Log event types
Log event types include:
Access requests
These are examples of access request logs. To view STA access logs, open the STA Access Management console and select Access Logs.
Success
{
"logVersion": "1.0",
"category": "AUDIT",
"timeStamp": "2020-02-04T09:38:46.526Z",
"id": "9ac24938-3aa3-4eb3-b725-adce670d78fd",
"context": {
"tenantId": "BWUD0CN4AD-STA",
"originatingAddress": "10.164.110.109",
"principalId": "darwin",
"globalAccessId": "93b27499-84f2-4181-aff2-002725b2836c",
"applicationType": "SAML",
"applicationName": "MyApplication",
"scenarioName": "Windows only",
"policyName": "Global Policy for STA"
},
"details": {
"type": "ACCESS_REQUEST",
"state": "Accepted",
"action": "auth",
"credentials": [
{
"type": "otp",
"state": "Verified"
}
]
}
}
Denied
{
"logVersion": "1.0",
"category": "AUDIT",
"timeStamp": "2020-02-04T10:02:56.686Z",
"id": "fa538a71-9c10-4ea5-89c8-d62b1555ac5b",
"context": {
"tenantId": "BWUD0CN4AD-STA",
"originatingAddress": "10.164.110.109",
"principalId": "darwin",
"sessionId": "481b9b70-4d30-45a0-adc4-a04251b18796",
"globalAccessId": "a7598eb3-d39f-4eff-92f2-25dda5a1fab8",
"applicationType": "SAML",
"applicationName": "MyApplication",
"policyName": "pol21111sdfvs nn test aaaa"
},
"details": {
"type": "ACCESS_REQUEST",
"state": "Denied",
"reason": "SASIDP_DENIED_PER_POLICY",
"action": "auth"
}
}
Failure
{
"logVersion": "1.0",
"category": "AUDIT",
"timeStamp": "2020-02-04T10:01:16.315Z",
"id": "06607494-752d-4ea7-a3af-1643180b1f0c",
"context": {
"tenantId": "BWUD0CN4AD-STA",
"originatingAddress": "10.164.110.109",
"principalId": "darwin",
"sessionId": "080e6d46-1d36-4035-9630-0904e514cd79",
"globalAccessId": "12743ed1-dbef-4e1f-a4a6-965e9ff5e86e",
"applicationType": "SAML",
"applicationName": "MyApplication",
"scenarioName": "Windows only",
"policyName": "Global Policy for STA"
},
"details": {
"type": "ACCESS_REQUEST",
"state": "Failed",
"reason": "SASIDP_INVALID_CREDENTIALS",
"action": "auth",
"credentials": [
{
"type": "otp",
"state": "Failed"
}
]
}
},
Authentications
These are examples of authentication logs. These logs relate to access attempt events represented by the globalAccessId field. To view authentication details about individual access logs, open the STA Access Management console and select Access Logs.
Success
{
"logVersion": "1.0",
"category": "AUDIT",
"timeStamp": "2020-02-04T09:38:31.7303217Z",
"id": "GdWQD3ABVUFSs1A-_ML0",
"context": {
"tenantId": "BWUD0CN4AD",
"originatingAddress": "10.164.110.109",
"principalId": "darwin",
"globalAccessId": "93b27499-84f2-4181-aff2-002725b2836c"
},
"details": {
"type": "AUTHENTICATION",
"serial": "0",
"action": "0",
"actionText": "AUTH_ATTEMPT",
"result": "1",
"resultText": "AUTH_SUCCESS",
"agentId": "14",
"message": "Login from MyApplication.",
"usedName": "darwin",
"credentialType": "MobilePASS"
}
},
Challenged
{
"logVersion": "1.0",
"category": "AUDIT",
"timeStamp": "2020-02-04T10:00:52.8684653Z",
"id": "5NalD3ABVUFSs1A-dCEC",
"context": {
"tenantId": "BWUD0CN4AD",
"originatingAddress": "10.164.110.109",
"principalId": "darwin",
"globalAccessId": "12743ed1-dbef-4e1f-a4a6-965e9ff5e86e"
},
"details": {
"type": "AUTHENTICATION",
"serial": "0",
"action": "0",
"actionText": "AUTH_ATTEMPT",
"result": "2",
"resultText": "CHALLENGE",
"agentId": "14",
"message": "Login from MyApplication.",
"usedName": "darwin",
"credentialType": "MobilePASS"
}
},
Failed
{
"logVersion": "1.0",
"category": "AUDIT",
"timeStamp": "2020-02-04T10:00:57.9745716Z",
"id": "UtalD3ABVUFSs1A-miP3",
"context": {
"tenantId": "BWUD0CN4AD",
"originatingAddress": "10.164.110.109",
"principalId": "darwin",
"globalAccessId": "12743ed1-dbef-4e1f-a4a6-965e9ff5e86e"
},
"details": {
"type": "AUTHENTICATION",
"serial": "0",
"action": "0",
"actionText": "AUTH_ATTEMPT",
"result": "0",
"resultText": "AUTH_FAILURE",
"agentId": "14",
"message": "Invalid password. Login from MyApplication.",
"usedName": "darwin",
"credentialType": "MobilePASS"
}
},
Changes to STA
These are examples of audit logs. To view STA audit logs, open the STA Access Management console and select Audit Logs.
