auditing-and-logging-information-ac5537b.md

Auditing and Logging Information

Here you can find a list of the security events that are logged by Identity Authentication.

Security events written in audit logs

Event grouping	What events are logged	How to identify related log events	Additional information
Authentication	All authentication and authorization checks.	audit.authentication	Formatting each log in key-value pairs simplifies a lot displaying logs in systems, searching by predefined key or value, downloading logging files, etc. In the Identity Authentication audit logging interface, the following log content is available: Caller <caller> did action <action> related to objectType <objectType> with unique identifier <objectId>. The result of this action is state <state> which is caused by cause <cause> and the message is <message>. Each audit log entry consists of the following key-value pairs: state* = [successful | aborted | failed | ignored | process] action* = [create | update | search | delete | upsert | add | validate | validate_sms_code | reset | export | import | verifyPhone | testConnection | read | restore | upload | list | provision | login | authenticate | logout | sendMail(s) | passwordCheck | load | rbaRuleCheck | otpCodeCheck | authenticityCheck | grantPermissions | count | setOtpAttributes | getStatistics | getUsage | setAttributes | provisionAllUsers | provisionUser(s) | forgotPassword | setInitialPassword | process | setConsolidationStatus | mark | sendSmsCode | issueAssertion | issueAuthorizationCode | issueJwtToken | linkUser | returningConsolidationStatus | returnungResetPasswordStatus] objectType* = [company | tenant(s) | tenantAdmin | serviceProvider(s) | identityProvider(s) | socialProvider(s) | service | scimGroup(s) | passwordPolicy(ies) | provisioningSystem(s) | allProvisioningSystems | user(s) | spUser |group(s) | thing(s) | contact | emailTemplates | resource | tenantLogo | scimConfiguration | smsConfiguration | spnegoConfiguration | termsOfUse | privacyPolicy | tenantSettings | trustedDomain(s) | tenantSamlConfiguration | auditLogClients | scimUser(s) | otpCode | forgotPasswordMailCounter | cockpit | usageStatistics | activityAggregator | corporateUserStore | channel | token | trustedIdp | newSpSession | activeSpAndIdpSessions | rbaAction | tenantRbaConfiguration I socialIdentity | openIdClient | googleRecaptcha | companyGroup | psrMailService| entity.Policy | entity.UserPolicy] objectId* = [unique attribute of the objectType – either id, or name, etc… ] caller = [The identifier of the subject] cause = [callerUnauthorized | userNotFound | validationFailure, interrupted, otpCheckFailure, passwordCheckFailure | mailNotVerified | notSupported | alreadyUsed | maximumNumberReached | invalidCode | thirdInvalidCode | alreadyInUse | missingUserPassword | missingTargetSystemConfig] message = [Exception message or additional message which specifies the result of the action] category* = [audit.authentication | audit.configuration | audit.data-change] additionalAttributes – key-value formatted attributes which are specific for each objectType all change log resource types Note: * Available in each log entry.
Configuration	All property/properties of an entity that presents kind of configuration changes that affect the system behavior.	audit.configuration
Data Change	All attribute/attributes of an entity changes.	audit.data-change
Change Logs	All attribute/attributes of change logs.	audit.config-changе

Related Information

Audit Logging in the Cloud Foundry Environment

Audit Logging in the Neo Environment