs2=TOP cs2Label=tenant_name cs3=SMARTPHONE:1 cs3Label=method_id duser=LOCAL\USER externalId=G861nae15NAVC4JoxkTkNYNlGgpRpd7W oldFileId=PASSWORD:1 outcome=success sourceServiceName=SampleEp src=10.20.22.23 dvc=127.0.0.1 dvchost=dev-comp dvcpid=21 dtz=UTC rt=1660662337275 |
104 |
User logon session ended |
security |
2 |
cs1(tenant_id), cs2(tenant_name), duser, externalId, sourceServiceName, src |
CEF:0|NetIQ|AA|6.4.1.0|104|User logon session ended|2|cs1=def0def0def0def0def0def0def0def0 cs1Label=tenant_id cs2=TOP cs2Label=tenant_name duser=LOCAL\USER externalId=G861nae15NAVC4JoxkTkNYNlGgpRpd7W sourceServiceName=SampleEp src=10.20.22.23 dvc=127.0.0.1 dvchost=dev-comp dvcpid=21 dtz=UTC rt=1660662337275 |
105 |
User cancelled the logon |
security |
7 |
cs1(tenant_id), cs2(tenant_name), cs3(method_id), duser, externalId, sourceServiceName, src |
CEF:0|NetIQ|AA|6.4.1.0|105|User canceled the logon|7|cs1=def0def0def0def0def0def0def0def0 cs1Label=tenant_id cs2=TOP cs2Label=tenant_name cs3=SMARTPHONE:1 cs3Label=method_id duser=LOCAL\USER externalId=G861nae15NAVC4JoxkTkNYNlGgpRpd7W sourceServiceName=SampleEp src=10.20.22.23 dvc=127.0.0.1 dvchost=dev-comp dvcpid=21 dtz=UTC rt=1660662337275 |
106 |
User failed to switch logon method |
security |
4 |
cs1(tenant_id), cs2(tenant_name), cs3(method_id), duser, externalId, outcome, reason, sourceServiceName, src |
CEF:0|NetIQ|AA|6.4.1.0|106|User failed to switch logon method|4|cs1=def0def0def0def0def0def0def0def0 cs1Label=tenant_id cs2=TOP cs2Label=tenant_name cs3=SMARTPHONE:1 cs3Label=method_id duser=LOCAL\USER externalId=G861nae15NAVC4JoxkTkNYNlGgpRpd7W outcome=failure reason=transaction aborted sourceServiceName=SampleEp src=10.20.22.23 dvc=127.0.0.1 dvchost=dev-comp dvcpid=21 dtz=UTC rt=1660662337275 |
107 |
User locked |
security |
7 |
cs1(tenant_id), cs2(tenant_name), cs3(method_id), duser, externalId, reason, sourceServiceName, src |
CEF:0|NetIQ|AA|6.4.1.0|107|User locked|7|cs1=def0def0def0def0def0def0def0def0 cs1Label=tenant_id cs2=TOP cs2Label=tenant_name cs3=SMARTPHONE:1 cs3Label=method_id duser=LOCAL\USER externalId=G861nae15NAVC4JoxkTkNYNlGgpRpd7W sourceServiceName=SampleEp src=10.20.22.23 reason=Too many authentication failures dvc=127.0.0.1 dvchost=dev-comp dvcpid=21 dtz=UTC rt=1660662337275 |
200 |
User read data |
security |
3 |
cs1(tenant_id), cs2(tenant_name), cs3(data_id), cs4(record_id), duser, externalId, sourceServiceName, src |
CEF:0|NetIQ|AA|6.4.1.0|200|User read data|3|cs1=def0def0def0def0def0def0def0def0 cs1Label=tenant_id cs2=TOP cs2Label=tenant_name cs3=OSLogon cs3Label=data_id cs4=WtxZyc6bynIFdKOw02Fgm CQUAEcFuua0 cs4Label=record_id duser=LOCAL\USER externalId=G861nae15NAVC4JoxkTkNYNlGgpRpd7W sourceServiceName=SampleEp src=10.20.22.23 dvc=127.0.0.1 dvchost=dev-comp dvcpid=21 dtz=UTC rt=1660662337275 |
201 |
User wrote data |
security |
4 |
cs1(tenant_id), cs2(tenant_name), cs3(data_id), cs4(record_id), duser, externalId, sourceServiceName, src |
CEF:0|NetIQ|AA|6.4.1.0|201|User wrote data|4|cs1=def0def0def0def0def0def0def0def0 cs1Label=tenant_id cs2=TOP cs2Label=tenant_name cs3=OSLogon cs3Label=data_id cs4=WtxZyc6bynIFdKOw02Fgm CQUAEcFuua0 cs4Label=record_id duser=LOCAL\USER externalId=G861nae15NAVC4JoxkTkNYNlGgpRpd7W sourceServiceName=SampleEp src=10.20.22.23 dvc=127.0.0.1 dvchost=dev-comp dvcpid=21 dtz=UTC rt=1660662337275 |
300 |
Endpoint created |
security |
4 |
cs1(tenant_id), cs2(tenant_name), cs3(endpoint_name), deviceExternalId, duser, outcome, src |
CEF:0|NetIQ|AA|6.4.1.0|300|Endpoint created|4|cs1=def0def0def0def0def0def0def0def0 cs1Label=tenant_id cs2=TOP cs2Label=tenant_name cs3=SampleEp cs3Label=endpoint_name deviceExternalId=F6EP7N0eIqKWjn28zQXi7cQcRNIMuT2m duser=LOCAL\USER outcome=success src=10.20.22.23 dvc=127.0.0.1 dvchost=dev-comp dvcpid=21 dtz=UTC rt=1660662337275 |
301 |
No rights to create endpoint |
security |
7 |
cs1(tenant_id), cs2(tenant_name), cs3(endpoint_name), deviceExternalId, duser, src |
CEF:0|NetIQ|AA|6.4.1.0|301|No rights to create endpoint|7|cs1=def0def0def0def0def0def0def0def0 cs1Label=tenant_id cs2=TOP cs2Label=tenant_name cs3=SampleEp cs3Label=endpoint_name deviceExternalId=F6EP7N0eIqKWjn28zQXi7cQcRNIMuT2m duser=LOCAL\USER src=10.20.22.23 dvc=127.0.0.1 dvchost=dev-comp dvcpid=21 dtz=UTC rt=1660662337275 |
302 |
Failed to create endpoint |
operational |
7 |
cs1(tenant_id), cs2(tenant_name), cs3(endpoint_name), deviceExternalId, duser, outcome, reason, src |
CEF:0|NetIQ|AA|6.4.1.0|302|Failed to create endpoint|7|cs1=def0def0def0def0def0def0def0def0 cs1Label=tenant_id cs2=TOP cs2Label=tenant_name cs3=SampleEp cs3Label=endpoint_name deviceExternalId=F6EP7N0eIqKWjn28zQXi7cQcRNIMuT2m duser=LOCAL\USER outcome=failure reason=transaction aborted src=10.20.22.23 dvc=127.0.0.1 dvchost=dev-comp dvcpid=21 dtz=UTC rt=1660662337275 |
303 |
Endpoint removed |
security |
4 |
cs1(tenant_id), cs2(tenant_name), cs3(endpoint_name), deviceExternalId, duser, outcome, src |
CEF:0|NetIQ|AA|6.4.1.0|303|Endpoint removed|4|cs1=def0def0def0def0def0def0def0def0 cs1Label=tenant_id cs2=TOP cs2Label=tenant_name cs3=SampleEp cs3Label=endpoint_name deviceExternalId=F6EP7N0eIqKWjn28zQXi7cQcRNIMuT2m duser=LOCAL\USER outcome=success src=10.20.22.23 dvc=127.0.0.1 dvchost=dev-comp dvcpid=21 dtz=UTC rt=1660662337275 |
304 |
No rights to remove endpoint |
security |
7 |
cs1(tenant_id), cs2(tenant_name), cs3(endpoint_name), deviceExternalId, duser, src |
CEF:0|NetIQ|AA|6.4.1.0|304|No rights to remove endpoint|7|cs1=def0def0def0def0def0def0def0def0 cs1Label=tenant_id cs2=TOP cs2Label=tenant_name cs3=SampleEp cs3Label=endpoint_name deviceExternalId=F6EP7N0eIqKWjn28zQXi7cQcRNIMuT2m duser=LOCAL\USER src=10.20.22.23 dvc=127.0.0.1 dvchost=dev-comp dvcpid=21 dtz=UTC rt=1660662337275 |
305 |
