B.3 Authentication Events
-
Section B.3.1, Authentication
-
Section B.3.2, Creating Entry For External User
-
Section B.3.3, Duplicate User Objects
-
Section B.3.4, Failed Authentication
-
Section B.3.5, Locked Account
-
Section B.3.6, No Such User Event
-
Section B.3.7, Too Many Active Users
-
Section B.3.8, User Discovered
-
Section B.3.9, User Logged In
-
Section B.3.10, User Logged Out
B.3.1 Authentication
When a user is authentic, the following event is generated:
Table B-8 Authentication Events Authentication
Severity
|
0 |
Event Name
|
Authentication
|
Resource
|
UserAuthentication
|
SubResource
|
Authenticate
|
Message
|
User <name> has passed Authentication to Sentinel/Wizard |
B.3.2 Creating Entry For External User
When creating an external user, the following event is generated:
Table B-9 Authentication Events: Creating Entry For External User
Severity
|
1 |
Event Name
|
CreatingEntryForExternalUser
|
Resource
|
UserAuthentication
|
SubResource
|
Authentication
|
Message
|
No existing local user entry with name <name> found, creating one |
B.3.3 Duplicate User Objects
When there is an unexpected second active user object, the following event is generated. This is an internal error.
Table B-10 Authentication Events: Duplicate User Objects
Severity
|
4
|
Event Name
|
TooManyActiveUsers
|
Resource
|
UserAuthentication
|
SubResource
|
Authenticate
|
Message
|
Error in user table : Multiple users with the name <name> found |
B.3.4 Failed Authentication
When a user authentication fails, the following event is generated:
Table B-11 Authentication Events:Failed Authentication
Severity
|
4
|
Event Name
|
AuthenticationFailed
|
Resource
|
UserAuthentication
|
SubResource
|
Authenticate
|
Message
|
Authentication of user <name> with OS name <domUser> from <IP> failed |
B.3.5 Locked Account
When a locked user account is attempting to log in, the following event is generated:
Table B-12 Authentication Events: Locked Account
Severity
|
4
|
Event Name
|
LockedUser
|
Resource
|
UserAuthentication
|
SubResource
|
Authentication
|
Message
|
Attempt to login using locked account <acct>
|
B.3.6 No Such User Event
When a user attempts to log in to the application and authentication succeeds, but the user is not an Sentinel user, the following event is generated:
Table B-13 Authentication Events: No Such User Event
Severity
|
4
|
Event Name
|
NoSuchUser
|
Resource
|
UserAuthentication
|
SubResource
|
Authenticate
|
Message
|
No existing user with name <name> found |
B.3.7 Too Many Active Users
Table B-14 Authentication Events: Too Many Active Users
Severity
|
|
Event Name
|
|
Resource
|
|
SubResource
|
|
Message
|
|
B.3.8 User Discovered
If the server restarts, it loses the session information. It then reconstructsthe session when it receives messages from active users. When it discovers a connected user, the following internal event is generated:
Table B-15 Table B‑8: Authentication Events:User Discovered
Severity
|
1
|
Event Name
|
UserLoggedIn
|
Resource
|
UserSessionManager
|
SubResource
|
User
|
Message
|
Discovered active user <user> with OS name <osName> at <IP> logged in; currently <number> active users |
B.3.9 User Logged In
When a user logs in, the following internal event is generated:
Table B-16 Authentication Events:User Logged In
Severity
|
1
|
Event Name
|
UserLoggedIn
|
Resource
|
UserSessionManager
|
SubResource
|
User
|
Message
|
User <user> with OS name <osName> at <IP> logged in; currently <number> active users |
B.3.10 User Logged Out
When a user logs out, the following internal event is generated:
Table B-17 Authentication Events : User Logged Out
Severity
|
1
|
Event Name
|
UserLoggedOut
|
Resource
|
UserSessionManager
|
SubResource
|
User
|
Message
|
Closing session for <user> OS name <osName> from <IP> was on since <date>; currently <number> active users |