Access Gateway audit log


Access Gateway audit logs include information on the following events:

  • Admin nomination - Events which occur during the admin renomination process.
  • Applicationrelated activity such as create, update, delete, activate or deactivate.
  • Authentication and Authorization events such as authentication, authorization, and policy.
  • Certificate events related event activity.
  • Connectivity and validation between Access Gateway and external resources such as back-end applications, data stores, and similar conditions.
  • System status events such as system up, system down, identify provider connection status, EBS subsystem up, valid or invalid NGINX configuration, and others.
  • Kerberos related activity such as create, update or delete.
  • Trusted Domains related activity such as create, update, delete, or synchronize as well as exceptions during trusted domain operations.

 

Before you begin

Event fields

Field

Description

TIMESTAMP

Current system date and time

HOSTNAME

Hostname of node generating event

APPLICATION

One of:

  • ACCESS_GATEWAY
  • OAG
  • OAG_MONITOR 
  • or a specific service such as check connection, log and others

SUB-PROCESS

One of:

  • ApplicationService
  • ACCESS
  • ADMIN_CONSOLE
  • EBS_SSOAGENT
  • HOST_IP_CHECK
  • MONITOR
  • SCRIPT
  • SERVICE
  • TrustedOriginUpdateScheduler
  • WEB_CONSOLE
  • Or a specific service such as check_connection

COMPONENT

Component of the sub-process such as:

  • AUTHN
  • AUTHZ
  • CLUSTER MANAGER ADMIN
  • ERROR
  • IDP
  • INFO
  • KRB5
  • LOG_DOWNLOAD_STATUS
  • LOG_PREPARE_OPERATION
  • LOG_PREPARE_STATUS
  • NGINX
  • SYSTEM
  • TRUSTED_DOMAINS

SUB-COMPONENT

Sub-component of the process such as:

  • ALERT
  • EBS_SSOAGENT
  • HOST
  • INFO
  • LOCAL
  • NETCAT
  • NOMINATION
  • POLICY
  • SESSION
  • STARTUP/SHUTDOWN

LOG_LEVEL

Log level, one of: TRACE, DEBUG, INFO, WARN, ERROR, or FATAL.

EVENT

Event type

STRUCTURED_DATA

Data related to the occurred event.

MESSAGE

Readable message.

Admin nomination

Events logged when admin renomination takes place.

Nomintation - Starting

Description: Events generated when the nomination starts on admin node.

Messages:

  • OAG Version - 2020.8.3, Cluster Manager Version - 2020.1.5.20200803.174755
    Starting authorized nomination process
  • OAG Version - 2020.6.3, Cluster Manager Version - 2020.1.5.20200803.174755
  • Sent nomination.authKey to admin node - existingadmin[.domain.tld]

Examples:

  • 2020-08-05T18:40:23.711-07:00 nodeB OAG ADMIN_CONSOLE CLUSTER MANAGER ADMIN NOMINATION INFO Mgmt console Event [USER="oag-mgmt"] OAG Version - 2020.6.3, Cluster Manager Version - 2020.1.5.20200803.174755
  • 2020-08-05T18:40:23.711-07:00 nodeB OAG ADMIN_CONSOLE CLUSTER MANAGER ADMIN NOMINATION INFO Mgmt console Event [USER="oag-mgmt"] Starting authorized nomination process - OAG Version - 2020.6.3, Cluster Manager Version - 2020.1.5.20200803.174755
  • 2020-08-05T18:40:23.905-07:00 nodeB ADMIN_CONSOLE CLUSTER MANAGER ADMIN NOMINATION INFO Send auth key to admin node [USER="oag-mgmt"] Sent nomination.authKey to admin node - existingadmin[.domain.tld]
  • Structured data:
    • USER - User performing nomination actions, always oag-mgmt.
  • Corrective action :
    • N/A
  • Nomintation - initiated

    Description: Events generated when nomination starts on admin node.

    Messages:

    • Started nomination process with args: adminNode - [DNS name of existing admin ],
      nominatedNode - [DNS name of nominated worker],
      accessGatewayHostname - gw-admin.[domain.tld]

    Examples:

    • 2020-08-04T14:28:48.376-05:00 oag.nodeC.com ADMIN_CONSOLE CLUSTER MANAGER ADMIN NOMINATION INFO Arguments [USER="root"] Started nomination process with args: adminNode - oag.nodeA.com,nominatedNode - oag.nodeC.com, accessGatewayHostname - gw-admin.[domain.tld]
  • Structured data:
    • USER - User performing nomination actions, always root.
  • Corrective action :
    • N/A
  • Nomintation - Worker nodes not at correct version

    Description: One or more nodes are not at the required feature version.

    Messages:

    • Incompatible node list - [worker.[domain.tld]...] Update worker nodes to version - 2020.8.3 or higher.

    Examples:

    • 2020-08-04T14:28:48.380-05:00 oag.nodeC.com ADMIN_CONSOLE CLUSTER MANAGER ADMIN NOMINATION ERROR Determine Version Compatibility [USER="root"] Incompatible Node List - oag.nodeB.com,oag.nodeD.com. Update worker nodes to version - 2020.8.3 or higher
  • Structured data:
    • USER - User performing nomination actions, always root.
  • Corrective action :
    • Update the worker nodes identified to version 2020.8.3 or later, and then re-run the renomination process.
  • Nomintation - Nominated worker detached from cluster

    Description: Events generated when the nominated worker has been detached from the cluster before becoming the new admin node.

    Messages:

    • Removed nominated admin node - existingadmin[.domain.tld] from HA configuration files
    • Failed to remove nominated admin node - existingadmin[.domain.tld] from HA configuration files.

    Examples:

    • 2020-08-04T14:28:48.380-05:00 existingadmin.[.domain.tld] ADMIN_CONSOLE CLUSTER MANAGER ADMIN NOMINATION ERROR Remove nominated node from HA [USER="root"] Removed nominated admin node - name[.domain.tld] from HA configuration files.
    • 2020-08-04T14:28:48.380-05:00 existingadmin.[domain.tld] ADMIN_CONSOLE CLUSTER MANAGER ADMIN NOMINATION ERROR Remove nominated node from HA [USER="root"] Failed to remove nominated admin node - name[.domain.tld] from HA configuration files.
  • Structured data:
    • USER - User performing nomination actions, always root.
  • Corrective action :
    • None required: On failure the admin node is reverted to its original state. Nominated node is also reverted back to its pre-renomination state.
  • Nomintation - nominated node cloned

    Description: Events generated when current configuration has been transferred to nominated worker.