Failed to remove endpoint |
operational |
7 |
cs1(tenant_id), cs2(tenant_name), cs3(endpoint_name), deviceExternalId, duser, outcome, reason, src |
CEF:0|NetIQ|AA|6.4.1.0|305|Failed to remove endpoint|7|cs1=def0def0def0def0def0def0def0def0 cs1Label=tenant_id cs2=TOP cs2Label=tenant_name cs3=SampleEp cs3Label=endpoint_name deviceExternalId=F6EP7N0eIqKWjn28zQXi7cQcRNIMuT2m duser=LOCAL\USER outcome=failure reason=transaction aborted src=10.20.22.23 dvc=127.0.0.1 dvchost=dev-comp dvcpid=21 dtz=UTC rt=1660662337275 |
306 |
Endpoint session started |
operational |
1 |
cs1(tenant_id), cs2(tenant_name), cs3(endpoint_name), deviceExternalId, outcome, src |
CEF:0|NetIQ|AA|6.4.1.0|306|Endpoint session started|1|cs1=def0def0def0def0def0def0def0def0 cs1Label=tenant_id cs2=TOP cs2Label=tenant_name cs3=SampleEp cs3Label=endpoint_name deviceExternalId=F6EP7N0eIqKWjn28zQXi7cQcRNIMuT2m outcome=success src=10.20.22.23 dvc=127.0.0.1 dvchost=dev-comp dvcpid=21 dtz=UTC rt=1660662337275 |
307 |
Endpoint session ended |
operational |
1 |
cs1(tenant_id), cs2(tenant_name), cs3(endpoint_name), deviceExternalId, outcome, src |
CEF:0|NetIQ|AA|6.4.1.0|307|Endpoint session ended|1|cs1=def0def0def0def0def0def0def0def0 cs1Label=tenant_id cs2=TOP cs2Label=tenant_name cs3=SampleEp cs3Label=endpoint_name deviceExternalId=F6EP7N0eIqKWjn28zQXi7cQcRNIMuT2m outcome=success src=10.20.22.23 dvc=127.0.0.1 dvchost=dev-comp dvcpid=21 dtz=UTC rt=1660662337275 |
308 |
Invalid endpoint session secret |
security |
7 |
cs1(tenant_id), cs2(tenant_name), cs3(endpoint_name), deviceExternalId, src |
CEF:0|NetIQ|AA|6.4.1.0|308|Invalid endpoint session secret|7|cs1=def0def0def0def0def0def0def0def0 cs1Label=tenant_id cs2=TOP cs2Label=tenant_name cs3=SampleEp cs3Label=endpoint_name deviceExternalId=F6EP7N0eIqKWjn28zQXi7cQcRNIMuT2m src=10.20.22.23 dvc=127.0.0.1 dvchost=dev-comp dvcpid=21 dtz=UTC rt=1660662337275 |
309 |
Failed to create endpoint session |
operational |
7 |
cs1(tenant_id), cs2(tenant_name), cs3(endpoint_name), deviceExternalId, outcome, reason, src |
CEF:0|NetIQ|AA|6.4.1.0|309|Failed to create endpoint session|7|cs1=def0def0def0def0def0def0def0def0 cs1Label=tenant_id cs2=TOP cs2Label=tenant_name cs3=SampleEp cs3Label=endpoint_name deviceExternalId=F6EP7N0eIqKWjn28zQXi7cQcRNIMuT2m outcome=failure reason=transaction aborted src=10.20.22.23 dvc=127.0.0.1 dvchost=dev-comp dvcpid=21 dtz=UTC rt=1660662337275 |
310 |
Failed to end endpoint session |
operational |
7 |
cs1(tenant_id), cs2(tenant_name), cs3(endpoint_name), deviceExternalId, outcome, reason, src |
CEF:0|NetIQ|AA|6.4.1.0|310|Failed to end endpoint session|7|cs1=def0def0def0def0def0def0def0def0 cs1Label=tenant_id cs2=TOP cs2Label=tenant_name cs3=SampleEp cs3Label=endpoint_name deviceExternalId=F6EP7N0eIqKWjn28zQXi7cQcRNIMuT2m outcome=failure reason=transaction aborted src=10.20.22.23 dvc=127.0.0.1 dvchost=dev-comp dvcpid=21 dtz=UTC rt=1660662337275 |
311 |
Endpoint changed |
security |
4 |
cs1(tenant_id), cs2(tenant_name), cs3(endpoint_name), deviceExternalId, duser, outcome, src |
CEF:0|NetIQ|AA|6.4.1.0|311|Endpoint changed|4|cs1=def0def0def0def0def0def0def0def0 cs1Label=tenant_id cs2=TOP cs2Label=tenant_name cs3=SampleEp cs3Label=endpoint_name deviceExternalId=F6EP7N0eIqKWjn28zQXi7cQcRNIMuT2m duser=LOCAL\USER outcome=success src=10.20.22.23 dvc=127.0.0.1 dvchost=dev-comp dvcpid=21 dtz=UTC rt=1660662337275 |
312 |
Failed to change endpoint |
operational |
7 |
cs1(tenant_id), cs2(tenant_name), cs3(endpoint_name), deviceExternalId, duser, outcome, reason, src |
CEF:0|NetIQ|AA|6.4.1.0|312|Failed to change endpoint|7|cs1=def0def0def0def0def0def0def0def0 cs1Label=tenant_id cs2=TOP cs2Label=tenant_name cs3=SampleEp cs3Label=endpoint_name deviceExternalId=F6EP7N0eIqKWjn28zQXi7cQcRNIMuT2m duser=LOCAL\USER outcome=failure reason=transaction aborted src=10.20.22.23 dvc=127.0.0.1 dvchost=dev-comp dvcpid=21 dtz=UTC rt=1660662337275 |
313 |
Endpoint re-created |
security |
4 |
cs1(tenant_id), cs2(tenant_name), cs3(endpoint_name), deviceExternalId, duser, oldFileId(old_endpoint_id), outcome, src |
CEF:0|NetIQ|AA|6.4.1.0|313|Endpoint re-created|4|cs1=def0def0def0def0def0def0def0def0 cs1Label=tenant_id cs2=TOP cs2Label=tenant_name cs3=SampleEp cs3Label=endpoint_name deviceExternalId=F6EP7N0eIqKWjn28zQXi7cQcRNIMuT2m duser=LOCAL\USER oldFileId=AZXSCViJjJc2bukT3mUkORc0BoJevQ67 outcome=success src=10.20.22.23 dvc=127.0.0.1 dvchost=dev-comp dvcpid=21 dtz=UTC rt=1660662337275 |
314 |
Failed to re-create endpoint |
operational |
7 |
cs1(tenant_id), cs2(tenant_name), cs3(endpoint_name), deviceExternalId, duser, oldFileId(old_endpoint_id), outcome, reason, src |
CEF:0|NetIQ|AA|6.4.1.0|314|Failed to re-create endpoint|7|cs1=def0def0def0def0def0def0def0def0 cs1Label=tenant_id cs2=TOP cs2Label=tenant_name cs3=SampleEp cs3Label=endpoint_name deviceExternalId=F6EP7N0eIqKWjn28zQXi7cQcRNIMuT2m duser=LOCAL\USER oldFileId=AZXSCViJjJc2bukT3mUkORc0BoJevQ67 outcome=failure reason=transaction aborted src=10.20.22.23 dvc=127.0.0.1 dvchost=dev-comp dvcpid=21 dtz=UTC rt=1660662337275 |
401 |
Repository created |
operational |
4 |
cs1(tenant_id), cs2(tenant_name), cs3(repo_name), cs4(repo_type), duser, externalId, outcome |
CEF:0|NetIQ|AA|6.4.1.0|401|Repository created|4|cs1=def0def0def0def0def0def0def0def0 cs1Label=tenant_id cs2=TOP cs2Label=tenant_name cs3=LOCAL cs3Label=repo_name cs4=LDAP cs4Label=repo_type duser=LOCAL\USER externalId=G861nae15NAVC4JoxkTkNYNlGgpRpd7W outcome=success dvc=127.0.0.1 dvchost=dev-comp dvcpid=21 dtz=UTC rt=1660662337275 |
402 |
Failed to create repository |
operational |
7 |
cs1(tenant_id), cs2(tenant_name), cs3(repo_name), cs4(repo_type), duser, externalId, outcome, reason |
