Open topic with navigation

Platform Events

The following table lists the information contained in audit events related to the Logger platform. All events include the following fields.

Additional fields (if applicable) are listed in the following table.

Device Event Class ID

Sev.

Device Event Category (cat)

Message

Additional Fields

platform:200

5

/Platform/Authentication/
PasswordChange/Failure

Failed password change

 

platform:201

7

/Platform/Authentication/Failure

Failed login attempt

 

platform:202

5

/Platform/Authentication/
PasswordChange

Password changed

cs1: Affected User Id
cs2: Affected User Login
cs3: Affected User Full Name

platform:203

7

/Platform/Authentication/
InactiveUser/Failure

Login attempt by inactive user

 

platform:205

7

/Platform/Authentication/PasswordChange/AdminFailure

Automated password reset attempt made for admin account

duser: admin

platform:207

7

/Platform/Authentication/PasswordChange/UnknownUser

Automated password reset attempted for non-existent user

duser: username

cs1: username

platform:213

7

/Platform/Configuration
/Global/AuditEvents

Audit forwarding modified

cs1: Audit Forwarders

platform:220

5

/Platform/Certificate
/Install

Installed certificate

cs1: Network Protocol

platform:221

7

/Platform/Certificate/Mismatch

Certificate mismatch failure

cs1: Network Protocol

platform:222

1

/Platform/Certificate/Request

Created certificate signing request

cs1: Certificate Signing Request
cs2: Network Protocol

platform:224

5

/Platform/Certificate/
Regenerate

Re-generate self-signed certificate

cs1: Certificate Signing Request
cs2: Network Protocol

platform:226

7

/Platform/Update/Failure/
CorruptPackage

Uploaded update file damaged or corrupt

cs1: Error
cs2: fname
cs3: fsize

platform:227

5

/Platform/Update/Applied

Update installation success

cs1: Update Name
cs2: Is Reboot Required

platform:228

7

/Platform/Update/Failure
/Installation

Update installation failure

cs1: Error
cs2: Update Name

platform:230

3

/Platform/Authentication
/Login

Successful login

 

platform:234

7

/Platform/Authentication
/Failure/LOCKED

Failed login attempt (LOCKED)

 

platform:239

3

/Platform/Authentication
/Logout

User logout

 

platform:240

3

/Platform/Authorization
/Groups/Add

Added user group

cn2: Current Number of Users
cn3: Current Number of User Rights
cs1: Affected Group Name
cs2: Affected Group Id
flexNumber1: Old Number of Users
flexNumber2: Old Number of User Rights

platform:241

3

/Platform/Authorization
/Groups/Update

Updated user group

cn2: Current Number of Users
cn3: Current Number of User Rights
cs1: Affected Group Name
cs2: Affected Group Id
flexNumber1: Old Number of Users
flexNumber2: Old Number of User Rights

platform:242

5

/Platform/Authorization
/Groups/Membership
/Update/Clear

Removed all members from group

 

platform:243

3

/Platform/Authorization
/Groups/Membership/Update

Modified user group membership

 

platform:244

3

/Platform/Authorization
/Groups/Delete

Deleted user group

cs1: Affected Group Name
cs2: Affected Group Id

platform:245

3

/Platform/Authorization
/Users/Add

Added user

cs1: Affected User Id
cs2: Affected User Login
cs3: Affected User Full Name

platform:246

3

/Platform/Authorization
/Users/Update

Updated user

cs1: Affected User Id
cs2: Affected User Login
cs3: Affected User Full Name

platform:247

3

/Platform/Authorization/Users
/Delete

Deleted user

cs1: Affected User Id
cs2: Affected User Login
cs3: Affected User Full Name

platform:248

3

/Platform/Authentication
/Logout/SessionExpiration

Session expired

 

platform:249

7

/Platform/Authentication
/AccountLocked

Account locked

 