    Messages:

    • Transferred HA configuration files from current admin node - worker[.domain.tld].
    • Failed to transfer HA configuration files from current admin node - worker[.domain.tld].

    Examples:

    • 2020-08-04T14:27:42.345-05:00 oag.nodeC.com ADMIN_CONSOLE CLUSTER MANAGER ADMIN NOMINATION INFO Copy HA configs [USER="root"] Transferred HA configuration files from current admin node - worker[.domain.tld].
    • 2020-08-04T14:27:42.345-05:00 oag.nodeC.com ADMIN_CONSOLE CLUSTER MANAGER ADMIN NOMINATION INFO Copy HA configs [USER="root"] Failed to transfer HA configuration files from current admin node - worker[.domain.tld].
  • Structured data:
    • USER - User performing nomination actions, always oag-mgmt.
  • Corrective action :
    • None required: On failure, the nominated worker node reverts to its original state.
  • Nomintation - Key exchange

    Description: Events generated when the required keys are exchanged between existing admin and nominated admin.

    Messages:

    • Backup of ssh keys completed for nominated node - newadmin.[domain.tld].

    Examples:

    • 2020-08-04T14:27:42.362-05:00 newadmin[.domain.tld] ADMIN_CONSOLE CLUSTER MANAGER ADMIN NOMINATION INFO Backup SSH Keys [USER="root"] Backup of ssh keys completed for nominated node - worker.[domain.tld]
  • Structured data:
    • USER - User performing nomination actions, always oag-mgmt.
  • Nomintation - Key exchange

    Description: Events generated when the required keys are synchronized between admin and workers.

    Messages:

    • Synced known_hosts and authorized_keys of current admin node - worker[.domain.tld] with all worker nodes.
    • Failed to sync known_hosts and authorized_keys of current admin node - oag.nodeA.com with all worker nodes.

    Examples:

    • 2020-08-04T14:27:43.823-05:00 oag.nodeC.com ADMIN_CONSOLE CLUSTER MANAGER ADMIN NOMINATION INFO Sync keys [USER="root"] Synced known_hosts and authorized_keys of current admin node - worker[.domain.tld] with all worker nodes
    • 2020-08-04T14:27:43.823-05:00 oag.nodeC.com ADMIN_CONSOLE CLUSTER MANAGER ADMIN NOMINATION INFO Sync keys [USER="root"] Failed to sync known_hosts and authorized_keys of current admin node - worker[.domain.tld] with all worker nodes
  • Structured data:
    • USER - User performing nomination actions, always root.
  • Corrective action :
    • None required: On failure, the nominated worker node reverts to its original state.
  • Nomintation - Update worker high availability configuration

    Description: Events generated during exchange of high availability configuration between nominated admin and workers.

    Messages:

    • Prepared HA config file - /tmp/nolock.update_ha_configs.f76c8aea-073b-4241-8960-536fb26573d5.json for worker node - workerX[.domain.tld].
    • Sent nolock.update_ha_configs.f76c8aea-073b-4241-8960-536fb26573d5.json file to worker node - workerX[.domain.tld].
    • Prepared HA config file - /tmp/nolock.update_ha_configs.01880ce6-6ac3-4dd9-ac14-934a301490f3.json for worker node - workerX.[domain.tld]
    • Sent nolock.update_ha_configs.01880ce6-6ac3-4dd9-ac14-934a301490f3.json file to worker node - workerX.[.domain.tld]

    Examples:

    • 2020-08-04T14:27:43.883-05:00 oag.nodeC.com ADMIN_CONSOLE CLUSTER MANAGER ADMIN NOMINATION INFO Prep HA config for worker node [USER="root"] Prepared HA config file - /tmp/nolock.update_ha_configs.f76c8aea-073b-4241-8960-536fb26573d5.json for worker node - workerX[.domain.tld]
    • 2020-08-04T14:27:44.086-05:00 oag.nodeC.com ADMIN_CONSOLE CLUSTER MANAGER ADMIN NOMINATION INFO Send HA config to worker node [USER="root"] Sent nolock.update_ha_configs.f76c8aea-073b-4241-8960-536fb26573d5.json file to worker node - workerX[.domain.tld].
    • 2020-08-04T14:27:44.107-05:00 oag.nodeC.com ADMIN_CONSOLE CLUSTER MANAGER ADMIN NOMINATION INFO Prep HA config for worker node [USER="root"] Prepared HA config file - /tmp/nolock.update_ha_configs.01880ce6-6ac3-4dd9-ac14-934a301490f3.json for worker node - workerX[.domain.tld]
    • 2020-08-04T14:27:44.307-05:00 oag.nodeC.com ADMIN_CONSOLE CLUSTER MANAGER ADMIN NOMINATION INFO Send HA config to worker node [USER="root"] Sent nolock.update_ha_configs.01880ce6-6ac3-4dd9-ac14-934a301490f3.json file to worker node - workerX[.domain.tld].
    • 2020-08-04T14:27:44.307-05:00 oag.nodeC.com ADMIN_CONSOLE CLUSTER MANAGER ADMIN NOMINATION INFO Send HA config to worker node [USER="root"] Failed to send nolock.update_ha_configs.01880ce6-6ac3-4dd9-ac14-934a301490f3.json file to worker node - workerX[.domain.tld].
  • Structured data:
    • USER - User performing nomination actions, always root,
  • Corrective action :
    • None required: On failure, the nominated worker node and the impacted worker nodes revert to their original states.
  • Nomintation - Update worker high availability configuration

    Description: Events generated as workers acknowlege receipt of new high availability configuation

    Messages:

    • Received - 0/2 acknowledgements so far
    • eceived acknowledgment for Worker node - workerX[.domain.tld] with updated Admin Node - newadmin[.domain.tld]
    • Received - 2/2 acknowledgements so far
    • Newly nominated admin node - newadmin[.domain.tld] has been acknowledged by all worker nodes
    • Received acknowledgment 1/2 acknowledgements so far