CEF:0|NetIQ|AA|6.4.1.0|402|Failed to create repository|7|cs1=def0def0def0def0def0def0def0def0 cs1Label=tenant_id cs2=TOP cs2Label=tenant_name cs3=LOCAL cs3Label=repo_name cs4=LDAP cs4Label=repo_type duser=LOCAL\USER externalId=G861nae15NAVC4JoxkTkNYNlGgpRpd7W outcome=failure reason=transaction aborted dvc=127.0.0.1 dvchost=dev-comp dvcpid=21 dtz=UTC rt=1660662337275 |
403 |
Repository removed |
operational |
4 |
cs1(tenant_id), cs2(tenant_name), cs3(repo_name), cs4(repo_type), duser, externalId, outcome |
CEF:0|NetIQ|AA|6.4.1.0|403|Repository removed|4|cs1=def0def0def0def0def0def0def0def0 cs1Label=tenant_id cs2=TOP cs2Label=tenant_name cs3=LOCAL cs3Label=repo_name cs4=LDAP cs4Label=repo_type duser=LOCAL\USER externalId=G861nae15NAVC4JoxkTkNYNlGgpRpd7W outcome=success dvc=127.0.0.1 dvchost=dev-comp dvcpid=21 dtz=UTC rt=1660662337275 |
404 |
Failed to remove repository |
operational |
7 |
cs1(tenant_id), cs2(tenant_name), cs3(repo_name), cs4(repo_type), duser, externalId, outcome, reason |
CEF:0|NetIQ|AA|6.4.1.0|404|Failed to remove repository|7|cs1=def0def0def0def0def0def0def0def0 cs1Label=tenant_id cs2=TOP cs2Label=tenant_name cs3=LOCAL cs3Label=repo_name cs4=LDAP cs4Label=repo_type duser=LOCAL\USER externalId=G861nae15NAVC4JoxkTkNYNlGgpRpd7W outcome=failure reason=transaction aborted dvc=127.0.0.1 dvchost=dev-comp dvcpid=21 dtz=UTC rt=1660662337275 |
405 |
Repository configuration changed |
operational |
4 |
cs1(tenant_id), cs2(tenant_name), cs3(repo_name), cs4(repo_type), duser, externalId, outcome |
CEF:0|NetIQ|AA|6.4.1.0|405|Repository configuration changed|4|cs1=def0def0def0def0def0def0def0def0 cs1Label=tenant_id cs2=TOP cs2Label=tenant_name cs3=LOCAL cs3Label=repo_name cs4=LDAP cs4Label=repo_type duser=LOCAL\USER externalId=G861nae15NAVC4JoxkTkNYNlGgpRpd7W outcome=success dvc=127.0.0.1 dvchost=dev-comp dvcpid=21 dtz=UTC rt=1660662337275 |
406 |
Failed to change repository configuration |
operational |
7 |
cs1(tenant_id), cs2(tenant_name), cs3(repo_name), cs4(repo_type), duser, externalId, outcome, reason |
CEF:0|NetIQ|AA|6.4.1.0|406|Failed to change repository configuration|7|cs1=def0def0def0def0def0def0def0def0 cs1Label=tenant_id cs2=TOP cs2Label=tenant_name cs3=LOCAL cs3Label=repo_name cs4=LDAP cs4Label=repo_type duser=LOCAL\USER externalId=G861nae15NAVC4JoxkTkNYNlGgpRpd7W outcome=failure reason=transaction aborted dvc=127.0.0.1 dvchost=dev-comp dvcpid=21 dtz=UTC rt=1660662337275 |
501 |
Local user created |
operational |
4 |
cs1(tenant_id), cs2(tenant_name), duser, externalId, outcome, suser |
CEF:0|NetIQ|AA|6.4.1.0|501|Local user created|4|cs1=def0def0def0def0def0def0def0def0 cs1Label=tenant_id cs2=TOP cs2Label=tenant_name duser=LOCAL\USER externalId=G861nae15NAVC4JoxkTkNYNlGgpRpd7W outcome=success suser=LOCAL\ADMIN dvc=127.0.0.1 dvchost=dev-comp dvcpid=21 dtz=UTC rt=1660662337275 |
502 |
Local user removed |
operational |
4 |
cs1(tenant_id), cs2(tenant_name), duser, externalId, outcome, suser |
CEF:0|NetIQ|AA|6.4.1.0|502|Local user removed|4|cs1=def0def0def0def0def0def0def0def0 cs1Label=tenant_id cs2=TOP cs2Label=tenant_name duser=LOCAL\USER externalId=G861nae15NAVC4JoxkTkNYNlGgpRpd7W outcome=success suser=LOCAL\ADMIN dvc=127.0.0.1 dvchost=dev-comp dvcpid=21 dtz=UTC rt=1660662337275 |
503 |
Failed to create local user |
operational |
7 |
cs1(tenant_id), cs2(tenant_name), duser, externalId, outcome, reason, suser |
CEF:0|NetIQ|AA|6.4.1.0|503|Failed to create local user|7|cs1=def0def0def0def0def0def0def0def0 cs1Label=tenant_id cs2=TOP cs2Label=tenant_name duser=LOCAL\USER externalId=G861nae15NAVC4JoxkTkNYNlGgpRpd7W outcome=failure reason=transaction aborted suser=LOCAL\ADMIN dvc=127.0.0.1 dvchost=dev-comp dvcpid=21 dtz=UTC rt=1660662337275 |
504 |
No rights to remove local user |
security |
7 |
cs1(tenant_id), cs2(tenant_name), duser, externalId, suser |
CEF:0|NetIQ|AA|6.4.1.0|504|No rights to remove local user|7|cs1=def0def0def0def0def0def0def0def0 cs1Label=tenant_id cs2=TOP cs2Label=tenant_name duser=LOCAL\USER externalId=G861nae15NAVC4JoxkTkNYNlGgpRpd7W suser=LOCAL\ADMIN dvc=127.0.0.1 dvchost=dev-comp dvcpid=21 dtz=UTC rt=1660662337275 |
505 |
Failed to remove local user |
operational |
7 |
cs1(tenant_id), cs2(tenant_name), duser, externalId, outcome, reason, suser |
CEF:0|NetIQ|AA|6.4.1.0|505|Failed to remove local user|7|cs1=def0def0def0def0def0def0def0def0 cs1Label=tenant_id cs2=TOP cs2Label=tenant_name duser=LOCAL\USER externalId=G861nae15NAVC4JoxkTkNYNlGgpRpd7W outcome=failure reason=transaction aborted suser=LOCAL\ADMIN dvc=127.0.0.1 dvchost=dev-comp dvcpid=21 dtz=UTC rt=1660662337275 |
506 |
No rights to create local user |
security |
7 |
cs1(tenant_id), cs2(tenant_name), duser, externalId, suser |
CEF:0|NetIQ|AA|6.4.1.0|506|No rights to create local user|7|cs1=def0def0def0def0def0def0def0def0 cs1Label=tenant_id cs2=TOP cs2Label=tenant_name duser=LOCAL\USER externalId=G861nae15NAVC4JoxkTkNYNlGgpRpd7W suser=LOCAL\ADMIN dvc=127.0.0.1 dvchost=dev-comp dvcpid=21 dtz=UTC rt=1660662337275 |
507 |
Local user changed |
operational |
4 |
cs1(tenant_id), cs2(tenant_name), duser, externalId, outcome, suser |
CEF:0|NetIQ|AA|6.4.1.0|507|Local user changed|4|cs1=def0def0def0def0def0def0def0def0 cs1Label=tenant_id cs2=TOP cs2Label=tenant_name duser=LOCAL\USER externalId=G861nae15NAVC4JoxkTkNYNlGgpRpd7W outcome=success suser=LOCAL\ADMIN dvc=127.0.0.1 dvchost=dev-comp dvcpid=21 dtz=UTC rt=1660662337275 |
508 |
Failed to change local user |
operational |
7 |
cs1(tenant_id), cs2(tenant_name), duser, externalId, outcome, reason, suser |
CEF:0|NetIQ|AA|6.4.1.0|508|Failed to change local user|7|cs1=def0def0def0def0def0def0def0def0 cs1Label=tenant_id cs2=TOP cs2Label=tenant_name duser=LOCAL\USER externalId=G861nae15NAVC4JoxkTkNYNlGgpRpd7W outcome=failure reason=transaction aborted suser=LOCAL\ADMIN dvc=127.0.0.1 dvchost=dev-comp dvcpid=21 dtz=UTC rt=1660662337275 |
