33.0 Access Manager Audit Events and Data

Each Access Manager event contains the following details:

EventID
Description
Originator Title
Target Title
Subtarget Title
Text1 Title
Text2 Title
Text3 Title
Value1 Title
Value1 Type
Group Title
Data Length
Data Type values stored.

Each field contains a single character token (such as B, U, Y, and so on) that represent the data fields of the audit event, with each letter representing a different data field. The mapping of the character tokens to data fields is found in the nids_en.lsc file. You can find this file in /etc/ folder inside AC/AG/IDP.

Audit events are device-specific. You can select events for the following devices:

Administration Console: Click Auditing.
Identity Server: Click Devices > Identity Servers > Edit > Auditing and > Logging.
Access Gateway: Click Devices > Access Gateways > Edit > Auditing.

Topics include:

JavaScript Object Notation (JSON) Event Format
NIDS: Sent a Federate Request (002e0001)
NIDS: Received a Federate Request (002e0002)
NIDS: Sent a Defederate Request (002e0003)
NIDS: Received a Defederate Request (002e0004)
NIDS: Sent a Register Name Request (002e0005)
NIDS: Received a Register Name Request (002e0006)
NIDS: Logged Out an Authentication that Was Provided to a Remote Consumer (002e0007)
NIDS: Logged out a Local Authentication (002e0008)
NIDS: Provided an Authentication to a Remote Consumer (002e0009)
NIDS: User Session Was Authenticated (002e000a)
NIDS: Failed to Provide an Authentication to a Remote Consumer (002e000b)
NIDS: User Session Authentication Failed (002e000c)
NIDS: Received an Attribute Query Request (002e000d)
NIDS: User Account Provisioned (002e000e)
NIDS: Failed to Provision a User Account (002e000f)
NIDS: Web Service Query (002e0010)
NIDS: Web Service Modify (002e0011)
NIDS: Connection to User Store Replica Lost (002e0012)
NIDS: Connection to User Store Replica Reestablished (002e0013)
NIDS: Server Started (002e0014)
NIDS: Server Stopped (002e0015)
NIDS: Server Refreshed (002e0016)
NIDS: Intruder Lockout (002e0017)
NIDS: Severe Component Log Entry (002e0018)
NIDS: Warning Component Log Entry (002e0019)
NIDS: Failed to Broker an Authentication from Identity Provider to Service Provider as Identity Provider and Service Provider Are not in Same Group (002E001A)
NIDS: Failed to Broker an Authentication from Identity Provider to Service Provider Because a Policy Evaluated to Deny (002E001B)
NIDS: Brokered an Authentication from Identity Provider to Service Provider (002E001C)
NIDS: Web service Request was authenticated (002e001D)
NIDS: Web service Request for authentication Failed (002e001E)
NIDS: OAuth2 Authorization code issued (002e0028)
NIDS: OAuth2 token issued (002e0029)
NIDS: OAuth2 Authorization code issue failed (002e0030)
NIDS: OpenID token issued (002e0031)
NIDS: OAuth2 refresh token issued (002e0032)
NIDS: OAuth2 token issue failed (002e0033)
NIDS: OpenID token issue failed (002e0034)
NIDS: OAuth2 refresh token issue failed (002e0035)
NIDS: OAuth2 client has been registered successfully (002e0036)
NIDS: OAuth2 client has been modified successfully (002e0037)
NIDS: OAuth2 client has been deleted successfully (002e0038)
NIDS: OAuth2 user has provided consent (002e0039)
NIDS: OAuth2 user has revoked consent (002e0040)
NIDS: OAuth2 token validation success (002e0041)
NIDS: OAuth2 token validation failed (002e0042)
NIDS: OAuth2 client registration failed (002e0043)
NIDS: OAuth2 refresh token revoked success (002e0055)
NIDS: OAuth2 refresh token revocation failed (002e0056)
NIDS: OAuth2 Authorization none issued (002e0057)
NIDS: OAuth2 OIDC Front-Channel Logout Success (002e0058)
NIDS: OAuth2 AA Authorization Code Exchange (002e0071)
NIDS: OAuth2 AA Access Token Exchange (002e0072)
NIDS: Step-up authentication (002e0719)
NIDS: Roles PEP Configured (002e0300)
NIDS: Risk-Based Authentication Action for User (002e0045)
NIDS: Risk-Based Authentication Action for User (002e0046)
NIDS: Risk-Based Authentication Action for User (002e0047)
NIDS: Token was Issued to Web Service (002E001F)
NIDS: Issued a Federation Assertion (002E0102)
NIDS: Received a Federation Assertion (002E0103)
NIDS: Assertion Information (002E0104)
NIDS: Sent a Federation Request (002E0105)
Access Gateway: PEP Configured (002e0301)
Roles Assignment Policy Evaluation (002e0320)
Access Gateway: Authorization Policy Evaluation (002e0321)
Access Gateway: Form Fill Policy Evaluation (002e0322)
Access Gateway: Identity Injection Policy Evaluation (002e0323)
Access Gateway: Access Denied (0x002e0505)
Access Gateway: URL Not Found (0x002e0508)
Access Gateway: System Started (0x002e0509)
Access Gateway: System Shutdown (0x002e050a)
Access Gateway: Identity Injection Parameters (0x002e050c)
Access Gateway: Identity Injection Failed (0x002e050d)
Access Gateway: Form Fill Authentication (0x002e050e)
Access Gateway: Form Fill Authentication Failed (0x002e050f)
Access Gateway: URL Accessed (0x002e0512)
Access Gateway: IP Access Attempted (0x002e0513)
Access Gateway: Webserver Down (0x002e0515)
Access Gateway: All WebServers for a Service is Down (0x002e0516)
Access Gateway: Application Accessed (002E0514)
Access Gateway: Session Created (002E0525)
Management Communication Channel: Health Change (0x002e0601)
Management Communication Channel: Device Imported (0x002e0602)
Management Communication Channel: Device Deleted (0x002e0603)
Management Communication Channel: Device Configuration Changed (0x002e0604)
Management Communication Channel: Device Alert (0x002e0605)
Management Communication Channel: Statistics (002e0606)
Risk-Based Authentication Successful (002e0025)
Risk-Based Authentication Failed (002e0026)
Risk-Based Authentication for User (002e0027)
Impersonation Sign in (002E0048)
Impersonation: Impersonator Logs Out (002E0049)
Impersonation: Session Started (002E0050)
Impersonation: Impersonatee Denies (002E0051)
Impersonation: Impersonatee Approves (002E0052)
Impersonation: Impersonator Cancels (002E0053)
Impersonation: Authorization Policy Fails (002E0054)