    Examples:

    • 2020-08-04T14:27:44.346-05:00 oag.nodeC.com ADMIN_CONSOLE CLUSTER MANAGER ADMIN NOMINATION INFO Received acknowledgment [USER="root"] Received - 0/2 acknowledgements so far
    • 8-04T14:27:54.383-05:00 oag.nodeC.com ADMIN_CONSOLE CLUSTER MANAGER ADMIN NOMINATION INFO Received acknowledgment [USER="root"] Received acknowledgment for Worker node - workerX.[domain.tld] with updated Admin Node - newadmin[.domain.tld]
    • 2020-08-04T14:27:54.428-05:00 oag.nodeC.com ADMIN_CONSOLE CLUSTER MANAGER ADMIN NOMINATION INFO Received acknowledgment [USER="root"] Received - 2/2 acknowledgements so far
    • 2020-08-04T14:28:04.448-05:00 oag.nodeC.com ADMIN_CONSOLE CLUSTER MANAGER ADMIN NOMINATION INFO Received acknowledgment [USER="root"] Newly nominated admin node - oag.nodeC.com has been acknowledged by all worker nodes
    • 2020-08-04T14:28:04.448-05:00 oag.nodeC.com ADMIN_CONSOLE CLUSTER MANAGER ADMIN NOMINATION INFO Received acknowledgment [USER="root"] Received acknowledgment 1/2 acknowledgements so far
  • Structured data:
    • USER - User performing nomination actions, always oag-mgmt.
  • Corrective action :
    • Contact support to determine why specific worker didn't return acknowledgement.
  • Nomintation - Revert existing admin to standalone

    Description: Event generated at completion of renomination when the existing admin becomes standalone node.

    Messages:

    • Reset HA configs of older admin node - oldadmin[.domain.tld]

    Examples:

    • 2020-08-04T14:28:04.806-05:00 oag.nodeC.com ADMIN_CONSOLE CLUSTER MANAGER ADMIN NOMINATION INFO Reset admin node HA setup [USER="root"] Reset HA configs of older admin node - oag.nodeA.com
  • Structured data:
    • USER - User performing nomination actions, always root.
  • Corrective action :
    • N/A
  • Nomintation - Confirmation of reset

    Description: Event generated to confirm the reset of an existing admin to standalone.

    Messages:

    • Admin nomination process completed successfully for new admin node - existingadmin[.domain.tld].
    • Reset HA configs for admin node - existingadmin[.domain.tld]

    Examples:

    • 2020-08-04T14:28:04.818-05:00 oag.nodeC.com ADMIN_CONSOLE CLUSTER MANAGER ADMIN NOMINATION INFO Nomination completed [USER="root"] Admin nomination process completed successfully for new admin node - oldamin[.domain.tld].
    • 2020-08-04T14:28:04.818-05:00 oag.nodeC.com ADMIN_CONSOLE CLUSTER MANAGER ADMIN NOMINATION INFO Nomination completed [USER="root"] Admin nomination process completed successfully for new admin node - oldamin[.domain.tld].
  • Structured data:
    • USER - User performing nomination actions, always root.
  • Corrective action :
    • N/A
  • Nomintation - Incorrect authorization code

    Description: Event generated when the admin user [in]correctly enters the renomination authorization code.

    Messages:

    • Authorization token is correct.
    • Authorization token is incorrect.
    • Initiating nomination process on Nominated node - newadmin[.domain.tld].
    • Sent nolock.start_admin_nomination.json to nominated node - oag.nodeC.com

    Examples:

    • 2020-08-06T12:15:23.136-05:00 oag.nodeA.com ADMIN_CONSOLE CLUSTER MANAGER ADMIN NOMINATION INFO Auth Token Verification [USER="oag-mgmt"] Authorization token is correct
    • 2020-08-06T12:13:49.224-05:00 oag.nodeA.com ADMIN_CONSOLE CLUSTER MANAGER ADMIN NOMINATION ERROR Auth Token Verification [USER="oag-mgmt"] Authorization token is incorrect
    • 2020-08-06T12:15:23.148-05:00 oag.nodeA.com ADMIN_CONSOLE CLUSTER MANAGER ADMIN NOMINATION INFO Initiate nomination [USER="oag-mgmt"] Initiating nomination process on Nominated node - newadmin[.domain.tld].
    • 2020-08-06T12:15:23.423-05:00 oag.nodeA.com ADMIN_CONSOLE CLUSTER MANAGER ADMIN NOMINATION INFO Initiate nomination [USER="oag-mgmt"] Sent nolock.start_admin_nomination.json to nominated node - oag.nodeC.com
  • Structured data:
    • USER - User performing nomination actions, always oag-mgmt.
  • Corrective action :
    • Re-enter the correct code.
  • Nomintation - Existing admin enters maintenance mode

    Description: Event generated when the existing admin enters maintenance mode.

    Messages:

    • Started Admin Node Nomination App on admin node - existingadmin.[domain.tld]

    Examples:

    • 2020-08-06T13:06:41.872-05:00 oag.nodeA.com ADMIN_CONSOLE CLUSTER MANAGER UPDATE ADMIN INFO Started Admin Node Nomination App [USER="oagha"] Started Admin Node Nomination App on admin node - existingadmin[.domain.tld]
  • Structured data:
    • USER - User performing nomination actions, always root.
  • Corrective action :
    • N/A
  • Nomintation - Existing admin exit maintenance mode

    Description: Event generated a

    Messages:

    • Activated Admin App for admin node - existingadmin[.domain.tld].
    • Removed Admin Node Nomination Mode App for admin node - existingadmin[.domain.tld].
    • Reset process completed for admin node - existingadmin[.domain.tld].