601 |
User created |
operational |
4 |
cs1(tenant_id), cs2(tenant_name), cs3(repo_name), duser, externalId, outcome, suser |
CEF:0|NetIQ|AA|6.4.1.0|601|User created|4|cs1=def0def0def0def0def0def0def0def0 cs1Label=tenant_id cs2=TOP cs2Label=tenant_name cs3=LOCAL cs3Label=repo_name duser=LOCAL\USER externalId=G861nae15NAVC4JoxkTkNYNlGgpRpd7W outcome=success suser=LOCAL\ADMIN dvc=127.0.0.1 dvchost=dev-comp dvcpid=21 dtz=UTC rt=1660662337275 |
602 |
No rights to create user |
security |
7 |
cs1(tenant_id), cs2(tenant_name), cs3(repo_name), duser, externalId, suser |
CEF:0|NetIQ|AA|6.4.1.0|602|No rights to create user|7|cs1=def0def0def0def0def0def0def0def0 cs1Label=tenant_id cs2=TOP cs2Label=tenant_name cs3=LOCAL cs3Label=repo_name duser=LOCAL\USER externalId=G861nae15NAVC4JoxkTkNYNlGgpRpd7W suser=LOCAL\ADMIN dvc=127.0.0.1 dvchost=dev-comp dvcpid=21 dtz=UTC rt=1660662337275 |
603 |
Failed to create user |
operational |
7 |
cs1(tenant_id), cs2(tenant_name), cs3(repo_name), duser, externalId, outcome, reason, suser |
CEF:0|NetIQ|AA|6.4.1.0|603|Failed to create user|7|cs1=def0def0def0def0def0def0def0def0 cs1Label=tenant_id cs2=TOP cs2Label=tenant_name cs3=LOCAL cs3Label=repo_name duser=LOCAL\USER externalId=G861nae15NAVC4JoxkTkNYNlGgpRpd7W outcome=failure reason=transaction aborted suser=LOCAL\ADMIN dvc=127.0.0.1 dvchost=dev-comp dvcpid=21 dtz=UTC rt=1660662337275 |
604 |
User removed |
operational |
4 |
cs1(tenant_id), cs2(tenant_name), duser, externalId, outcome, suser |
CEF:0|NetIQ|AA|6.4.1.0|604|User removed|4|cs1=def0def0def0def0def0def0def0def0 cs1Label=tenant_id cs2=TOP cs2Label=tenant_name duser=LOCAL\USER externalId=G861nae15NAVC4JoxkTkNYNlGgpRpd7W outcome=success suser=LOCAL\ADMIN dvc=127.0.0.1 dvchost=dev-comp dvcpid=21 dtz=UTC rt=1660662337275 |
605 |
No rights to remove user |
security |
7 |
cs1(tenant_id), cs2(tenant_name), cs3(repo_name), duser, externalId, suser |
CEF:0|NetIQ|AA|6.4.1.0|605|No rights to remove user|7|cs1=def0def0def0def0def0def0def0def0 cs1Label=tenant_id cs2=TOP cs2Label=tenant_name cs3=LOCAL cs3Label=repo_name duser=LOCAL\USER externalId=G861nae15NAVC4JoxkTkNYNlGgpRpd7W suser=LOCAL\ADMIN dvc=127.0.0.1 dvchost=dev-comp dvcpid=21 dtz=UTC rt=1660662337275 |
606 |
Failed to remove user |
operational |
7 |
cs1(tenant_id), cs2(tenant_name), duser, externalId, outcome, reason, suser |
CEF:0|NetIQ|AA|6.4.1.0|606|Failed to remove user|7|cs1=def0def0def0def0def0def0def0def0 cs1Label=tenant_id cs2=TOP cs2Label=tenant_name duser=LOCAL\USER externalId=G861nae15NAVC4JoxkTkNYNlGgpRpd7W outcome=failure reason=transaction aborted suser=LOCAL\ADMIN dvc=127.0.0.1 dvchost=dev-comp dvcpid=21 dtz=UTC rt=1660662337275 |
607 |
Role granted to user |
security |
4 |
cs1(tenant_id), cs2(tenant_name), cs3(role_name), duser, externalId, outcome, suser |
CEF:0|NetIQ|AA|6.4.1.0|607|Role granted to user|4|cs1=def0def0def0def0def0def0def0def0 cs1Label=tenant_id cs2=TOP cs2Label=tenant_name cs3=ENROLL ADMINS cs3Label=role_name duser=LOCAL\USER externalId=G861nae15NAVC4JoxkTkNYNlGgpRpd7W outcome=success suser=LOCAL\ADMIN dvc=127.0.0.1 dvchost=dev-comp dvcpid=21 dtz=UTC rt=1660662337275 |
608 |
Failed to grant role to user |
security |
7 |
cs1(tenant_id), cs2(tenant_name), cs3(role_name), duser, externalId, outcome, reason, suser |
CEF:0|NetIQ|AA|6.4.1.0|608|Failed to grant role to user|7|cs1=def0def0def0def0def0def0def0def0 cs1Label=tenant_id cs2=TOP cs2Label=tenant_name cs3=ENROLL ADMINS cs3Label=role_name duser=LOCAL\USER externalId=G861nae15NAVC4JoxkTkNYNlGgpRpd7W outcome=failure reason=transaction aborted suser=LOCAL\ADMIN dvc=127.0.0.1 dvchost=dev-comp dvcpid=21 dtz=UTC rt=1660662337275 |
609 |
Role revoked from user |
security |
4 |
cs1(tenant_id), cs2(tenant_name), cs3(role_name), duser, externalId, outcome, suser |
CEF:0|NetIQ|AA|6.4.1.0|609|Role revoked from user|4|cs1=def0def0def0def0def0def0def0def0 cs1Label=tenant_id cs2=TOP cs2Label=tenant_name cs3=ENROLL ADMINS cs3Label=role_name duser=LOCAL\USER externalId=G861nae15NAVC4JoxkTkNYNlGgpRpd7W outcome=success suser=LOCAL\ADMIN dvc=127.0.0.1 dvchost=dev-comp dvcpid=21 dtz=UTC rt=1660662337275 |
610 |
Failed to revoke role from user |
security |
7 |
cs1(tenant_id), cs2(tenant_name), cs3(role_name), duser, externalId, outcome, reason, suser |
CEF:0|NetIQ|AA|6.4.1.0|610|Failed to revoke role from user|7|cs1=def0def0def0def0def0def0def0def0 cs1Label=tenant_id cs2=TOP cs2Label=tenant_name cs3=ENROLL ADMINS cs3Label=role_name duser=LOCAL\USER externalId=G861nae15NAVC4JoxkTkNYNlGgpRpd7W outcome=failure reason=transaction aborted suser=LOCAL\ADMIN dvc=127.0.0.1 dvchost=dev-comp dvcpid=21 dtz=UTC rt=1660662337275 |
611 |
User unlocked |
operational |
4 |
cs1(tenant_id), cs2(tenant_name), duser, externalId, outcome, suser |
CEF:0|NetIQ|AA|6.4.1.0|611|User unlocked|4|cs1=def0def0def0def0def0def0def0def0 cs1Label=tenant_id cs2=TOP cs2Label=tenant_name duser=LOCAL\USER externalId=G861nae15NAVC4JoxkTkNYNlGgpRpd7W outcome=success suser=LOCAL\ADMIN dvc=127.0.0.1 dvchost=dev-comp dvcpid=21 dtz=UTC rt=1660662337275 |
612 |
Failed to unlock user |
operational |
7 |
cs1(tenant_id), cs2(tenant_name), duser, externalId, outcome, reason, suser |
CEF:0|NetIQ|AA|6.4.1.0|612|Failed to unlock user|7|cs1=def0def0def0def0def0def0def0def0 cs1Label=tenant_id cs2=TOP cs2Label=tenant_name duser=LOCAL\USER externalId=G861nae15NAVC4JoxkTkNYNlGgpRpd7W outcome=failure reason=transaction aborted suser=LOCAL\ADMIN dvc=127.0.0.1 dvchost=dev-comp dvcpid=21 dtz=UTC rt=1660662337275 |
701 |
Template was assigned to the user |
security |
4 |
cs1(tenant_id), cs2(tenant_name), cs3(method_id), cs4(template_owner), cs5(comment), duser, externalId, outcome, suser |