platform:250

5

/Platform/Storage/RFS
/Add

Added remote mount point

cs1: RFS Mount Name
cs2: RFS Mount Host and Remote Path

platform:251

5

/Platform/Storage/RFS
/Edit

Edited remote mount point

cs1: RFS Mount Name
cs2: RFS Mount Host and Remote Path

platform:252

7

/Platform/Storage/RFS
/Failure

Failed to create remote mount point

cs1: Server
cs2: Remote Directory
cs3: Mount Name
cs4: Mount Type
cs5: Username

platform:253

5

/Platform/Storage/RFS
/Remove

Removed remote mount point

cs1: RFS Mount Name
cs2: RFS Mount Host and Remote Path

platform:254

5

/Platform/Storage/SAN
/Destroy

Destroyed SAN Logical Unit

cs1: Volume label

platform:255

5

/Platform/Storage/SAN
/Attach

Attached SAN Logical Unit

cn2: Volume size (in MB)
cs1: Volume label
cs2: World-wide Name
cs3: Filesystem type

platform:256

7

/Platform/Storage/SAN
/Detach

Detached SAN Logical Unit

cs1: Storage unit details

platform:259

5

/Platform/Storage/SAN
/Reattach

Reattached SAN Logical Unit

cs1: Volume label
cs2: Filesystem type

platform:260

5

/Platform/Configuration
/Network/Route/Update

Static route modified

cs1: Destination
cs2: Subnet
cs3: Gateway

platform:261

5

/Platform/Configuration
/Network/Route/Remove

Static route removed

cs1: Destination
cs2: Subnet
cs3: Gateway

platform:262

5

/Platform/Configuration
/Time

Appliance time modified

cs1: Old Date/Time
cs2: New Date/Time
cs3: Old Time Zone
cs4: New Time Zone

platform:263

5

/Platform/Configuration
/Network

NIC settings modified

cs1: NIC
cs2: IP Address
cs3: Netmask
cs4: Speed

platform:264

5

/Platform/Configuration
/Network/NTP

NTP server settings modified

cs1: NTP Servers
cs2: Is Appliance NTP Server

platform:265

5

/Platform/Configuration
/Network/DNS

DNS settings modified

 

platform:266

5

/Platform/Configuration
/Network/Hosts

Hosts file modified

cs1: Difference from previous hosts file

platform:267

5

/Platform/Configuration
/SMTP

SMTP settings modified

cs1: EMail Address
cs2: SMTP Server
cs3: Backup SMTP Server
cs4: Username SMTP Server
cs5: Username Backup SMTP Server
cs6: SMTP Auth/TLs Mode

platform:268

5

/Platform/Configuration
/Network/Route/Add

Static route added

cs1: Destination
cs2: Subnet
cs3: Gateway

platform:270

5

/Platform/Authorization
/Users/Inactive/Disable

Inactive user disabled

cs1: User Login
deviceCustomDate1: Date Last Active

platform:280

7

/Appliance/State/Reboot
/Initiate

Appliance reboot initiated

 

platform:281

3

/Appliance/State/Reboot
/Cancel

Appliance reboot canceled

 

platform:282

7

/Appliance/State/
Shutdown

Appliance poweroff initiated

 

platform:284

5

/Platform/Storage/
Multipathing/Enable

Enabled SAN Multipathing

cs1: Multipath Configuration

platform:285

5

/Platform/Storage/
Multipathing/Disable

Disabled SAN Multipathing

 

platform:300

5

/Platform/Certificate
/Install

Installed trusted certificate

cs1: Certificate details

platform:301

5

/Platform/Certificate
/Revocation/Install

Installed certificate revocation list

cs1: CRL details

platform:302

5

/Platform/Certificate/Delete

Deleted trusted certificate

cs1: Certificate details

platform:303

5

/Platform/Certificate/
Revocation/Delete

Deleted certificate revocation list

cs1: CRL details

platform:304

7

/Platform/Certificate/
Install/Failure

Failed installing trusted certificate

cs1: Error
cs2: File Size
cs3: File Name

platform:305

7

/Platform/Certificate/
Revocation/Install/Failure

Failed installing certificate revocation list

cs1: Error
cs2: File Size
cs3: File Name

platform:306

5

/Platform/Process/Start

Start process

cs1: Process Name

platform:307

5

/Platform/Process/Stop

Stop process

cs1: Process Name

platform:308

5

/Platform/Process/Restart

Restart process

cs1: Process Name

platform:310

5

/Platform/Configuration
/FIPS/Enable

Enabled FIPS mode

 

platform:311

7

/Platform/Configuration
/FIPS/Disable

Disabled FIPS mode

 

