This event is generated when you select Risk-Based Authentication Succeeded under Audit Logging on the Logging page of an Identity Server configuration.
The following is a sample JSON event format:
{
"appName" : "Novell Access Manager",
"Component" : "nidp",
"timeStamp" : "Fri, 31 Jul 2015 17:30:57 +0530",
"eventId" : "002E0025",
"Description": "NIDS: Risk based additional authentication executed successfully for user",
"Originator": "9772686A5705BA6C",
"Target": "cn=admin,o=novell",
"SubTarget": "3883A05A302BA3BDC7899AF05810B08B",
"stringValue1": "35",
"stringValue2": "medium",
"stringValue3": "null",
"numericValue1": "0",
"numericValue2": "0",
"numericValue3": "0",
"Data": "MTY0Ljk5LjEzNy41Mg==",
"Message": "[Fri, 31 Jul 2015 17:30:57 +0530] [Novell Access Manager\nidp]: AMDEVICEID#9772686A5705BA6C: AMAUTHID#YfdEmqCT2ZutwybD1eYSpfph8g5a5aMl6MGryq1hIqc=: Risk based authentication successful for user: [cn=admin,o=novell]. RiskScore: [35] RiskLevel: [Medium] Additional authentication class: [$SF] Client IP Address: [164.99.137.52]",
}
NOTE:The IP address is encoded in the base64 format.
The following table lists the event fields with its corresponding description:
|
Field |
Description |
|---|---|
|
appName |
Specifies the name of the product. |
|
Component |
Specifies the name of the Access Manager component. For example, “nipd” identifies that the audit is triggered by Identity Server. |
|
timeStamp |
Specifies the time when the event occurred. |
|
eventId |
Specifies the event ID. For example, 002E0025. To view all the events and their corresponding event IDs, see the below sections. |
|
Description |
Describes the event. |
|
Originator |
Specifies the ID of the device that generated this event. For example, 9772686A5705BA6C is the device with ID “idp-9772686A5705BA6C” |
|
Target |
Specifies the target on which this action is executed. In the above example, the action is risk-based authentication, hence the target is the user ID for that the risk was assessed. |
|
SubTarget |
Specifies the additional details about the target. |
|
stringValue1 |
Specifies an event-specific string value. The value of this field varies from event to event. For example, it is null if the event has no value to pass. |
|
stringValue2 |
Specifies an event-specific string value. The value of this field varies from event to event. For example, it is null if the event has no value to pass. |
|
stringValue3 |
Specifies an event-specific string value. The value of this field varies from event to event. For example, it is null if the event has no value to pass. |
|
numbericValue1 |
Specifies an event-specific string value. The value of this field varies from event to event. For example, it is null if the event has no value to pass. |
|
numbericValue2 |
Specifies an event-specific string value. The value of this field varies from event to event. For example, it is null if the event has no value to pass. |
|
numbericValue3 |
Specifies an event-specific string value. The value of this field varies from event to event. For example, it is null if the event has no value to pass. |
|
Data |
Specifies an event-specific data. |
|
Message |
Specifies a friendly detailed message related to the event. |
NOTE:The Syslog agents use the rfc3164 message format. See RFC 3164 documentation.