CEF:0|NetIQ|AA|6.4.1.0|701|Template was assigned to the user|4|cs1=def0def0def0def0def0def0def0def0 cs1Label=tenant_id cs2=TOP cs2Label=tenant_name cs3=PASSWORD:1 cs3Label=method_id cs4=LOCAL\USER cs4Label=template_owner cs5=Sample cs5Label=comment duser=LOCAL\USER externalId=G861nae15NAVC4JoxkTkNYNlGgpRpd7W suser= LOCAL\ADMIN outcome=success dvc=127.0.0.1 dvchost=dev-comp dvcpid=21 dtz=UTC rt=1660662337275 |
702 |
Template was enrolled for the user |
security |
4 |
cs1(tenant_id), cs2(tenant_name), cs3(method_id), cs4(template_owner), cs5(comment), duser, externalId, outcome, suser |
CEF:0|NetIQ|AA|6.4.1.0|702|Template was enrolled for the user|4|cs1=def0def0def0def0def0def0def0def0 cs1Label=tenant_id cs2=TOP cs2Label=tenant_name cs3=PASSWORD:1 cs3Label=method_id cs4=LOCAL\USER cs4Label=template_owner cs5=Sample cs5Label=comment duser=LOCAL\USER externalId=G861nae15NAVC4JoxkTkNYNlGgpRpd7W suser= LOCAL\ADMIN outcome=success dvc=127.0.0.1 dvchost=dev-comp dvcpid=21 dtz=UTC rt=1660662337275 |
703 |
User enrolled the assigned template |
security |
4 |
cs1(tenant_id), cs2(tenant_name), cs3(method_id), cs4(template_owner), cs5(comment), duser, externalId, outcome, suser |
CEF:0|NetIQ|AA|6.4.1.0|703|User enrolled the assigned template|4|cs1=def0def0def0def0def0def0def0def0 cs1Label=tenant_id cs2=TOP cs2Label=tenant_name cs3=PASSWORD:1 cs3Label=method_id cs4=LOCAL\USER cs4Label=template_owner cs5=Sample cs5Label=comment duser=LOCAL\USER externalId=G861nae15NAVC4JoxkTkNYNlGgpRpd7W suser= LOCAL\ADMIN outcome=success dvc=127.0.0.1 dvchost=dev-comp dvcpid=21 dtz=UTC rt=1660662337275 |
704 |
Template linked |
security |
4 |
cs1(tenant_id), cs2(tenant_name), cs3(method_id), cs4(template_owner), cs5(comment), duser, externalId, outcome, suser |
CEF:0|NetIQ|AA|6.4.1.0|704|Template linked|4|cs1=def0def0def0def0def0def0def0def0 cs1Label=tenant_id cs2=TOP cs2Label=tenant_name cs3=PASSWORD:1 cs3Label=method_id cs4=LOCAL\USER cs4Label=template_owner cs5=Sample cs5Label=comment duser=LOCAL\USER externalId=G861nae15NAVC4JoxkTkNYNlGgpRpd7W suser= LOCAL\ADMIN outcome=success dvc=127.0.0.1 dvchost=dev-comp dvcpid=21 dtz=UTC rt=1660662337275 |
705 |
Failed to assign template to the user |
security |
7 |
cs1(tenant_id), cs2(tenant_name), cs3(method_id), cs4(template_owner), cs5(comment), duser, externalId, outcome, reason, suser |
CEF:0|NetIQ|AA|6.4.1.0|705|Failed to assign template to the user|7|cs1=def0def0def0def0def0def0def0def0 cs1Label=tenant_id cs2=TOP cs2Label=tenant_name cs3=PASSWORD:1 cs3Label=method_id cs4=LOCAL\USER cs4Label=template_owner cs5=Sample cs5Label=comment duser=LOCAL\USER externalId=G861nae15NAVC4JoxkTkNYNlGgpRpd7W suser= LOCAL\ADMIN outcome=failure reason=transaction aborted dvc=127.0.0.1 dvchost=dev-comp dvcpid=21 dtz=UTC rt=1660662337275 |
706 |
Failed to enroll template for the user |
security |
7 |
cs1(tenant_id), cs2(tenant_name), cs3(method_id), cs4(template_owner), cs5(comment), duser, externalId, outcome, reason, suser |
CEF:0|NetIQ|AA|6.4.1.0|706|Failed to enroll template for the user|7|cs1=def0def0def0def0def0def0def0def0 cs1Label=tenant_id cs2=TOP cs2Label=tenant_name cs3=PASSWORD:1 cs3Label=method_id cs4=LOCAL\USER cs4Label=template_owner cs5=Sample cs5Label=comment duser=LOCAL\USER externalId=G861nae15NAVC4JoxkTkNYNlGgpRpd7W suser= LOCAL\ADMIN outcome=failure reason=transaction aborted dvc=127.0.0.1 dvchost=dev-comp dvcpid=21 dtz=UTC rt=1660662337275 |
707 |
User failed to enroll the assigned template |
security |
7 |
cs1(tenant_id), cs2(tenant_name), cs3(method_id), cs4(template_owner), cs5(comment), duser, externalId, outcome, reason, suser |
CEF:0|NetIQ|AA|6.4.1.0|707|User failed to enroll the assigned template|7|cs1=def0def0def0def0def0def0def0def0 cs1Label=tenant_id cs2=TOP cs2Label=tenant_name cs3=PASSWORD:1 cs3Label=method_id cs4=LOCAL\USER cs4Label=template_owner cs5=Sample cs5Label=comment duser=LOCAL\USER externalId=G861nae15NAVC4JoxkTkNYNlGgpRpd7W suser= LOCAL\ADMIN outcome=failure reason=transaction aborted dvc=127.0.0.1 dvchost=dev-comp dvcpid=21 dtz=UTC rt=1660662337275 |
708 |
Failed to link template |
security |
7 |
cs1(tenant_id), cs2(tenant_name), cs3(method_id), cs4(template_owner), cs5(comment), duser, externalId, outcome, reason, suser |
CEF:0|NetIQ|AA|6.4.1.0|708|Failed to link template|7|cs1=def0def0def0def0def0def0def0def0 cs1Label=tenant_id cs2=TOP cs2Label=tenant_name cs3=PASSWORD:1 cs3Label=method_id cs4=LOCAL\USER cs4Label=template_owner cs5=Sample cs5Label=comment duser=LOCAL\USER externalId=G861nae15NAVC4JoxkTkNYNlGgpRpd7W suser= LOCAL\ADMIN outcome=failure reason=transaction aborted dvc=127.0.0.1 dvchost=dev-comp dvcpid=21 dtz=UTC rt=1660662337275 |
709 |
Template link removed |
security |
4 |
cs1(tenant_id), cs2(tenant_name), cs3(method_id), cs4(template_owner), cs5(comment), duser, externalId, outcome, suser |
CEF:0|NetIQ|AA|6.4.1.0|709|Template link removed|4|cs1=def0def0def0def0def0def0def0def0 cs1Label=tenant_id cs2=TOP cs2Label=tenant_name cs3=PASSWORD:1 cs3Label=method_id cs4=LOCAL\USER cs4Label=template_owner cs5=Sample cs5Label=comment duser=LOCAL\USER externalId=G861nae15NAVC4JoxkTkNYNlGgpRpd7W suser= LOCAL\ADMIN outcome=success dvc=127.0.0.1 dvchost=dev-comp dvcpid=21 dtz=UTC rt=1660662337275 |
710 |
Failed to remove template link |
security |
7 |
cs1(tenant_id), cs2(tenant_name), cs3(method_id), cs4(template_owner), cs5(comment), duser, externalId, outcome, reason, suser |
CEF:0|NetIQ|AA|6.4.1.0|710|Failed to remove template link|7|cs1=def0def0def0def0def0def0def0def0 cs1Label=tenant_id cs2=TOP cs2Label=tenant_name cs3=PASSWORD:1 cs3Label=method_id cs4=LOCAL\USER cs4Label=template_owner cs5=Sample cs5Label=comment duser=LOCAL\USER externalId=G861nae15NAVC4JoxkTkNYNlGgpRpd7W suser= LOCAL\ADMIN outcome=failure reason=transaction aborted dvc=127.0.0.1 dvchost=dev-comp dvcpid=21 dtz=UTC rt=1660662337275 |
