Authentication and Authorization Format

Programming Guides › Programming Guide for C › Event Log Formats › Access Events › Authentication and Authorization Format

Authentication and Authorization Format

If the event category ID is authentication (SmLogAccessCat_Auth) or authorization (SmLogAccessCat_Az), the format is:

lpszEvent lpszHostName lpszTimeString "szClientIp szUserName" "szAgentName szAction szResource" [szTransactionId] [nReason] szStatusMsg

Elements in the above format example are described as follows:

lpszEvent. The name (type) of the access event:

SmLogAccessEvent_AuthAccept : lpszEvent = "AuthAccept"
SmLogAccessEvent_AuthReject : lpszEvent = "AuthReject"
SmLogAccessEvent_AuthAttempt : lpszEvent = "AuthAttempt"
SmLogAccessEvent_AuthChallenge : lpszEvent = "AuthChallenge"
SmLogAccessEvent_AzAccept : lpszEvent = "AzAccept"
SmLogAccessEvent_AzReject : lpszEvent = "AzReject"
SmLogAccessEvent_AdminLogin : lpszEvent = "AdminLogin"
SmLogAccessEvent_AdminLogout : lpszEvent = "AdminLogout"
SmLogAccessEvent_AdminReject : lpszEvent = "AdminReject"
SmLogAccessEvent_AuthLogout : lpszEvent = "AuthLogout"
SmLogAccessEvent_ValidateAccept : lpszEvent = "ValidateAccept"
SmLogAccessEvent_ValidateReject : lpszEvent = "ValidateReject"

lpszHostName. The name of the host.
lpszTimeString. The timestamp of the occurrence of the event, in the format: [<date>/<month>/<year>:<hour>:<minute>:<second>
<difference from GMT>]. For example: [27/Jun/2000:11:27:29 -0500]
szClientIp. The IP address of the client machine.
szUserName. The name of the user.
szAgentName. The name of the agent.
szAction. The action associated with the resource.
szResource. The accessed resource.
[szTransactionId]. A string that contains: idletime=<value>.
[nReason]. The reason associated with the event. Reasons are enumerated in Sm_Api_Reason_t, which is in SmApi.h.
szStatusMsg. The message associated with the event. The message depends on the event type, as shown in in the following table:

Event	Role of szStatusMsg
SmLogAccessEvent_AdminLogin	Holds the UserMsg returned by the authentication scheme.
SmLogAccessEvent_AdminReject	Holds the ErrorMsg returned by the authentication Scheme
SmLogAccessEvent_AuthAccept	Holds the UserMsg.
SmLogAccessEvent_AuthReject	Holds a concatenated string of UserMsg and ErrorMsg.
SmLogAccessEvent_AuthAttempt	Holds a concatenated string of UserMsg and ErrorMsg.
SmLogAccessEvent_AuthChallenge	Holds the UserMsg.
SmLogAccessEvent_ValidateAccept	Is an empty string.
SmLogAccessEvent_ValidateReject	Holds an error message containing the reason for validate reject. Examples: "Invalid session token" "Invalid session id" "Invalid session ip" "Invalid user DN" "Session has expired" "Invalid key in use" "Invalid error status"
SmLogAccessEvent_AuthLogout	An empty string.
SmLogAccessEvent_AzAccept	An empty string.
SmLogAccessEvent_AzReject	Depending on the type of az reject, it is a string explaining the reason for the reject. Examples: "Invalid session type for affiliate agent" "Invalid session type" "Session not authorized for this security level"

For example:

AuthAccept testbox [27/Jun/2000:11:27:29 -0500] "190.158.4.90 uid=scarter,ou=people,o=airius.com" "testagent GET /test/index.html" [idletime=3600;maxtime=7200;authlevel=5;] [0]

In this example,

lpszEvent is AuthAccept
lpszHostName is testbox
lpszTimeString is [27/Jun/2000:11:27:29 -0500]
szClientIp is 190.158.4.90
szUserName is uid=scarter,ou=people,o=airius.com
szAgentName is testagent
szAction is GET
szResource is /test/index.html
[szTransactionId] is [idletime=3600;maxtime=7200;
authlevel=5;]
[nReason] is [0]
szStatusMsg is not specified.

Email CA about this topic