Below you will find the Event_ID table for Syslog:
|
Code |
Event ID |
Parameter Name |
Severity Level |
Message Body |
Comments |
|---|---|---|---|---|---|
|
A001 |
10 1 2 10001 |
Validation access failure |
Informational |
"%s: failed to validate access: %s", []interface{}{enforceable.EnforceableName()}, err |
enforceable validation error. webhook, mfa, geolocation, certificate |
|
A002 |
10 1 1 10001 |
Validation access success |
Informational |
"%s: successfully validated access", []interface{}{enforceable.EnforceableName()} |
all enforceable validations passed. |
|
A003 |
10 1 3 10001 |
Access message |
Informational |
"access %s by %s. user reason was: %s", action, approval.Approver(), approval.Justification() |
logs an administrative message about the approval action = approved/revoked |
|
A004 |
10 1 1 10002 |
Access approved |
Informational |
"access approved by %s", approval.Approver() |
token approver in question approver user id of the approval |
|
A005 |
10 1 2 10002 |
Access denied |
Informational |
"access denied: in-existent or expired auth code" |
handles OAuth2 token endpoint which trades access-token for an auth code. "grant_type" not "refresh_token" nor "authorization_code" and no authentication code |
|
A006 |
10 1 2 10003 |
Access denied |
Informational |
"access was denied: %v", err |
handles OAuth2 token endpoint which trades access-token for an auth code. parse form error, refresh token error, convert token code error |
|
A007 |
10 3 2 10001 |
Bad SAML request |
Error |
"bad saml request http method" |
saml idp http request not post nor get |
|
A008 |
10 1 1 10003 |
Certificate changed successfully |
Informational |
"Certificate was successfully changed" |
certificate successfully changed |
|
A009 |
10 2 2 10001 |
Connection error |
Warning |
"connection error: " + msg |
tunnel guac error usually unauthorized or unreachable |
|
A010 |
10 3 2 10002 |
SAML mapping error |
Error |
"current mapping %q is not a saml saas mapping", mapping.Name |
mapping protocol is not SAAS |
|
A011 |
10 3 2 10003 |
SAML mapping error |
Error |
"current mapping %q is not a saml saas mapping", mapping.Name |
mapping protocol not SAAS when serves saas mappings sso via their virtual idp |
|
A012 |
10 1 2 10004 |
Access denied |
Informational |
"denied policy access" |
access denied since no policy time access/supervisor/certificate/eforceable valid found |
|
A013 |
10 3 2 10004 |
User upsert to DB failed |
Error |
"enrollment failed: %v", err |
upsert the new user to the database failed |
|
A014 |
10 2 2 10002 |
Certificate not authorized |
Warning |
"error verifying peer certificate, %v", err |
policy’s certificate not authorized |
|
A015 |
10 2 2 10003 |
Error creating certificate |
Warning |
"Error while running recerter: %v", err |
create certificate |
|
A016 |
10 2 2 10004 |
Failed forms SSO login |
Warning |
"failed forms sso login: %v", err |
failed to perform forms-sso returning all generated cookies to the client and error is not redirected |
|
A017 |
10 3 2 10005 |
Failed to generate RDP method |
Error |
"failed to build rdp file: %v", err |
failed to generates native rdp methods of connection to the rdp server via the rdp gateway |
|
A019 |
10 2 2 10005 |
Failed to change password |
Warning |
"failed to change password: %v", err |
failed to change password |
|
A020 |
10 3 2 10007 |
Failed to encode allowed networks |
Error |
"failed to encode allowed networks: %v", err |
failed to get parse one of the user's allowed nat.Networks associated with the Mapping |
|
A021 |
10 2 3 10005 |
Failed to establish user session |
Warning |
"failed to establish a user session: %v", err |
failed to find a session for the current request and to create an anonymous session |
|
A022 |
10 2 2 10006 |
Failed to find personal desktop IP |
Warning |
"failed to find a site to serve the user's personal desktop: %v", err |
failed to match a given site using its CIDR to the given address |
|
A023 |
10 3 3 10003 |