Update application (rename)
{
"logVersion": "1.0.0",
"category": "AUDIT",
"timeStamp": "2020-02-05T10:32:09.312Z",
"id": "HTfoFHABwC51I5YSQMYV",
"context": {
"tenantId": "BWUD0CN4AD-STA",
"originatingAddress": "10.164.110.186",
"principalId": "opa"
},
"details": {
"type": "AUDIT",
"description": "Operator Activity",
"operationType": "UPDATE",
"operationObjectType": "Application",
"operationObjectName": "MyApplication"
}
}
Update policy (disable)
{
"logVersion": "1.0.0",
"category": "AUDIT",
"timeStamp": "2020-02-05T10:34:05.905Z",
"id": "yDfqFHABwC51I5YSBPTk",
"context": {
"tenantId": "BWUD0CN4AD",
"originatingAddress": "10.164.110.186",
"principalId": "opa"
},
"details": {
"type": "AUDIT",
"description": "Operator Activity",
"operationType": "DEACTIVATE",
"operationObjectType": "Policy",
"operationObjectName": "MyPolicy"
}
}
Update branding (change color)
{
"logVersion": "1.0.0",
"category": "AUDIT",
"timeStamp": "2020-02-05T10:40:04.149Z",
"id": "czfvFHABwC51I5YSfPhO",
"context": {
"tenantId": "BWUD0CN4AD-STA",
"originatingAddress": "10.164.110.186",
"principalId": "opa"
},
"details": {
"type": "AUDIT",
"description": "Operator Activity",
"operationType": "UPDATE",
"operationObjectType": "Settings",
"operationObjectName": "Branding"
}
}
Operator accesses
This is an example of an operator access request log. To view STA access logs, open the STA Access Management console and select Access Logs.
{
"logVersion": "1.0",
"category": "AUDIT",
"timeStamp": "2020-02-04T06:25:23.509Z",
"id": "bd03c729-14c7-4422-8b40-5cfd7fd31040",
"context": {
"tenantId": "BWUD0CN4AD",
"originatingAddress": "10.164.110.109",
"principalId": "opa",
"sessionId": "fad8d3c3-73c7-4386-a2dd-9fc1fec261bc",
"globalAccessId": "8ef26f61-6904-4a24-937f-97140f51fa52",
"applicationType": "CONSOLE"
},
"details": {
"type": "OPERATOR_LOGIN",
"state": "Accepted",
"action": "auth",
"credentials": [
{
"type": "otp",
"state": "Verified"
}
]
}
},
Requests to use the Logs API
This is an example of an operator read log request log. To view STA access logs, open the STA Access Management console and select Audit Logs.
{
"logVersion": "1.0.0",
"category": "AUDIT",
"timeStamp": "2020-02-05T10:40:17.9406832Z",
"id": "MTfvFHABwC51I5YSyPne",
"context": {
"tenantId": "BWUD0CN4AD",
"originatingAddress": "10.164.110.186",
"principalId": "opa",
"globalAccessId": "382a83c7c1eaadef64cab52cae90caa6"
},
"details": {
"type": "AUDIT",
"description": "GET Logs",
"operationType": "READ",
"operationObjectType": "Access & Audit Logs",
"operationObjectName": "2020-02-04 11:23:07"
}
}