    Examples:

    • 2020-08-06T13:08:05.086-05:00 oag.nodeA.com ADMIN_CONSOLE CLUSTER MANAGER UPDATE ADMIN INFO Activate Admin App [USER="oagha"] Activated Admin App for admin node - existingadmin[.domain.tld]
    • 2020-08-06T13:08:05.105-05:00 oag.nodeA.com ADMIN_CONSOLE CLUSTER MANAGER UPDATE ADMIN INFO Removed Nomination Mode App [USER="oagha"] Removed Admin Node Nomination Mode App for admin node - existingadmin[.domain.tld]
    • 2020-08-06T13:08:05.118-05:00 oag.nodeA.com ADMIN_CONSOLE CLUSTER MANAGER UPDATE ADMIN INFO Reset process completed [USER="oagha"] Reset process completed for admin node - existingadmin[.domain.tld]
  • Structured data:
    • USER - User performing nomination actions, always oagha.
  • Corrective action :
    • N/A
  • Nomintation -Backup triggered on existing admin node

    Description: Event generated when a backup is performed on existing admin.

    Messages:

    • sudo ...

    Examples:

    • 2020-08-06T13:06:42.000-05:00 existingadmin[.domain.tld] sudo oagha : TTY=unknown ; PWD=/opt/oag/configs/ha/configs.install ; USER=root ; COMMAND=/opt/oag/scripts/oag_backup.sh
  • Structured data:
    • USER - User performing nomination actions, always root.
  • Corrective action :
    • N/A
  • Nomintation - Public and private keys transferred to new admin.

    Description: Event generated required public and private keys are transferred to new admin.

    Messages:

    • Copied private key of oagha user from node - existingadmin[.domain.tld to nominated node - newadmin[.domain.tld].
    • Copied public key oagha user from node - existingadmin[.domain.tld] to nominated node - existingadmin[.domain.tld].

    Examples:

    • 2020-08-06T13:07:43.331-05:00 oag.nodeA.com ADMIN_CONSOLE CLUSTER MANAGER UPDATE ADMIN INFO Copy user private key [USER="oagha"] Copied private key of oagha user from node - existingadmin[.domain.tld] to nominated node - newadmin.[domain.tld]
    • 2020-08-06T13:07:43.515-05:00 oag.nodeA.com ADMIN_CONSOLE CLUSTER MANAGER UPDATE ADMIN INFO Copy user public key [USER="oagha"] Copied public key oagha user from node - existing.[domain.tld] to nominated node - newadmin.[domain.tld]
  • Structured data:
    • USER - User performing nomination actions, always root.
  • Corrective action :
    • N/A
  • Nomintation - Worker node key updates

    Description: Event generated when a key is written to a worker node

    Messages:

    • Public host keys of nominated admin node - workerX[.domain.tld] has been added to known_hosts file of worker node - newadmin[.domain.tld]

    Examples:

    • 2020-08-06T13:07:43.228-05:00 oag.nodeB.com ADMIN_CONSOLE CLUSTER MANAGER UPDATE WORKER INFO Update keys [USER="root"] Public host keys of nominated admin node - workerX.[domain.tld] has been added to known_hosts file of worker node - newadmin[.domain.tld]
  • Structured data:
    • USER - User performing nomination actions, always root.
  • Corrective action :
    • N/A
  • Nomintation - Worker configuration updates

    Description: Event generated when a worker nodes keys are updated

    Messages:

    • Public host keys of nominated admin node - workerX[.domain.tld] has been added to known_hosts file of worker node - newadmin[.domain.tld]

    Examples:

    • 2020-08-06T13:07:44.505-05:00 oag.nodeB.com ADMIN_CONSOLE CLUSTER MANAGER UPDATE WORKER INFO Update HA Config [USER="root"] Updated HA config file - /opt/oag/configs/events/config/ha_configuration.config with nominated admin node as - newadmin[.domain.tld] and worker nodes as - workerX[.domain.tld], workerY[.domain.tld]
  • Structured data:
    • USER - User performing nomination actions, always root.
  • Corrective action :
    • N/A
  • Nomintation - Acknowledgements

    Description: Event generated as nominations are acknowledged.

    Messages:

    • Prepared acknowledgment file - /tmp/f76c8aea-073b-4241-8960-536fb26573d5.ack.prep.
    • Sent acknowledgment file - /tmp/f76c8aea-073b-4241-8960-536fb26573d5.ack.prep to nominated admin node - newadmin[.domain.tld]

    Examples:

    • 2020-08-06T13:07:44.520-05:00 oag.nodeB.com ADMIN_CONSOLE CLUSTER MANAGER UPDATE WORKER INFO Prepare Ack file [USER="root"] Prepared acknowledgment file - /tmp/f76c8aea-073b-4241-8960-536fb26573d5.ack.prep
    • 2020-08-06T13:07:44.734-05:00 oag.nodeB.com ADMIN_CONSOLE CLUSTER MANAGER UPDATE WORKER INFO Sent Ack file [USER="root"] Sent acknowledgment file - /tmp/f76c8aea-073b-4241-8960-536fb26573d5.ack.prep to nominated admin node - newadmin[.domain.tld]
  • Structured data:
    • USER - User performing nomination actions, always root.
  • Corrective action :
    • N/A
  • Nomintation - Successful nomination

    Description: Event generated a nomination completes successfully.

    Messages:

    • Admin nomination process completed successfully on worker node - newadmin[.domain.tld].

    Examples:

    • 2020-08-06T13:07:44.746-05:00 oag.nodeB.com ADMIN_CONSOLE CLUSTER MANAGER UPDATE WORKER INFO Sent Ack file [USER="root"] Admin nomination process completed successfully on worker node - newadmin[.domain.tld]
  • Structured data:
    • USER - User performing nomination actions, always root.
  • Corrective action :
    • N/A
  • Application

    SYSTEM_APP_EVENT

    Event issued when an application is created, updated, deleted, activated, or deactivated.

