5.2 Session Management Events

A session is the association of an initiator with a stream of communication. A session may represent a user's connection to server, as in the case of logging into a Linux or Windows host, or a set of related transactions in a connection-less environment, as in the case of using a cookie to maintain persistent transactions between a browser client and a Web server.

Table 5-2 Session Management Event Taxonomy

Event Name

Event Identifier

Corresponding eDir Event

Description

Use

Create Session

0.0.1.0

DSE_LDAP_CONNECTION

Create a new session

This event should be reported whenever a new session (as defined above) is created.

Terminate Session

0.0.1.1

DSE_LOGOUT

Terminate an existing session

This event should be reported whenever an existing session (as defined above) is terminated.

Modify Session

0.0.1.3

DSE_CHANGE_CONN_STATE

Modify user session attributes

This event should be reported whenever attribute information is modified on an existing session.

5.2.1 Examples for Session Management Events

The following sections are examples for Session Management events.

Create Session

Click Create Session to generate an event for creating a session, as shown in the following example:

Jan 08 10:18:34 eDirectory : INFO {"Source" : "eDirectory#LDAP","Observer" : {"Account" : {"Domain" : "MYTREE","Name" : "CN=SRV1,O=mycom"},"Entity" : {"SysAddr" : "100.1.2.164","SysName" : "SLES11-SP2-164"}},"Initiator" : {"Entity" : {"SysAddr" : "164.99.136.142:40645"},"Assertions" : {"netAddress" : "164.99.136.142:50590","operationTime" : "01/16/14 10:18:34"}},"Target" : {"Data" : {"connection" : "231405696"}},"Action" : {"Event" : {"Id" : "0.0.1.0","Name" : "CREATE_SESSION","CorrelationID" : "eDirectory#4294967295#","SubEvent" : "DSE_LDAP_CONNECTION"},"Time" : {"Offset" : 1389847714},"Log" : {"Severity" : 7},"Outcome" : "0","ExtendedOutcome" : "0"}}

Modify Session

Click Modify Session to generate an event for modifying a session, as shown in the following example:

Jan 08 10:19:34 eDirectory : INFO {"Source" : "eDirectory#DS","Observer" : {"Account" : {"Domain" : "MYTREE","Name" : "CN=SRV1,O=mycom"},"Entity" : {"SysAddr" : "100.1.2.164","SysName" : "SLES11-SP2-164"}},"Initiator" : {"Account" : {"Domain" : "MYTREE","Name" : "CN=SRV1,O=mycom"},"Entity" : {"SysAddr" : "0.0.0.0:0"},"Assertions" : {"NetAddress" : "164.99.136.142"}},"Target" : {"Data" : {"Name" : "CN=SRV1,O=mycom","newFlags" : "1","oldFlags" : "0"}},"Action" : {"Event" : {"Id" : "0.0.1.3","Name" : "MODIFY_SESSION","CorrelationID" : "eDirectory#0#","SubEvent" : "DSE_CHANGE_CONN_STATE"},"Time" : {"Offset" : 1389847774},"Log" : {"Severity" : 7},"Outcome" : "0","ExtendedOutcome" : "0"}}