Fields specific to the "l_auth" log
The fields described below appear in the web administration interface of the firewall under the Monitoring > Logs - Audit logs module, in the views: All logs and Users.
|
user |
ID of the user (when the authentication phase has ended). String of characters in UTF-8 format. Example: “John.smith” May be displayed anonymously depending on the administrator's access privileges. Available from: SNS v1.0.0. |
|
User |
|
|
src |
IP address of the source host. Decimal format. Example: ”192.168.0.1” May be displayed anonymously depending on the administrator's access privileges. Available from: SNS v1.0.0 |
|
Source |
|
|
error |
Authentication return code. Decimal format. Example: “0”, “3”, “4", etc. |
|
Status Example: “ok”, “Auth failed”, “Level denied”… |
|
|
msg |
Message associated with the authentication return code. String of characters in UTF-8 format. Example: ”User logged in” |
|
Message |
|
|
ruleid |
Number of the authentication rule applied (no value if the “AGENT” method is used). Example: "1" Available from: SNS v1.0.0. |
| Rule | |
| agentid |
SSO agent ID. Value: from 0 to 5. Example: agentid=0 Available from: SNS v3.0.0. |
| SSO Agent | |
| domain |
Authentication method used or LDAP directory of the user authenticated by the firewall. String of characters in UTF-8 format. Example: domain="documentation.stormshield.eu" Available from: SNS v3.0.0. |
| Method or directory | |
| confid |
Index of the security inspection profile used. Value from “0” to “9”. Available from: SNS v1.0.0. |
| totp |
Indicates whether authentication required a TOTP Values: "yes" if a TOTP was used, "no" if no TOTP was used. Example: totp=yes Available from: SNS v4.5.0. |
| One-time password |