33.1 JavaScript Object Notation (JSON) Event Format

This event is generated when you select Risk-Based Authentication Succeeded under Audit Logging on the Logging page of an Identity Server configuration.

The following is a sample JSON event format:

{
"appName" : "Novell Access Manager",
"Component" : "nidp",
"timeStamp" : "Fri, 31 Jul 2015 17:30:57 +0530",
"eventId" : "002E0025",
"Description": "NIDS: Risk based additional authentication executed successfully   for user",
"Originator": "9772686A5705BA6C",
"Target": "cn=admin,o=novell",
"SubTarget": "3883A05A302BA3BDC7899AF05810B08B",
"stringValue1": "35",
"stringValue2": "medium",
"stringValue3": "null",
"numericValue1": "0",
"numericValue2": "0",
"numericValue3": "0",
"Data": "MTY0Ljk5LjEzNy41Mg==",
"Message": "[Fri, 31 Jul 2015 17:30:57 +0530] [Novell Access Manager\nidp]: AMDEVICEID#9772686A5705BA6C: AMAUTHID#YfdEmqCT2ZutwybD1eYSpfph8g5a5aMl6MGryq1hIqc=: Risk based authentication successful for user: [cn=admin,o=novell]. RiskScore: [35] RiskLevel: [Medium] Additional authentication class: [$SF] Client IP Address: [164.99.137.52]",
}

NOTE:The IP address is encoded in the base64 format.

The following table lists the event fields with its corresponding description:

Field

Description

appName

Specifies the name of the product.

Component

Specifies the name of the Access Manager component. For example, “nipd” identifies that the audit is triggered by Identity Server.

timeStamp

Specifies the time when the event occurred.

eventId

Specifies the event ID. For example, 002E0025. To view all the events and their corresponding event IDs, see the below sections.

Description

Describes the event.

Originator

Specifies the ID of the device that generated this event. For example, 9772686A5705BA6C is the device with ID “idp-9772686A5705BA6C”

Target

Specifies the target on which this action is executed. In the above example, the action is risk-based authentication, hence the target is the user ID for that the risk was assessed.

SubTarget

Specifies the additional details about the target.

stringValue1

Specifies an event-specific string value. The value of this field varies from event to event. For example, it is null if the event has no value to pass.

stringValue2

Specifies an event-specific string value. The value of this field varies from event to event. For example, it is null if the event has no value to pass.

stringValue3

Specifies an event-specific string value. The value of this field varies from event to event. For example, it is null if the event has no value to pass.

numbericValue1

Specifies an event-specific string value. The value of this field varies from event to event. For example, it is null if the event has no value to pass.

numbericValue2

Specifies an event-specific string value. The value of this field varies from event to event. For example, it is null if the event has no value to pass.

numbericValue3

Specifies an event-specific string value. The value of this field varies from event to event. For example, it is null if the event has no value to pass.

Data

Specifies an event-specific data.

Message

Specifies a friendly detailed message related to the event.

NOTE:The Syslog agents use the rfc3164 message format. See RFC 3164 documentation.