    • Message:Application: <Application Name> action: CREATE
      Application: <Application Name> action: UPDATE
      Application: <Application Name> action: DELETE
      Application: <Application Name> action: ENABLE
      Application: <Application Name> action: DISABLE

    • Examples:
      2020-06-24T09:40:36.000-05:00 example.myaccessgateway.com ACCESS_GATEWAY WEB_CONSOLE APP - INFO SYSTEM_APP_EVENT [GUID="93d2e78a-c6b7-4c27-83c8-15c2b783d3bb" NAME="Sample Header App" TYPE="SAMPLEHEADER_APP" DOMAIN="<App Domain URL>" IDP="<IDP URL>" IDP_TYPE="<Identity Provider type>" REASON="CREATE" SESSION_ID="3dKU4yqIlHkcRUeGb9f9Dh6OSgFjHq3hIMVktx7h" SUBJECT="admin" REMOTE_IP="-" USER_AGENT="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36"] Application: 'Sample Header App' action: 'CREATE'

      2020-06-24T09:40:36.000-05:00 example.myaccessgateway.com ACCESSS_GATEWAY WEB_CONSOLE APP - INFO SYSTEM_APP_EVENT [GUID="<Application GUID>" NAME="Sample Header App" TYPE="SAMPLEHEADER_APP" DOMAIN="<App Domain URL>" IDP="<IDP URL>" IDP_TYPE="<Identity Provider type>" REASON="UPDATE" SESSION_ID="<Session ID> " SUBJECT="user@<Domain.tld>" REMOTE_IP="-" USER_AGENT="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36"] Application: 'Sample Header App' action: 'UPDATE'

      2020-06-24T09:40:36.000-05:00 example.myaccessgateway.com ACCESSS_GATEWAY WEB_CONSOLE APP - INFO SYSTEM_APP_EVENT [GUID="<Application GUID> " NAME="Sample Header App" TYPE="SAMPLEHEADER_APP" DOMAIN="<App Domain URL>" IDP="<IDP URL>" IDP_TYPE="<Identity Provider type>" REASON="ENABLE" SESSION_ID="<Session ID>" SUBJECT="user@<Domain.tld>" REMOTE_IP="-" USER_AGENT="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36"] Application: 'Sample Header App' action: 'ENABLE'

      2020-06-24T09:40:36.000-05:00 example.myaccessgateway.com ACCESSS_GATEWAY WEB_CONSOLE APP - INFO SYSTEM_APP_EVENT [GUID="<Application GUID>" NAME="Sample Header App" TYPE="SAMPLEHEADER_APP" DOMAIN="<App Domain URL>" IDP="<IDP URL>" IDP_TYPE="<Identity Provider type>" REASON="DISABLE" SESSION_ID="<Session ID> " SUBJECT="user@<Domain.tld>" REMOTE_IP="-" USER_AGENT="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36"] Application: 'Sample Header App' action: 'DISABLE'

      2020-06-24T09:40:36.000-05:00 example.myaccessgateway.com WEB_CONSOLE APP - INFO SYSTEM_APP_EVENT [GUID="<Applicatuin GUID> " NAME="Sample Header App" TYPE="SAMPLEHEADER_APP" DOMAIN="<App Domain URL>" IDP="<IDP URL>" IDP_TYPE="<Identity Provider type>" REASON="DELETE" SESSION_ID="<Session ID> " SUBJECT="admin" REMOTE_IP="-" USER_AGENT="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36"] Application: 'Sample Header App' action: 'DELETE'

    • Structured data:
      • GUID - Application identifier
      • NAME - Application name
      • TYPE - Application Type
      • DOMAIN - Application domain
      • IDP - IDP of application
      • IDP_TYPE- Okta or LOCAL
      • REASON - One of CREATE, UPDATE, DELETE, ENABLE or DISABLE
      • SESSION_ID - Iinternal session ID created for the user session
      • SUBJECT - User performing action, usually the admin
      • REMOTE_ID - IP address of user, if available
      • USER_AGENT - Browser details

    Certificate events

    Events logged when adding, updating, or assigning certificates. See About Access Gateway Certificates and Certificate management for more information.

    Invalid protected web resource value

    Description: While adding an application using the Access Gateway Admin UI console, an attempt was made to generate a self-signed certificate based on an invalid Protected web resource file.

    Messages:

    • 'value.gateway.info' is not a valid hostname.

    Examples:

    • 2020-08-10 15:40:10.938 ERROR 1336 --- [ XNIO-2 task-11] c.okta.oag.web.rest.CertificateResource : 'value.gateway.info' is not a valid hostname.
  • Structured data:
    • None
  • Corrective action :
    • Examine the value of the associated applications Protected web resource and try again.
  • Missing protected web resource value

    Description: While adding an application using the Access Gateway Admin UI console, an attempt was made to generate a self-signed certificate based on an invalid or missing Protected web resource file.

    Messages:

    • No value for relayDomain

    Examples:

    • 2020-08-10 15:36:49.769 ERROR 1336 --- [ XNIO-2 task-2] c.i.s.web.rest.ExceptionHandlerAdvice : handleExceptions org.springframework.boot.configurationprocessor.json.JSONException: No value for relayDomain
  • Structured data:
    • None
  • Corrective action :
    • Examine the value of the associated applications Protected web resource, correct any errors, and try again.
  • Can't read certificate

    Description: While adding or updating a certificate using the Access Gateway Management console, an invalid certificate was provided.

    Messages:

    • Failed to read certificate.

    Examples:

    • 2020-08-10 15:42:30.583 ERROR 1336 --- [ XNIO-2 task-11] com.okta.oag.service.CertificateService : Failed to read certificate from file /opt/oag/nginx/ssl//test.crt. Error: /opt/oag/nginx/ssl/test.crt (Permission denied) This is generated while reading certificate and any certificate is lacking read permission.
  • Structured data:
    • None
  • Corrective action :
    • Ensure that the certificate being uploaded is valid and check permissions.
  • Invalid certificate format

    Description: While adding or updating a certificate using the Access Gateway Management console, an invalid certificate was provided.

    Messages:

    • Error: Could not parse certificate.

    Examples:

    • 2020-08-10 15:41:51.682 ERROR 1336 --- [ XNIO-2 task-11] com.okta.oag.service.CertificateService : Failed parse certificate file /opt/oag/nginx/ssl//test.crt. Error: Could not parse certificate: java.io.IOException: Empty input This is generated when certificate file being read is not a valid PEM format certificate file i.e. parsing error.
  • Structured data:
    • None
  • Corrective action :
    • Ensure that the certificate being uploaded is valid and try again.
  • System status

    CONFIG_TEST

    Event issued when NGINX has completed its configuration check successfully.

    • Message: nginx: The configuration file /tmp/nginx/nginx.conf syntax is ok. nginx: configuration file /tmp/nginx/nginx.conf test is successful.
    • Example:
      2020-06-24T05:40:25.786-05:00 example.myaccessgateway.com OAG_MONITOR MONITOR NGINX INFO CONFIG_TEST [STATUS="VALID" UUID="<ID>"] nginx: the configuration file /tmp/nginx/nginx.conf syntax is ok nginx: configuration file /tmp/nginx/nginx.conf test is successful.