711 |
Template removed |
security |
4 |
cs1(tenant_id), cs2(tenant_name), cs3(method_id), cs4(template_owner), cs5(comment), duser, externalId, outcome, suser |
CEF:0|NetIQ|AA|6.4.1.0|711|Template removed|4|cs1=def0def0def0def0def0def0def0def0 cs1Label=tenant_id cs2=TOP cs2Label=tenant_name cs3=PASSWORD:1 cs3Label=method_id cs4=LOCAL\USER cs4Label=template_owner cs5=Sample cs5Label=comment duser=LOCAL\USER externalId=G861nae15NAVC4JoxkTkNYNlGgpRpd7W suser= LOCAL\ADMIN outcome=success dvc=127.0.0.1 dvchost=dev-comp dvcpid=21 dtz=UTC rt=1660662337275 |
712 |
Failed to remove template |
security |
7 |
cs1(tenant_id), cs2(tenant_name), cs3(method_id), cs4(template_owner), cs5(comment), duser, externalId, outcome, reason, suser |
CEF:0|NetIQ|AA|6.4.1.0|712|Failed to remove template|7|cs1=def0def0def0def0def0def0def0def0 cs1Label=tenant_id cs2=TOP cs2Label=tenant_name cs3=PASSWORD:1 cs3Label=method_id cs4=LOCAL\USER cs4Label=template_owner cs5=Sample cs5Label=comment duser=LOCAL\USER externalId=G861nae15NAVC4JoxkTkNYNlGgpRpd7W suser= LOCAL\ADMIN outcome=failure reason=transaction aborted dvc=127.0.0.1 dvchost=dev-comp dvcpid=21 dtz=UTC rt=1660662337275 |
713 |
Template changed |
security |
4 |
cs1(tenant_id), cs2(tenant_name), cs3(method_id), cs4(template_owner), cs5(comment), duser, externalId, outcome, suser |
CEF:0|NetIQ|AA|6.4.1.0|713|Template changed|4|cs1=def0def0def0def0def0def0def0def0 cs1Label=tenant_id cs2=TOP cs2Label=tenant_name cs3=PASSWORD:1 cs3Label=method_id cs4=LOCAL\USER cs4Label=template_owner cs5=Sample cs5Label=comment duser=LOCAL\USER externalId=G861nae15NAVC4JoxkTkNYNlGgpRpd7W suser= LOCAL\ADMIN outcome=success dvc=127.0.0.1 dvchost=dev-comp dvcpid=21 dtz=UTC rt=1660662337275 |
714 |
Failed to change template |
security |
7 |
cs1(tenant_id), cs2(tenant_name), cs3(method_id), cs4(template_owner), cs5(comment), duser, externalId, outcome, reason, suser |
CEF:0|NetIQ|AA|6.4.1.0|714|Failed to change template|7|cs1=def0def0def0def0def0def0def0def0 cs1Label=tenant_id cs2=TOP cs2Label=tenant_name cs3=PASSWORD:1 cs3Label=method_id cs4=LOCAL\USER cs4Label=template_owner cs5=Sample cs5Label=comment duser=LOCAL\USER externalId=G861nae15NAVC4JoxkTkNYNlGgpRpd7W suser= LOCAL\ADMIN outcome=failure reason=transaction aborted dvc=127.0.0.1 dvchost=dev-comp dvcpid=21 dtz=UTC rt=1660662337275 |
715 |
Template changed during logon |
security |
4 |
cs1(tenant_id), cs2(tenant_name), cs3(method_id), cs4(template_owner), cs5(comment), duser, externalId, suser |
CEF:0|NetIQ|AA|6.4.1.0|715|Template changed during logon|4|cs1=def0def0def0def0def0def0def0def0 cs1Label=tenant_id cs2=TOP cs2Label=tenant_name cs3=PASSWORD:1 cs3Label=method_id cs4=LOCAL\USER cs4Label=template_owner cs5=Sample cs5Label=comment duser=LOCAL\USER externalId=G861nae15NAVC4JoxkTkNYNlGgpRpd7W suser= LOCAL\ADMIN dvc=127.0.0.1 dvchost=dev-comp dvcpid=21 dtz=UTC rt=1660662337275 |
801 |
Policy changed |
security |
4 |
cs1(tenant_id), cs2(tenant_name), cs3(component_id), cs4(scope), duser, externalId, outcome |
CEF:0|NetIQ|AA|6.4.1.0|801|Policy changed|4|cs1=def0def0def0def0def0def0def0def0 cs1Label=tenant_id cs2=TOP cs2Label=tenant_name cs3=LoginOptions cs3Label=component_id cs4=global cs4Label=scope duser=LOCAL\USER externalId=G861nae15NAVC4JoxkTkNYNlGgpRpd7W outcome=success dvc=127.0.0.1 dvchost=dev-comp dvcpid=21 dtz=UTC rt=1660662337275 |
802 |
No rights to change policy |
security |
7 |
cs1(tenant_id), cs2(tenant_name), cs3(component_id), cs4(scope), duser, externalId |
CEF:0|NetIQ|AA|6.4.1.0|802|No rights to change policy|7|cs1=def0def0def0def0def0def0def0def0 cs1Label=tenant_id cs2=TOP cs2Label=tenant_name cs3=LoginOptions cs3Label=component_id cs4=global cs4Label=scope duser=LOCAL\USER externalId=G861nae15NAVC4JoxkTkNYNlGgpRpd7W dvc=127.0.0.1 dvchost=dev-comp dvcpid=21 dtz=UTC rt=1660662337275 |
803 |
Failed to change policy |
operational |
7 |
cs1(tenant_id), cs2(tenant_name), cs3(component_id), cs4(scope), duser, externalId, outcome, reason |
CEF:0|NetIQ|AA|6.4.1.0|803|Failed to change policy|7|cs1=def0def0def0def0def0def0def0def0 cs1Label=tenant_id cs2=TOP cs2Label=tenant_name cs3=LoginOptions cs3Label=component_id cs4=global cs4Label=scope duser=LOCAL\USER externalId=G861nae15NAVC4JoxkTkNYNlGgpRpd7W outcome=failure reason=transaction aborted dvc=127.0.0.1 dvchost=dev-comp dvcpid=21 dtz=UTC rt=1660662337275 |
804 |
Object policy changed |
security |
4 |
cs1(tenant_id), cs2(tenant_name), cs3(component_id), cs4(scope), cs5(object_id), cs6(object_type), duser, externalId, flexString1(object_name),outcome |
CEF:0|NetIQ|AA|6.4.1.0|804|Object policy changed|4|cs1=def0def0def0def0def0def0def0def0 cs1Label=tenant_id cs2=TOP cs2Label=tenant_name cs3=LoginOptions cs3Label=component_id cs4=object cs4Label=scope cs5=fc157e1cfe2f11ec81840242ac110002 cs5Label=object_id cs6=User cs6Label=object_type duser=LOCAL\USER externalId=G861nae15NAVC4JoxkTkNYNlGgpRpd7W flexString1=testUser flexString1Label=object_name outcome=success dvc=127.0.0.1 dvchost=dev-comp dvcpid=21 dtz=UTC rt=1660662337275 |
805 |
No rights to change object policy |
security |
7 |
cs1(tenant_id), cs2(tenant_name), cs3(component_id), cs4(scope), cs5(object_id), cs6(object_type), duser, externalId, flexString1(object_name) |
CEF:0|NetIQ|AA|6.4.1.0|805|No rights to change object policy|7|cs1=def0def0def0def0def0def0def0def0 cs1Label=tenant_id cs2=TOP cs2Label=tenant_name cs3=LoginOptions cs3Label=component_id cs4=object cs4Label=scope cs5=fc157e1cfe2f11ec81840242ac110002 cs5Label=object_id cs6=User cs6Label=object_type duser=LOCAL\USER externalId=G861nae15NAVC4JoxkTkNYNlGgpRpd7W flexString1=testUser flexString1Label=object_name dvc=127.0.0.1 dvchost=dev-comp dvcpid=21 dtz=UTC rt=1660662337275 |