Failed to find IdP |
Error |
"failed to get saas mapping named %s", mapping.Name |
failed to find a virtual idp from mapping |
|
A024 |
10 2 3 10006 |
Failed to initiate ssh supervised access |
Warning |
"failed to initiate native ssh supervision session: %v", err |
failed to set the deadline for future Read calls and any currently-blocked Read call |
|
A025 |
10 2 3 10007 |
Failed to initiate ssh underlying transport |
Warning |
"failed to initiate native ssh supervision session: %v", err |
failed to starts a new SSH server with connection as the underlying transport |
|
A026 |
10 3 2 10008 |
Failed to initiate ssh supervised access |
Error |
"failed to initiate native ssh supervision session: tunnel with id %q not found", sshConn.User() |
failed to initiate native ssh supervision session |
|
A027 |
10 3 2 10009 |
Failed to inect post sso script |
Error |
"failed to inject post sso script: %v", err |
failed to post sso web script (either to establish user session or to inject post sso script) |
|
A028 |
10 2 2 10007 |
Failed to notify approver |
Warning |
"failed to notify approver: %v", err |
failed to notify approval that approval was marked as pending |
|
A029 |
10 2 2 10008 |
Failed to process notifications for user |
Warning |
"failed to process notifications for user: %v", err |
failed to retrieve open notifications for a user |
|
A030 |
10 2 2 10009 |
Failed to resolve credentials for user |
Warning |
"failed to resolve credentials for user %s: %v", session.User.Name, err |
failed to resolved credentials for user when creating an application tunnel to the user's personal desktop |
|
A031 |
10 2 2 10010 |
Failed to resolve IdP cookie |
Warning |
"failed to resolve saml idp cookie, %v", err |
failed to resolve saml idp cookie |
|
A032 |
10 2 2 10011 |
Failed to resolve IdP cookie |
Warning |
"failed to resolve saml idp cookie, %v", err |
failed to resolve saml idp cookie when serving saas mappings sso via their virtual idp |
|
A036 |
10 2 2 10014 |
Failed to send Post to SAML |
Warning |
"failed to send saml post to saml server" |
failed to send Post method to saml idp server |
|
A037 |
10 2 2 10015 |
Faied to serve user request |
Warning |
"failed to serve user request: %v", err |
attempts to register an SSH Handler callback with the native ssh proxy related failures
|
|
A038 |
10 1 2 10006 |
Failed to supervise tunnel |
Informational |
"failed to supervise tunnel: %v", err |
attempts to view the tunnel per the request failed due
|
|
A039 |
10 2 2 10016 |
Failed to tunnel user request |
Warning |
"failed to tunnel user request: %v", err |
attempts to tunnel the user's request to the correct backend failed due
|
|
A040 |
10 2 3 10008 |
Failed to update DB |
Warning |
"failed to update last login: %v", err |
failed to update last login property for the current user |
|
A041 |
10 3 3 10004 |
Failed to send email |
Error |
"log in failed with email: %v", err |
failed to send email for otp process |
|
A042 |
10 3 3 10005 |
Failed to send sms |
Error |
"log in failed with sms: %v", err |
failed to send sms for otp process |
|
A043 |
10 1 1 10004 |
Successful log via OTP |
Informational |
"log in success with %s", otpCodeMethod |
succeed to login with otp |
|
A044 |
10 1 1 10005 |
Login approved |
Informational |
"login approved by %s for user %s", session.User.Supervisor.Name, session.User.Id |
login approved by supervisor |
|
A045 |
10 1 2 10007 |
Login failed |
Informational |
"login failed: %v", err |
login process failed |
|
A046 |
10 1 1 10006 |
Password change successfully |
Informational |
"password changed successfully" |
password changed successfully |
|
A047 |
10 1 1 10007 |
Password too long |
Informational |
"password too long (%d chars)", plen |
change password → password to long |
|
A048 |
10 2 2 10017 |
Invalid license |
Warning |
"request dropped: invalid license: %v", err |
invalid license → request dropped |
|
A049 |
10 2 2 10018 |
Missing license |
Warning |
"request dropped: no license" |
