-
Notifications
You must be signed in to change notification settings - Fork 127
Login Events
bfuzzy edited this page Oct 26, 2018
·
1 revision
| Event | Description |
|---|---|
| AUDIT_CRYPTO_KEY_USER | Create delete negotiate crypto keys |
| AUDIT_CRYPTO_SESSION | Record parameters set during TLS session establishment |
| AUDIT_USER_AUTH | User system access authentication |
| AUDIT_LOGIN | Define the login id and information |
| AUDIT_USER_ACCT | User system access authorization |
| AUDIT_USER_CHAUTHTOK | User acct password or pin changed |
| AUDIT_USER_ERR | User acct state error |
| AUDIT_CRED_ACQ | User credential acquired |
| AUDIT_USER_ROLE_CHANGE | User changed to a new role |
| AUDIT_USER_START | User session start |
| AUDIT_USER_LOGIN | User has logged in |
| AUDIT_CRED_REFR | User credential refreshed |
| AUDIT_GRP_AUTH | Authentication for group password |
| AUDIT_CHUSER_ID | Changed user ID supplemental data |
| AUDIT_CHGRP_ID | User space group ID changed |
| AUDIT_USER_LOGOUT | User has logged out |
| AUDIT_USER_END | User session end |
| AUDIT_CRED_DISP | User credential disposed |
| AUDIT_ANOM_LOGIN_FAILURES | Failed login limit reached |
| AUDIT_ANOM_LOGIN_TIME | Login attempted at bad time |
| AUDIT_ANOM_LOGIN_SESSIONS | Max concurrent sessions reached |
| AUDIT_ANOM_LOGIN_ACCT | Login attempted to watched acct |
| AUDIT_ANOM_LOGIN_LOCATION | Login from forbidden location |