806 |
Failed to change object policy |
operational |
7 |
cs1(tenant_id), cs2(tenant_name), cs3(component_id), cs4(scope), cs5(object_id), cs6(object_type), duser, externalId, flexString1(object_name), outcome, reason |
CEF:0|NetIQ|AA|6.4.1.0|806|Failed to change object policy|7|cs1=def0def0def0def0def0def0def0def0 cs1Label=tenant_id cs2=TOP cs2Label=tenant_name cs3=LoginOptions cs3Label=component_id cs4=object cs4Label=scope cs5=fc157e1cfe2f11ec81840242ac110002 cs5Label=object_id cs6=User cs6Label=object_type duser=LOCAL\USER externalId=G861nae15NAVC4JoxkTkNYNlGgpRpd7W flexString1=testUser flexString1Label=object_name outcome=failure reason=transaction aborted dvc=127.0.0.1 dvchost=dev-comp dvcpid=21 dtz=UTC rt=1660662337275 |
901 |
License added |
operational |
4 |
cs1(tenant_id), cs2(tenant_name),cs3 (license_id), cs4(enabled_features), cs5(user_count), deviceCustomDate1 (expire_date), externalId, outcome |
CEF:0|NetIQ|AA|6.4.1.0|901|License added|4|cs1=def0def0def0def0def0def0def0def0 cs1Label=tenant_id cs2=TOP cs2Label=tenant_name cs3=kAi22UNwgKJnldwQ30okb PRBduoveSD2 cs3Label=license_id cs4=super cs4Label=enabled_features cs5=42 cs5Label=user_count deviceCustomDate1=Dec 25 2022 20:30:00 deviceCustomDate1Label=expire_date externalId=G861nae15NAVC4JoxkTkNYNlGgpRpd7W outcome=success dvc=127.0.0.1 dvchost=dev-comp dvcpid=21 dtz=UTC rt=1660662337275 |
902 |
Failed to add license |
operational |
7 |
cs1(tenant_id), cs2(tenant_name), cs3(license_id), cs4(enabled_features), cs5(user_count), deviceCustomDate1(expire_date), externalId, outcome, reason |
CEF:0|NetIQ|AA|6.4.1.0|902|Failed to add license|7|cs1=def0def0def0def0def0def0def0def0 cs1Label=tenant_id cs2=TOP cs2Label=tenant_name cs3=kAi22UNwgKJnldwQ30okb PRBduoveSD2 cs3Label=license_id cs4=super cs4Label=enabled_features cs5=42 cs5Label=user_count deviceCustomDate1=Dec 25 2022 20:30:00 deviceCustomDate1Label=expire_date externalId=G861nae15NAVC4JoxkTkNYNlGgpRpd7W outcome=failure reason=transaction aborted dvc=127.0.0.1 dvchost=dev-comp dvcpid=21 dtz=UTC rt=1660662337275 |
1001 |
Global setting changed |
security |
7 |
cs1(tenant_id), cs2(tenant_name), cs3(setting_name), duser, externalId, outcome |
CEF:0|NetIQ|AA|6.4.1.0|1001|Global setting changed|7|cs1=def0def0def0def0def0def0def0def0 cs1Label=tenant_id cs2=TOP cs2Label=tenant_name cs3=HTTPCert cs3Label=setting_name duser=LOCAL\USER externalId=G861nae15NAVC4JoxkTkNYNlGgpRpd7W outcome=success dvc=127.0.0.1 dvchost=dev-comp dvcpid=21 dtz=UTC rt=1660662337275 |
1002 |
No rights to change global setting |
security |
9 |
cs1(tenant_id), cs2(tenant_name), cs3(setting_name), duser, externalId |
CEF:0|NetIQ|AA|6.4.1.0|1002|No rights to change global setting|9|cs1=def0def0def0def0def0def0def0def0 cs1Label=tenant_id cs2=TOP cs2Label=tenant_name cs3=HTTPCert cs3Label=setting_name duser=LOCAL\USER externalId=G861nae15NAVC4JoxkTkNYNlGgpRpd7W dvc=127.0.0.1 dvchost=dev-comp dvcpid=21 dtz=UTC rt=1660662337275 |
1003 |
Failed to change global setting |
operational |
9 |
cs1(tenant_id), cs2(tenant_name), cs3(setting_name), duser, externalId, outcome, reason |
CEF:0|NetIQ|AA|6.4.1.0|1003|Failed to change global setting|9|cs1=def0def0def0def0def0def0def0def0 cs1Label=tenant_id cs2=TOP cs2Label=tenant_name cs3=HTTPCert cs3Label=setting_name duser=LOCAL\USER externalId=G861nae15NAVC4JoxkTkNYNlGgpRpd7W outcome=failure reason=transaction aborted dvc=127.0.0.1 dvchost=dev-comp dvcpid=21 dtz=UTC rt=1660662337275 |
1101 |
Password changed |
security |
3 |
cs1(tenant_id), cs2(tenant_name), duser, sourceServiceName, src |
CEF:0|NetIQ|AA|6.4.1.0|1101|Password changed|3|cs1=def0def0def0def0def0def0def0def0 cs1Label=tenant_id cs2=TOP cs2Label=tenant_name duser=LOCAL\USER sourceServiceName=SampleEp src=10.20.22.23 dvc=127.0.0.1 dvchost=dev-comp dvcpid=21 dtz=UTC rt=1660662337275 |
1102 |
Password reset |
security |
6 |
cs1(tenant_id), cs2(tenant_name), duser, sourceServiceName, src |
CEF:0|NetIQ|AA|6.4.1.0|1101|Password reset|6|cs1=def0def0def0def0def0def0def0def0 cs1Label=tenant_id cs2=TOP cs2Label=tenant_name duser=LOCAL\USER sourceServiceName=SampleEp src=10.20.22.23 dvc=127.0.0.1 dvchost=dev-comp dvcpid=21 dtz=UTC rt=1660662337275 |
1201 |
User logged on using local cache |
security |
1 |
cs1(tenant_id), cs2(tenant_name), cs3(event_name), cs4(chain_name), deviceCustomDate1(logon_time), duser, sourceServiceName, src |
CEF:0|NetIQ|AA|6.4.1.0|1201|User logged on using local cache|1|cs1=def0def0def0def0def0def0def0def0 cs1Label=tenant_id cs2=TOP cs2Label=tenant_name cs3=Portal cs3Label=event_name cs4=password-chain cs4Label=chain_name deviceCustomDate1=1660662337275 deviceCustomDate1Label=logon_time duser=LOCAL\USER sourceServiceName=SampleEp src=10.20.22.23 dvc=127.0.0.1 dvchost=dev-comp dvcpid=21 dtz=UTC rt=1660662337275 |
1301 |
Event created |
security |
4 |
cs1(tenant_id), cs2(tenant_name), cs3(event_name), duser, externalId, outcome |
CEF:0|NetIQ|AA|6.4.1.0|1301|Event created|4|cs1=def0def0def0def0def0def0def0def0 cs1Label=tenant_id cs2=TOP cs2Label=tenant_name cs3=Portal cs3Label=event_name duser=LOCAL\USER externalId=G861nae15NAVC4JoxkTkNYNlGgpRpd7W outcome=success dvc=127.0.0.1 dvchost=dev-comp dvcpid=21 dtz=UTC rt=1660662337275 |
1302 |
Failed to create event |
operational |
7 |
cs1(tenant_id), cs2(tenant_name), cs3(event_name), duser, externalId, outcome, reason |
CEF:0|NetIQ|AA|6.4.1.0|1302|Failed to create event|7|cs1=def0def0def0def0def0def0def0def0 cs1Label=tenant_id cs2=TOP cs2Label=tenant_name cs3=Portal cs3Label=event_name duser=LOCAL\USER externalId=G861nae15NAVC4JoxkTkNYNlGgpRpd7W outcome=failure reason=transaction aborted dvc=127.0.0.1 dvchost=dev-comp dvcpid=21 dtz=UTC rt=1660662337275 |
1303 |
Event changed |
security |
4 |