    • Structured data:
      • STATUS - Valid or invalid.
      • UUID - UUID of configuration.

    SYSTEM_STARTUP

    Event issues when the system start has completed.

    • Message: Startup complete, system ready.
    • Example:
      2020-06-24T10:05:56.000-05:00 example.myaccessgateway.com ACCESS_GATEWAY WEB_CONSOLE - - INFO SYSTEM_STARTUP [] Startup complete, system ready.
    • Structured data: none.

    SHUTDOWN

    Event issued when system shutdown has begun.

    • Message: Shutting down system.
    • Example:
      O2020-06-24T08:31:25.729-05:00 example.myaccessgateway.com OAG ADMIN_CONSOLE SYSTEM SHUTDOWN INFO SHUTDOWN [USER="oag-mgmt"] Shutting down system.
    • Structured data:
      • USER - User who performed the action.

    SYSTEM_IDP_STATUS

    Event issued when Access Gateway successfully connects with a configured identity provider.
    Event issued when Access Gateway can't connect with a configured identity provider.
    Event issued when an Access Gateway API token is invalid or expired.

    • Messages:
      Success confirming IDP status with: org.okta[preview].com.
      Failure confirming connectivity with IDP: <IDP URL>>. Please verify your network configuration.
      Failure validating security token with IDP: <IDP Domain>. Please validate token exists and is enabled.
    • Example success:
      2020-06-24T04:00:01.000-05:00 example.myaccessgateway.com ACCESS_GATEWAY WEB_CONSOLE IDP LOCAL INFO SYSTEM_IDP_STATUS [NAME="MyIDP" DOMAIN="someorg.oktapreview.com" TYPE="IDP_OKTA" RESULT="PASS" REASON="VALID"] Success confirming IDP status with: someorg.oktapreview.com.
    • Example: Network connectivity error
      2020-06-24T04:00:01.000-05:00 example.myaccessgateway.com ACCESS_GATEWAY WEB_CONSOLE IDP LOCAL INFO SYSTEM_IDP_STATUS [NAME="<IDP Name> IDP" DOMAIN="<IDP URL>" TYPE="<Identity Provider type>" RESULT="FAIL" REASON="INVALID_NETWORK_CONN"] Failure confirming connectivity with IDP: <IDP URL>>. Please verify your network configuration.
    • Example: Invalid API token
      2020-06-24T04:00:01.000-05:00 example.myaccessgateway.com ACCESS_GATEWAY WEB_CONSOLE IDP LOCAL INFO SYSTEM_IDP_STATUS [NAME="<IDP Name> IDP" DOMAIN="<IDP URL>" TYPE="<Identity Provider type>" RESULT="FAIL" REASON="INVALID_NETWORK_CONN"] Failure validating security token with IDP: <IDP Domain>. Please validate token exists and is enabled.
    • Structured data:
      • NAME - Name of IDP.
      • DOMAIN - Associated domain.
      • TYPE - Type of IDP. IDP_OKTA or LOCAL.
      • RESULT - PASS or FAIL.
      • REASON - Valid or reason for failure.

    SYSTEM_STARTUP

    Event issued when Access Gateway starts successfully.

    • Message: Startup complete, system ready.
    • Example:
      22020-06-24T09:40:52.000-05:00 ec2-18-209-113-130.compute-1.amazonaws.com ACCESS_GATEWAY WEB_CONSOLE - - INFO SYSTEM_STARTUP [] Startup complete, system ready.
    • Structured data: None

    Trusted Domains

    SYSTEM_TD_EVENT

    • Messages
      source_app_guid: "<guid>", source_app_name="<name of source app>",source_app_domain: "<source domain of application>".
      exception 'exception data' occurred.
    • Examples:
      When events are published:
      2020-07-15T04:46:38.000-04:00 localhost ACCESS_GATEWAY WEB_CONSOLE TRUSTED_DOMAINS - INFO SYSTEM_TD_EVENT [ SOURCE="APP" ACTION="UPDATE" ] source_app_guid: "61602a9d. . . ", source_app_name="Wikipedia SSO App", source_app_domain: "www.wikipedia.com"

      When errors occur:
      2020-07-15T04:46:38.000-04:00 localhost ACCESS_GATEWAY WEB_CONSOLE TRUSTED_DOMAINS ALERT SYSTEM_TD_EVENT [ SOURCE="APP" ACTION="UPDATE" ] Exception when disable/enable trusted domains: [Errno 13] Permission denied: '/opt/oag/events/trusteddomains.DISABLE.json'.

      When events are synchronized with an Okta tenant:
      2020-07-15T04:46:38.000-04:00 localhost ACCESS_GATEWAY WEB_CONSOLE TRUSTED_DOMAINS - INFO SYSTEM_TD_EVENT [ SOURCE="OKTA_TRUSTED_ORIGIN" ACTION="SYNC" ]
    • Structured data:
      • SOURCE - APP or OKTA_TRUSTED_ORIGIN.
      • ACTION -One of CREATE, UPDATE, DELETE or SYNCH. Indicating that the a trusted domain was added, updated, removed or synchronized.

      Note: Severity can be ALERT, INFO, or WARN.

    Kerberos

    SYSTEM_KRB5_EVENT

    Event issued when an action is performed on a Kerberos realm such as create, update, delete, activate, or deactivate.