platform:312

7

/Platform/Configuration
/WebServer/CipherStrength

Web server cipher strength changed

cs1: New Value
cs2: Old Value

platform:320

3

/Appliance/State
/Shutdown/Cancel

Appliance poweroff canceled

 

platform:371

5

/Platform/Service/Restart

Restarted OS service

cs1: Service Name

platform:400

2

/Platform/Diagnostics
/Command

Ran diagnostic command

cs1: Diagnostic Command

platform:407

7

/Platform/Certificate
/SSL/Expiration

SSL certificate expiration warning

cs1: Issuer
cs2: Subject
deviceCustomDate1: Expiration Date

platform:408

5

/Appliance/State/Startup

Appliance startup completed

deviceCustomDate1: Startup Date

platform:409

3

/Platform/Configuration
/LoginBanner

Configure login warning banner

cs1: Acknowledgment Prompt
cs2: Banner Text

platform:410

5

/Platform/Configuration
/Network

Network settings modified

cs1: Gateway
cs2: Multi-homing
cs3: Hostname

platform:411

5

/Platform/Authentication
/PasswordChange

Automated Password Reset

cn2: User ID
cs1: User Login

platform:412

3

/Platform/Configuration
/Locale

Set Locale

cs1: Locale

platform:440

3

/Platform/Configuration/
SNMP

SNMP configuration modified

cn2: Port Number
cn3: Refresh Interval
cs1: SNMP Enabled
cs2: Community String
cs3: Listen Address(es)

platform:460

3

/Platform/Network/Alias/Add

NIC alias added

cs1: NIC
cs2: IP Address
cs3: Netmask

platform:462

3

/Platform/Network/Alias

/Remove

NIC alias removed

cs1: NIC
cs2: IP Address
cs3: Netmask

platform:500

5

/Platform/Authorization
/Groups/Membership
/Remove

Remove member from group

cs1: Affected Group Name
cs2: Affected User Login
cs3: Affected Group Id
cs4: Affected User Id

platform:501

5

/Platform/Authorization
/Groups/Membership/Add

Group member added

cs1: Affected Group Name
cs2: Affected User Login
cs3: Affected Group Id
cs4: Affected User Id

platform:502

5

/Platform/Authorization
/Users/Groups/Remove

User removed from group

cs1: Affected Group Name
cs2: Affected User Login
cs3: Affected Group Id
cs4: Affected User Id

platform:503

5

/Platform/Authorization
/Users/Groups/Add

User added to group

cs1: Affected Group Name
cs2: Affected User Login
cs3: Affected Group Id
cs4: Affected User Id

platform:530

5

/Platform/Configuration
/Authentication/Sessions
/Success

Authentication Session settings successfully changed.

cn2: New Value
cn3: Old Value
cs1: Parameter Changed

platform:540

5

/Platform/Configuration
/Authentication/Password
/Lockout/Success

Password Lockout settings successfully updated.

cn2: New Value
cn3: Old Value
cs1: Parameter Changed

platform:550

5

/Platform/Configuration
/Authentication/Password
/Expiration/Success

Password Expiration settings successfully updated.

cn2: New Value
cn3: Old Value
cs1: Parameter Changed

platform:560

5

/Platform/Configuration
/Authentication/Password
/Validation/Success

Password Validation settings successfully updated.

cn2: New Value
cn3: Old Value
cs1: Parameter Changed

platform:570

5

/Platform/Configuration
/Authentication/Password
/AutomatedPasswordReset
/Success

Password Automated Password Reset setting successfully updated.

cs1: Parameter Changed
cs2: New Value
cs3: Old Value

platform:580

5

/Platform/Configuration
/Authentication/Certificate
/Success

Client Certificate authentication settings successfully changed.

cs1: Parameter Changed
cs2: New Value
cs3: Old Value

platform:590

5

/Platform/Configuration
/Authentication/RADIUS
/Success

RADIUS authentication settings successfully changed.

cs1: Parameter Changed
cs2: New Value
cs3: Old Value

platform:600

5

/Platform/Configuration
/Authentication/LDAP/
Success

LDAP authentication settings successfully changed.

cs1: Parameter Changed
cs2: New Value
cs3: Old Value

platform:610

5

/Platform/Configuration
/Authentication/Global
/Success

Global Authentication settings successfully changed.

cs1: Parameter Changed
cs2: New Value
cs3: Old Value