cs1(tenant_id), cs2(tenant_name), cs3(event_name), duser, externalId, outcome |
CEF:0|NetIQ|AA|6.4.1.0|1303|Event changed|4|cs1=def0def0def0def0def0def0def0def0 cs1Label=tenant_id cs2=TOP cs2Label=tenant_name cs3=Portal cs3Label=event_name duser=LOCAL\USER externalId=G861nae15NAVC4JoxkTkNYNlGgpRpd7W outcome=success dvc=127.0.0.1 dvchost=dev-comp dvcpid=21 dtz=UTC rt=1660662337275 |
1304 |
Failed to change event |
operational |
7 |
cs1(tenant_id), cs2(tenant_name), cs3(event_name), duser, externalId, outcome, reason |
CEF:0|NetIQ|AA|6.4.1.0|1304|Failed to change event|7|cs1=def0def0def0def0def0def0def0def0 cs1Label=tenant_id cs2=TOP cs2Label=tenant_name cs3=Portal cs3Label=event_name duser=LOCAL\USER externalId=G861nae15NAVC4JoxkTkNYNlGgpRpd7W outcome=failure reason=transaction aborted dvc=127.0.0.1 dvchost=dev-comp dvcpid=21 dtz=UTC rt=1660662337275 |
1305 |
Event removed |
security |
4 |
cs1(tenant_id), cs2(tenant_name), cs3(event_name), duser, externalId, outcome |
CEF:0|NetIQ|AA|6.4.1.0|1305|Event removed|4|cs1=def0def0def0def0def0def0def0def0 cs1Label=tenant_id cs2=TOP cs2Label=tenant_name cs3=Portal cs3Label=event_name duser=LOCAL\USER externalId=G861nae15NAVC4JoxkTkNYNlGgpRpd7W outcome=success dvc=127.0.0.1 dvchost=dev-comp dvcpid=21 dtz=UTC rt=1660662337275 |
1306 |
Failed to remove event |
operational |
7 |
cs1(tenant_id), cs2(tenant_name), cs3(event_name), duser, externalId, outcome, reason |
CEF:0|NetIQ|AA|6.4.1.0|1306|Failed to remove event|7|cs1=def0def0def0def0def0def0def0def0 cs1Label=tenant_id cs2=TOP cs2Label=tenant_name cs3=Portal cs3Label=event_name duser=LOCAL\USER externalId=G861nae15NAVC4JoxkTkNYNlGgpRpd7W outcome=failure reason=transaction aborted dvc=127.0.0.1 dvchost=dev-comp dvcpid=21 dtz=UTC rt=1660662337275 |
1401 |
Chain created |
security |
4 |
cs1(tenant_id), cs2(tenant_name), cs3(chain_name), duser, externalId, outcome |
CEF:0|NetIQ|AA|6.4.1.0|1401|Chain created|4|cs1=def0def0def0def0def0def0def0def0 cs1Label=tenant_id cs2=TOP cs2Label=tenant_name cs3=password-chain cs3Label=chain_name duser=LOCAL\USER externalId=G861nae15NAVC4JoxkTkNYNlGgpRpd7W outcome=success dvc=127.0.0.1 dvchost=dev-comp dvcpid=21 dtz=UTC rt=1660662337275 |
1402 |
Failed to create chain |
operational |
7 |
cs1(tenant_id), cs2(tenant_name), cs3(chain_name), duser, externalId, outcome, reason |
CEF:0|NetIQ|AA|6.4.1.0|1402|Failed to create chain|7|cs1=def0def0def0def0def0def0def0def0 cs1Label=tenant_id cs2=TOP cs2Label=tenant_name cs3=password-chain cs3Label=chain_name duser=LOCAL\USER externalId=G861nae15NAVC4JoxkTkNYNlGgpRpd7W outcome=failure dvc=127.0.0.1 dvchost=dev-comp dvcpid=21 dtz=UTC rt=1660662337275 reason=transaction aborted |
1403 |
Chain changed |
security |
4 |
cs1(tenant_id), cs2(tenant_name), cs3(chain_name), duser, externalId, outcome |
CEF:0|NetIQ|AA|6.4.1.0|1403|Chain changed|4|cs1=def0def0def0def0def0def0def0def0 cs1Label=tenant_id cs2=TOP cs2Label=tenant_name cs3=password-chain cs3Label=chain_name duser=LOCAL\USER externalId=G861nae15NAVC4JoxkTkNYNlGgpRpd7W outcome=success dvc=127.0.0.1 dvchost=dev-comp dvcpid=21 dtz=UTC rt=1660662337275 |
1404 |
Failed to change chain |
operational |
7 |
cs1(tenant_id), cs2(tenant_name), cs3(chain_name), duser, externalId, outcome, reason |
CEF:0|NetIQ|AA|6.4.1.0|1404|Failed to change chain|7|cs1=def0def0def0def0def0def0def0def0 cs1Label=tenant_id cs2=TOP cs2Label=tenant_name cs3=password-chain cs3Label=chain_name duser=LOCAL\USER externalId=G861nae15NAVC4JoxkTkNYNlGgpRpd7W outcome=failure dvc=127.0.0.1 dvchost=dev-comp dvcpid=21 dtz=UTC rt=1660662337275 reason=transaction aborted |
1405 |
Chain removed |
security |
4 |
cs1(tenant_id), cs2(tenant_name), cs3(chain_name), duser, externalId, outcome |
CEF:0|NetIQ|AA|6.4.1.0|1405|Chain removed|4|cs1=def0def0def0def0def0def0def0def0 cs1Label=tenant_id cs2=TOP cs2Label=tenant_name cs3=password-chain cs3Label=chain_name duser=LOCAL\USER externalId=G861nae15NAVC4JoxkTkNYNlGgpRpd7W outcome=success dvc=127.0.0.1 dvchost=dev-comp dvcpid=21 dtz=UTC rt=1660662337275 |
1406 |
Failed to remove chain |
operational |
7 |
cs1(tenant_id), cs2(tenant_name), cs3(chain_name), duser, externalId, outcome, reason |
CEF:0|NetIQ|AA|6.4.1.0|1406|Failed to remove chain|7|cs1=def0def0def0def0def0def0def0def0 cs1Label=tenant_id cs2=TOP cs2Label=tenant_name cs3=password-chain cs3Label=chain_name duser=LOCAL\USER externalId=G861nae15NAVC4JoxkTkNYNlGgpRpd7W outcome=failure dvc=127.0.0.1 dvchost=dev-comp dvcpid=21 dtz=UTC rt=1660662337275 reason=transaction aborted |
1501 |
HANIS validation succeeded |
security |
4 |
cs1(tenant_id), cs2(tenant_name), cs3(method_id), cs4(id_number), cs5(phone_number),duser, external_id, outcome, sourceServiceName, src |
CEF:0|NetIQ|AA|6.4.1.0|1501|HANIS validation succeeded|4|cs1=def0def0def0def0def0def0def0def0 cs1Label=tenant_id cs2=TOP cs2Label=tenant_name cs3=HANIS:1 cs3Label=method_id cs4=92***86 cs4Label=id_number cs5=+123456789 cs5Label=phone_number duser=LOCAL\USER externalId=G861nae15NAVC4JoxkTkNYNlGgpRpd7W outcome=success sourceServiceName=SampleEp src=10.20.22.23 dvc=127.0.0.1 dvchost=dev-comp dvcpid=21 dtz=UTC rt=1660662337275 |
1502 |
Failed to validate HANIS |
operational |
7 |
cs1(tenant_id), cs2(tenant_name), cs3(method_id), cs4(id_number), cs5(phone_number),duser, external_id, outcome, reason, sourceServiceName, src |
CEF:0|NetIQ|AA|6.4.1.0|1502|Failed to validate HANIS|7|cs1=def0def0def0def0def0def0def0def0 cs1Label=tenant_id cs2=TOP cs2Label=tenant_name cs3=HANIS:1 cs3Label=method_id cs4=92***86 cs4Label=id_number cs5=+123456789 cs5Label=phone_number duser=LOCAL\USER externalId=G861nae15NAVC4JoxkTkNYNlGgpRpd7W outcome=success reason=FACE_TOO_SMALL sourceServiceName=SampleEp src=10.20.22.23 dvc=127.0.0.1 dvchost=dev-comp dvcpid=21 dtz=UTC rt=1660662337275 |