    • MessageKerberos Realm: <Kerberos Realm> action: CREATE.
      Kerberos Realm: <Kerberos Realm> action: UPDATE
      Kerberos Realm: <Kerberos Realm> action: DELETE
    • Examples:
      2020-06-24T10:06:23.000-05:00 example.myaccessgateway.com ACCESS_GATEWAY WEB_CONSOLE KRB5 - INFO SYSTEM_KRB5_EVENT [REALM="<Kerberos Realm>" REASON="CREATE" SESSION_ID="<Session ID>" SUBJECT="admin" REMOTE_IP="-" USER_AGENT="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36"] Kerberos Realm: '<Kerberos Realm>' action: 'CREATE'

      2020-06-24T10:06:23.000-05:00 example.myaccessgateway.com ACCESS_GATEWAY WEB_CONSOLE KRB5 - INFO SYSTEM_KRB5_EVENT [REALM="<Kerberos Realm>" REASON="UPDATE" SESSION_ID="<Session ID>" SUBJECT="user@<Domain.tld>" REMOTE_IP="-" USER_AGENT="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36"] Kerberos Realm: '<Kerberos Realm>' action: 'UPDATE'

      O2020-06-24T10:06:23.000-05:00 example.myaccessgateway.com ACCESS_GATEWAY WEB_CONSOLE KRB5 - INFO SYSTEM_KRB5_EVENT [REALM="<Kerberos Realm>" REASON="DELETE" SESSION_ID="<Session ID>" SUBJECT="user@<Domain.tld>" REMOTE_IP="-" USER_AGENT="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36"] Kerberos Realm: '<Kerberos Realm>' action: 'DELETE'

    • Structured data
      • REALM - Associated Kerberos realm.
      • REASON - CREATE, UPDATE, or DELETE.
      • SESSION_ID - Associated local session id.
      • SUBJECT - User performing the action, usually the admin.
      • REMOTE_IP- Remote IP is available.
      • USER_AGENT - Remote operating system, browser, and so on.

     

    Authentication and Authorization

    USER_LOGIN

    Event issued when a user attempt to log in. See event for success or failure.

    • Message:User login success: user.
      User login failed: [user]
      Received an assertion that has expired. Check clock synchronization on IDP and SP.
    • Examples:
      2020-06-24T10:06:23.000-05:00 example.myaccessgateway.com ACCESS_GATEWAY WEB_CONSOLE AUTHN LOCAL INFO USER_LOGIN [SESSION_ID="<Session ID>" SUBJECT="<User login name>" TYPE="LOCAL" RESULT="PASS" REASON="VALID_CREDENTIALS" REMOTE_IP="-" USER_AGENT="Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.149 Safari/537.36"] User login success: user@<domain.tld>

      2020-06-24T10:06:23.000-05:00 example.myaccessgateway.com ACCESS_GATEWAY WEB_CONSOLE AUTHN LOCAL INFO USER_LOGIN [SESSION_ID="<Session ID> " SUBJECT="<User login name>" TYPE="LOCAL" RESULT="FAIL" REASON="INVALID_CREDENTIALS" REMOTE_IP="-" USER_AGENT=Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.149 Safari/537.36"] User login failed: user@<domain.tld>

      2020-06-24T10:06:23.000-05:00 example.myaccessgateway.com ACCESS_GATEWAY ACCESS AUTHN SAML INFO USER_AUTHN [SESSION_ID="<Session ID> " SESSION_AUTH="<Session AUTH Information> " SUBJECT="<User login name>" TYPE="SAML_2_0" SOURCE="IDP Source URL" SOURCE_TYPE="<Identity Provider type>" SOURCE_DOMAIN="<IDP URL>" SOURCE_AUTHN_TYPE="urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport" APP="Sample Header App" APP_DOMAIN="<App Domain URL>" RESULT="PASS" REASON="Valid SAML Assertion" REMOTE_IP="192.168.10.20" USER_AGENT="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36"] User login:user@<domain.tld>

      2020-06-24T10:06:23.000-05:00 example.myaccessgateway.com ACCESS_GATEWAY ACCESS AUTHN SAML ERROR USER_AUTHN [TYPE="SAML_2_0" TRACKER_ID="<Tracking ID>" SOURCE="https://<IDP URL>/app/template_saml_2_0/exkckwwaxvY3crKhn0h7/sso/saml" RESULT="FAIL" REASON="Invalid SAML Assertion" REMOTE_IP="192.168.10.192" USER_AGENT="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.62 Safari/537.36"] Received an assertion that has expired. Check clock synchronization on IdP and SP.

    • Structured data
      • SESSION_ID - LOCAL.
      • SUBJECT - Subject identifier, for example email address.
      • TYPE - SAML or the involved authentication module.
      • RESULT - PASS or FAIL
      • REASON- Valid credentials or reason for failure
      • REMOTE_IP- Remote IP is available
      • USER_AGENT - Remote operating system, browser, etc.

    USER_SESSION

    Event issued when a request for a session is issued.

    • Message:No session cookie. Sending to handler.
      Upgraded auth cookie. App session created.
      This should be investigated by your security group.
    • Example:
      2020-06-04T13:53:53.483-05:00 example.myaccessgateway.com ACCESS_GATEWAY ACCESS AUTHZ SESSION INFO USER_SESSION [SESSION_ID="<Session ID>" APP="Local OAG Admin Console" APP_TYPE="ADMINUI_APP" APP_DOMAIN="<Application Domain>" RESULT="DENY" REASON="NOT_EXIST" REMOTE_IP="10.63.182.118" USER_AGENT="Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.138 Safari/537.36"] No session cookie. Sending to handler.

      2020-06-04T13:53:53.483-05:00 example.myaccessgateway.com ACCESS_GATEWAY ACCESS AUTHZ SESSION INFO USER_SESSION [SESSION_ID="<Session ID>" SESSION_AUTH="<Session Auth ID>" SESSION_APP="e701ddf534554eab8ea671e884438b99" SUBJECT="<User login name>" APP="Sample Header App" APP_TYPE="SAMPLEHEADER_APP" APP_DOMAIN="<App Domain URL>" RESULT="ALLOW" REASON="VALID_AUTHCOOKIE" REMOTE_IP="" USER_AGENT="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36"] Upgraded auth cookie. App session created.

      2020-06-04T13:53:53.483-05:00 example.myaccessgateway.com ACCESS_GATEWAY ACCESS AUTHZ SESSION WARN USER_SESSION [SESSION_ID="<Session ID>" SESSION_AUTH="<Session Auth ID>" APP="Sample Header App" APP_TYPE="SAMPLEHEADER_APP" APP_DOMAIN="<App Domain URL>" RESULT="DENY" REASON="INVALID_AUTHCOOKIE" REMOTE_IP="" USER_AGENT="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36"] This should be investigated by your security group.

