RapidIdentity Product Guides - 2019 Rolling Release

Audit

Audit log settings are configured globally for all applications and modules. Audit logs can be sent to a file, database, and/or a Syslog server. The database connection for audit is configured in the RapidIdentity CLI Menu and can be the same as or different from your configuration database.

Audit Types
Legacy_Audit_Types.png

Selecting Enable File Based Audit Log allows administrators to select JSON or XML as a format for one-line events, or Legacy as the format for multi-line XML; Legacy corresponds to the format prior to RapidIdentity 2017.11.14.

If this option is selected prior to upgrading to RapidIdentity 2017.11.14, Legacy will be selected. If this option is not selected prior to upgrade or is selected at any time thereafter, JSON will be selected initially.

The Product, Module, and Action are now represented as productId, moduleId, and actionId, respectively.

JSON Example

{
  "id": "89eab250-c598-11e7-bf85-005056c00008",
  "productId": "net.idauto.audit.product.saml",
  "moduleId": "net.idauto.audit.module.idp",
  "actionId": "net.idauto.audit.idp.action.authentication",
  "timestamp": "2017-11-09T21:54:19.764Z",
  "targetSystem": "DIRECTORY",
  "targetId": "521d7b81-ac96-4ae4-bbd2-d346d826c5d6",
  "target": "jdoe",
  "hostIp": "192.168.11.101",
  "perpIp": "127.0.0.1",
  "perpId": "521d7b81-ac96-4ae4-bbd2-d346d826c5d6",
  "perpDN": "CN=John Doe,OU=employees,OU=people,OU=idauto,DC=ad2k8,DC=local",
  "ext.json_data": {
    "errorMessage": "Incorrect Username and/or Password",
    "policy": {
      "id" : "47bf6460-3421-11e7-8178-005056c00008",
      "name": "Password Only",
      "version" : 26
    },
    "methods" : ["username"],
    "failedStep": "password"
  }
}

XML Example

<record id="a21e6010-c598-11e7-bf85-005056c00008">
  <product>
    <id>
      net.idauto.audit.product.saml
    </id>
    <displayName>
      Federation
    </displayName>
  </product>
  <module>
    <id>
      net.idauto.audit.module.idp
    </id>
    <displayName>
      Federation Identity Provider
    </displayName>
  </module>
  <action>
    <id>
      net.idauto.audit.idp.action.authentication
    </id>
    <displayName>
      IdP Authentication
    </displayName>
    <classification>
      <id>
        net.idauto.audit.common.classification.normal
      </id>
    </classification>
    <categories>
      <category>
        <id>
          net.idauto.audit.common.category.systemUsage
        </id>
      </category>
    </categories>
  </action>
  <hostIp>
    192.168.11.101
  </hostIp>
  <perpetratorId>
    521d7b81-ac96-4ae4-bbd2-d346d826c5d6
  </perpetratorId>
  <perpetratorDN>
    CN=John Doe,OU=employees,OU=people,OU=idauto,DC=ad2k8,DC=local
  </perpetratorDN>
  <perpetratorIp>
    127.0.0.1
  </perpetratorIp>
  <targetSystem>
    DIRECTORY
  </targetSystem>
  <targetId>
    521d7b81-ac96-4ae4-bbd2-d346d826c5d6
  </targetId>
  <target>
    jdoe
  </target>
  <successful>
    false
  </successful>
  <properties>
    <property key="json_data">
      <values>
        <value>
          {
            "errorMessage": "Incorrect Username and/or Password",
            "policy": {
              "id": "47bf6460-3421-11e7-8178-005056c00008",
              "name": "Password Only",
              "version": 26
            },
            "methods": ["username"],
            "failedStep": "password"
          }
        </value>
      </values>
    </property>
  </properties>
  <timestamp>
    2017-11-09 15:55:00
  </timestamp>
</record>

Legacy Example

<record id="b70fdb20-c598-11e7-bf85-005056c00008">
  <product>
    <id>
      net.idauto.audit.product.saml
    </id>
    <displayName>
      Federation
    </displayName>
  </product>
  <module>
    <id>
      net.idauto.audit.module.idp
    </id>
    <displayName>
      Federation Identity Provider
    </displayName>
  </module>
  <action>
    <id>
      net.idauto.audit.idp.action.authentication
    </id>
    <displayName>
      IdP Authentication
    </displayName>
    <classification>
      <id>
      net.idauto.audit.common.classification.normal
    </id>
    </classification>
    <categories>
      <category>
        <id>
          net.idauto.audit.common.category.systemUsage
        </id>
      </category>
    </categories>
  </action>
  <hostIp>
    192.168.11.101
  </hostIp>
  <perpetratorId>
    521d7b81-ac96-4ae4-bbd2-d346d826c5d6
  </perpetratorId>
  <perpetratorDN>
    CN=John Doe,OU=employees,OU=people,OU=idauto,DC=ad2k8,DC=local
  </perpetratorDN>
  <perpetratorIp>
    127.0.0.1
  </perpetratorIp>
  <targetSystem>
    DIRECTORY
  </targetSystem>
  <targetId>
    521d7b81-ac96-4ae4-bbd2-d346d826c5d6
  </targetId>
  <target>
    jdoe
  </target>
  <successful>
    false
  </successful>
  <properties>
    <property key="json_data">
      <values>
        <value>
          {
            "errorMessage": "Incorrect Username and/or Password",
            "policy": {
              "id": "47bf6460-3421-11e7-8178-005056c00008",
              "name": "Password Only",
              "version": 26
            },
            "methods": [ "username" ],
            "failedStep": "password"
          }
        </value>
      </values>
    </property>
  </properties>
  <timestamp>
    2017-11-09 15:55:35
  </timestamp>
</record>
In this section: