B.3 Authentication Events
B.3.1 Authentication
When a user is authentic, the following event is generated.
Table B-8 Authentication Events - Authentication
Severity
|
|
Event Name
|
Authentication
|
Resource
|
UserAuthentication
|
SubResource
|
Authenticate
|
Message
|
User <name> has passed Authentication to Sentinel/Wizard |
B.3.2 Creating Entry For External User
When creating an external user, the following event is generated.
Table B-9 Authentication Events - Creating Entry For External User
Severity
|
|
Event Name
|
CreatingEntryForExternalUser
|
Resource
|
UserAuthentication
|
SubResource
|
Authentication
|
Message
|
No existing local user entry with name <name> found, creating one |
B.3.3 Duplicate User Objects
When there is an unexpected second active user object, this should not happen, the following event is generated. This is an internal error.
Table B-10 Authentication Events - Duplicate User Objects
Severity
|
4
|
Event Name
|
TooManyActiveUsers
|
Resource
|
UserAuthentication
|
SubResource
|
Authenticate
|
Message
|
Error in user table : Multiple users with the name <name> found |
B.3.4 Failed Authentication
When a user authentication fails, the following event is generated.
Table B-11 Authentication Events - Failed Authentication
Severity
|
4
|
Event Name
|
AuthenticationFailed
|
Resource
|
UserAuthentication
|
SubResource
|
Authenticate
|
Message
|
Authentication of user <name> with OS name <domUser> from <IP> failed |
B.3.5 Locked Account
When a locked user account is attempting to login, the following event is generated.
Table B-12 Authentication Events - Locked Account
Severity
|
4
|
Event Name
|
LockedUser
|
Resource
|
UserAuthentication
|
SubResource
|
Authentication
|
Message
|
Attempt to login using locked account <acct>
|
B.3.6 No Such User Event
When a user attempts to login into the application and authentication succeeds but the user is not an Sentinel user, the following event is generated.
Table B-13 Authentication Events - No Such User Event
Severity
|
4
|
Event Name
|
NoSuchUser
|
Resource
|
UserAuthentication
|
SubResource
|
Authenticate
|
Message
|
No existing user with name <name> found |
B.3.7 Too Many Active Users
Table B-14 Authentication Events - Too Many Active Users
Severity
|
|
Event Name
|
|
Resource
|
|
SubResource
|
|
Message
|
|
B.3.8 User Discovered
If the server restarts, it loses the session information. It will then reconstruct the session when it receives messages from active users. When it discovers a connected user, the following internal event is generated.
Table B-15 Table B‑8: Authentication Events - User Discovered
Severity
|
1
|
Event Name
|
UserLoggedIn
|
Resource
|
UserSessionManager
|
SubResource
|
User
|
Message
|
Discovered active user <user> with OS name <osName> at <IP> logged in; currently <number> active users |
B.3.9 User Logged In
When a user logs in, the following internal event is generated.
Table B-16 Authentication Events - User Logged In
Severity
|
1
|
Event Name
|
UserLoggedIn
|
Resource
|
UserSessionManager
|
SubResource
|
User
|
Message
|
User <user> with OS name <osName> at <IP> logged in; currently <number> active users |
B.3.10 User Logged Out
When a user logs out, the following internal event is generated.
Table B-17 Authentication Events - User Logged Out
Severity
|
1
|
Event Name
|
UserLoggedOut
|
Resource
|
UserSessionManager
|
SubResource
|
User
|
Message
|
Closing session for <user> OS name <osName> from <IP> was on since <date>; currently <number> active users |