    • Structured data
      • SESSION_ID - Assigned session id, if it exists.
      • APP - Application name.
      • APP_TYPE - Application session was used against.
      • APP_DOMAIN - associated application domain.
      • RESULT- ALLOW or DENY.
      • REASON - Reason why request was allowed or denied.
      • REMOTE_IP - Remote IP from which user attempted to log in.
      • USER_AGENT- Remote operating system, browser, etc.

    USER_LOGOUT

    Event issues when a used logs out.

    • Message:User logout success: user@<Application Domain>.
    • Example:
      2020-06-04T13:53:59.986-05:00 example.myaccessgateway.com ACCESS_GATEWAY ACCESS AUTHN SESSION INFO USER_LOGOUT [SESSION_ID="<Session ID> " SUBJECT="user@<Application Domain.tld>" APP="Local OAG Admin Console" APP_TYPE="ADMINUI_APP" APP_DOMAIN="<Application Domain>"" RESULT="PASS" REASON="VALID_SESSION" REMOTE_IP="10.63.182.118" USER_AGENT="Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.138 Safari/537.36"] User logout success: user@<Application Domain.tld>.
    • Structured data
      • SESSION_ID - Assigned session id.
      • APP - Application name
      • APP_TYPE - Application session was used against. For example ADMINUI_APP.
      • APP_DOMAIN - associated application domain.
      • RESULT- ALLOW or DENY.
      • REASON - Reason why request was allowed or denied.
      • REMOTE_IP - Remote IP from which user attempted to log in.
      • USER_AGENT- Remote operating system, browser, etc.

    POLICY

    Event issued when a used attempts to access a resource.

    • Message: Allow access to resource.
      Deny access to resource.
    • Example:
      2020-06-24T09:40:55.667-05:00 example.myaccessgateway.com ACCESS_GATEWAY ACCESS AUTHZ POLICY INFO USER_AUTHZ [SESSION_ID="_8832d5961146a7d69baafe864b05eac3d5e3bb72bb" SUBJECT="admin@<Domain.tld>" RESOURCE="/" METHOD="GET" POLICY="root" POLICY_TYPE="PROTECTED" DURATION="0" APP="Local OAG Admin Console" APP_TYPE="ADMINUI_APP" APP_DOMAIN="gw-admin.saganich.com" RESULT="ALLOW" REASON="N/A - SESSIONID=_8832d5961146a7d69baafe864b05eac3d5e3bb72bb X-Authorization=admin@oag.okta.com username=admin X-SPGW-KEY=5b626d19e16f4d18ac42ef5d9cc8654a RelayDomain=gw-admin.domain.tld oag_username=admin@domain.tld UserName=admin@<Domain.tld >SourceAuthNType=urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport RemoteIP=10.0.0.110 USER_AGENT=Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.149 Safari/537.36 "] allow access to resource.

      2020-06-24T09:40:55.667-05:00 example.myaccessgateway.com ACCESS_GATEWAY ACCESS AUTHZ POLICY INFO USER_AUTHZ [SESSION_ID="_4a3fdbbc52dadda2109e0e789098f9b473d4f68c7e" SUBJECT="user@<Domain.tld>" RESOURCE="/alt" METHOD="GET" POLICY="altroot" POLICY_TYPE="PROTECTED_REGEX" DURATION="0" APP="Sample Header App" APP_TYPE="SAMPLEHEADER_APP" APP_DOMAIN="<App Domain URL>" RESULT="DENY" REASON="Groups=(?!.*Everyone:) - SESSIONID=_4a3fdbbc52dadda2109e0e789098f9b473d4f68c7e RelayDomain=<App Domain URL> static_a=aaaaa static-b=bbbbb staticc=ccccc _staticd=ddddd -statice=eeeee staticcookie=1234 secret=secretvalue spgw_username=<User login name> UserName=<User login name> login=<User login name> firstname=<User first name> lastname=<User last name> email=<User login name> samplecookie<User first name> Groups=Everyone:Group A:Group C:Group E:Group B: SourceAuthNType=urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport RemoteIP=192.168.10.20 USER_AGENT=Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36 creationTime=1507265129865 maxInactiveInterval=3600000 maxActiveInterval=28800000 lastAccessedTime=1507265129865 " REMOTE_IP="" USER_AGENT="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36"] deny access to resource
    • Structured data
      • SESSION_ID - Assigned session id.
      • SUBJECT - Requestor
      • RESOURCE- Requested resource
      • METHOD-Request method.
      • POLICY-Applied policy
      • POLICY_TYPE-One of the policy types.
      • DURATION-Duration of request
      • APP - Application name
      • APP_TYPE - Application session was used against. For example ADMINUI_APP.
      • APP_DOMAIN - associated application domain.
      • RESULT- ALLOW or DENY.
      • REASON - Reason why request was allowed or denied. Including a variety of other policy related information.

    Connectivity and validation

    CHECK_CONNECTION

    Event issued when an application is being added. <Application Domain> is tested to determine if it's valid or invalid.

    See also CHECK_HOST.

    • Message:Host <Application Domain> not found.
    • Example :
      2020-06-24T09:41:16.766-05:00 example.myaccessgateway.com CHECK_HOST HOST_IP_CHECK INFO HOST [USER="admin" <Application Domain>] Host <Application Domain> not found
    • Structured data
      • USER - Internal user running the check.
      • Application domain used in application,

    CHECK_HOST

    Event issued immediate after a check connection is performed.  Results of the check are noted in message.

    • Message:Ncat: Connection refused.
    • Example :
      2020-06-24T09:45:28.024-05:00 example.myaccessgateway.com CHECK_HOST checkConnection.sh INFO 10.0.0.1 7001 [USER="admin"] Ncat: Connection refused.
    • Structured data
      • USER - Internal user running the command.

    ACCESS AUTHN - - STORE

    Event issued immediately after a check connection is performed.  Results of the check are noted in message.

    • Message: Store failed during initialization.
    • Example :
      22020-06-25T14:18:52.458-05: example.store.com ACCESS_GATEWAY ACCESS AUTHN FAILED WARN STORE [STORE_NAME="Name of datastore - Entry DN" FAILURE_COUNT="3"] Store failed during initialization.
    • Structured data
      • STORE_NAME - Name of the data store, which failed to initialize.
      • FAILURE_COUNT - Number of attempts to access the store.