Fields specific to the "l_auth" log

The fields described below appear in the web administration interface of the firewall under the Monitoring > Logs - Audit logs module, in the views: All logs and Users.

user

ID of the user (when the authentication phase has ended).

String of characters in UTF-8 format. Example: “John.smith

May be displayed anonymously depending on the administrator's access privileges.

Available from: SNS v1.0.0.

User

src

IP address of the source host.

Decimal format. Example: ”192.168.0.1

May be displayed anonymously depending on the administrator's access privileges.

Available from: SNS v1.0.0

Source

error

Authentication return code.

Decimal format. Example: “0”, “3”, “4", etc.

Status

Example: “ok”, “Auth failed”, “Level denied”…

msg

Message associated with the authentication return code.

String of characters in UTF-8 format. Example: ”User logged in

Message

ruleid

Number of the authentication rule applied (no value if the “AGENT” method is used).

Example: "1"

Available from: SNS v1.0.0.

Rule
agentid

SSO agent ID.

Value: from 0 to 5.

Example: agentid=0

Available from: SNS v3.0.0.

SSO Agent
domain

Authentication method used or LDAP directory of the user authenticated by the firewall.

String of characters in UTF-8 format.

Example: domain="documentation.stormshield.eu"

Available from: SNS v3.0.0.

Method or directory
confid

Index of the security inspection profile used.

Value from “0” to “9”.

Available from: SNS v1.0.0.

totp

Indicates whether authentication required a TOTP

Values: "yes" if a TOTP was used, "no" if no TOTP was used.

Example: totp=yes

Available from: SNS v4.5.0.

One-time password
tsagentname Indicates the name of the TS agent used.
String of characters in UTF-8 format.
Example: tsagentname="agent_name_test"
Available from: SNS v4.7.0.
TS agent name