Each auditable event has an associated set of information that is available for logging. This information is grouped into specific context objects. The context objects that are available for logging a specific event are specified by the event type. This topic details the information that exists for each context object and specifies whether the information is logged by default or is only logged when the verbose logging option is enabled.
Field | Type | Description | Default or Verbose logging |
---|---|---|---|
sessionId | String | An identifier for the user session | Default |
remoteAddr | String | The IP address for the remote host | Default |
remotePort | String | The port of the remote host | Default |
remoteHost | String | The host name of the remote host | Default |
Field | Type | Description | Default or Verbose logging |
---|---|---|---|
firstCaller | String | The identity of the first user in the caller list | Default |
callerList | String array | A list of names representing the identities of the users | Verbose |
Field | Type | Description | Default or Verbose logging |
---|---|---|---|
type | String | The type of user registry being used, such as LDAP or AIX® | Default |
Field | Type | Description | Default or Verbose logging |
---|---|---|---|
domain | String | The domain to which the user belongs | Verbose |
realm | String | The registry partition to which the user belongs | Default |
Field | Type | Description | Default or Verbose logging |
---|---|---|---|
lastEventTrailId | String | The last ID associated with a given transaction | Verbose |
eventTrailId | String array | An array of IDs that allow events that belong to a given transaction to be correlated | Default |
creationTime | Date | The date an event was created | Default |
globalInstanceId | Long | The unique identifier of this event | Default |
Field | Type | Description | Default or Verbose logging |
---|---|---|---|
delegationType | String | no delegation, simple delegation, method delegation or switch user delegation | Default |
roleName | String | The Run as role being used: runAsClient, runAsSpecified, runAsSystem, own ID | Default |
identityName | String | Information about the mapped user | Default |
Field | Type | Description | Default or Verbose logging |
---|---|---|---|
authnType | String | The type of authentication used | Default |
Field | Type | Description | Default or Verbose logging |
---|---|---|---|
provider | String | The provider of the authentication or authorization service | Default |
providerStatus | String | Status of whether the authentication or authorization event processed successfully by the provider | Default |
Field | Type | Description | Default or Verbose logging |
---|---|---|---|
mappedSecurityDomain | String | The security domain after mapping has occurred | Default |
mappedRealm | String | The realm after mapping has occurred | Default |
mappedUserName | String | The user name after mapping has occurred | Default |
Field | Type | Description | Default or Verbose logging |
---|---|---|---|
terminateReason | String | The reason authentication ended | Default |
Field | Type | Description | Default or Verbose logging |
---|---|---|---|
progName | String | The name of the program that was involved in the event | Default |
action | String | The action being performed. | Default |
registryUserName | String | The name of the user in the registry | Default |
appUserName | String | The name of the user within an application | Default |
accessDecision | String | The decision of the authorization call | Default |
resourceName | String | The name of the resource in the context of the application | Default |
resourceType | String | The type of resource | Default |
resourceUniqueId | Long | The unique identifier of the resource | Default |
permissionsChecked | String array | The permissions that were checked during the authorization call | Default |
permissionsGranted | String array | The permissions that were granted during the authorization call | Default |
rolesChecked | String array | The roles that were checked during the authorization call | Default |
rolesGranted | String array | The roles that were granted during the authorization call | Default |
Field | Type | Description | Default or Verbose logging |
---|---|---|---|
policyName | String | The name of the policy | Default |
policyType | String | The type of policy | Default |
Field | Type | Description | Default or Verbose logging |
---|---|---|---|
keyLabel | String | The key or certificate label | Default |
keyLocation | String | The physical location of the key database | Default |
certLifetime | Date | The date when a certificate expires | Default |
Field | Type | Description | Default or Verbose logging |
---|---|---|---|
cipherData | Byte array | The cipher data that is captured | Verbose |
Field | Type | Description | Default or Verbose logging |
---|---|---|---|
mgmtType | String | The type of management operation | Default |
mgmtCommand | String | The application-specific command that was performed | Default |
targetInfoAttributes | Target Atrribute array | Information about one or more secondary objects involved in this operation | Verbose |
Field | Type | Description | Default or Verbose logging |
---|---|---|---|
url | String | The URL of the HTTP request | Default |
httpRequestHeaders | Attributes array | The HTTP request headers provided by the client | Verbose |
httpResponseHeaders | Attributes array | The HTTP response headers returned by the server | Verbose |
Field | Type | Description | Default or Verbose logging |
---|---|---|---|
key | String | The label representing the custom property key name | Verbose |
value | Object | The object value of the custom property | Verbose |
Field | Type | Description | Default or Verbose logging |
---|---|---|---|
name | String | Name of the attribute | Default |
value | String | Value of the attribute | Default |
Source | String | Source of the attribute (user, application, or an input for authz rules) | Default |
Field | Type | Description | Default or Verbose logging |
---|---|---|---|
name | String | What object is the operation targeted against? | Default |
uniqueId | Long | Target's unique identifier | Default |
All runtime events need sessionContext, eventContext, accessContext, propagationContext, processContext, and registryContext objects. In addition to these required context objects, each event needs the context objects listed for that event in the following table:
Event Type | Context Objects |
---|---|
SECURITY_AUTHN | authnContext, providerContext |
SECURITY_AUTHN_CREDS_MODIFY | |
SECURITY_AUTHN_DELEGATION | delegationContext |
SECURITY_AUTHN_MAPPING | authnMapping, providerContext |
SECURITY_AUTHN_TERMINATE | authnContext, providerContext, authnTermContext |
SECURITY_AUTHZ | providerContext, policyContext |
SECURITY_ENCRYPTION | keyContext |
SECURITY_MGMT_AUDIT | mgmtContext |
SECURITY_MGMT_CONFIG | mgmtContext |
SECURITY_MGMT_KEY | mgmtContext, keyContext |
SECURITY_MGMT_POLICY | mgmtContext, policyContext |
SECURITY_MGMT_PROVISIONING | mgmtContext, regObjContext |
SECURITY_MGMT_REGISTRY | mgmtContext, regObjContext |
SECURITY_MGMT_RESOURCE | mgmtContext |
SECURITY_RESOURCE_ACCESS | responseContext |
SECURITY_RUNTIME | |
SECURITY_RUNTIME_KEY | keyContext |
SECURITY_SIGNING | keyContext |