missing license → request dropped |
|
A050 |
10 1 3 10002 |
Bad SAML URL path |
Informational |
"requested path %q not found", r.URL.Path |
exposes saml metadata or sso endpoints of sp named "name" request path has no metadata nor sso in the url path |
|
A051 |
10 1 1 10008 |
Successful SAML authentication |
Informational |
"saml service provider was authenticated successfully" |
logs a successful saml Authentication |
|
A052 |
10 2 2 10019 |
Session recording failed |
Warning |
"session recording failed: %v", err |
failed to store ssh session recording |
|
A053 |
10 2 2 10020 |
Session was not recorded |
Warning |
"session was not recorded: %v", err |
failed to start session recording |
|
A054 |
10 1 1 10009 |
Tunnel opened successfully |
Informational |
"tunnel was opened successfully" |
|
|
A055 |
10 1 1 10010 |
User connected successfully |
Informational |
"user connected successfully" |
attempts to register an SSHHandler callback with the native ssh proxy user successfully connected |
|
A056 |
10 1 1 10011 |
User deleted file |
Informational |
"user deleted a file: %s", fullPath |
user deleted a fs file → /v1/delete/ |
|
A057 |
10 1 1 10012 |
User downloaded a file |
Informational |
"user downloaded a file: %s", fPath |
user downloaded a fs file -> /v1/browse |
|
A058 |
10 1 2 10012 |
User login failed |
Informational |
"user failed logging into %s using %s: %v", config.Hostname, config.Protocol, err |
attempts to start an application tunnel with configuration failed |
|
A059 |
10 1 1 10013 |
User logged in successfully |
Informational |
"user logged in to %s using %s", config.Hostname, config.Protocol |
user's connection success |
|
A060 |
10 1 1 10014 |
User logged in successfully |
Informational |
"user logged in" |
|
|
A061 |
10 1 1 10015 |
User logged out successfully |
Informational |
"user logged out" |
|
|
A062 |
10 1 1 10016 |
User session ended by admin |
Informational |
"user session ended by %s", admin |
user session ended by admin |
|
A063 |
10 1 1 10017 |
User accessed network successfully |
Informational |
"user successfully accessed the network" |
|
|
A064 |
10 1 1 10018 |
User connected to remote computer successfully |
Informational |
"user successfully connected to the remote computer" |
connected to the remote computer with rdp |
|
A065 |
10 1 1 10019 |
User enrolled successfully |
Informational |
"user successfully enrolled" |
creates the user in the repository and finishes the enrollment process. |
|
A066 |
10 1 2 10008 |
User access denied as account is disabled |
Informational |
"user tried to access application but their account was disabled" |
user is disabled to enroll |
|
A067 |
10 1 1 10020 |
User uploaded a file |
Informational |
"user uploaded a file: %s", fullPath |
user uploaded a file |
|
A068 |
10 1 1 10021 |
User access to application permitted |
Informational |
"user was allowed access to application" |
authentication middleware user allowed access to mapping |
|
A069 |
10 1 2 10009 |
User access to application denied |
Informational |
"user was denied access to application" |
authentication middleware user disallowed access to mapping |
|
A070 |
10 1 2 10010 |
User access to remote application denied |
Informational |
"user was denied access to remote-app %q", explicitApp |
user sent an explicit application, using the "remoteapp" parameter, authorize it against the mapping remote apps app is unauthorized in mapping, log and return error |
|
A071 |
10 1 2 10011 |
Username too long |
Informational |
"username too long (%d chars)", ulen |
|
|
A072 |
10 3 3 10001 |
Handler error |
Error |
err.Error() --> handleError |
cmd/idac/controller/drive_application.go handler failed for new drive application controller |
|
A073 |
10 2 3 10009 |
TCP serve HTTP error |
Warning |
err.Error() ServerHTTP |
cmd/idac/controller/tcp_application.go TCP application, ServeHTTP notify the admin an error that occurred |
|
A074 |
10 2 3 10002 |
SAML IdP cookie error |
Warning |
“SAML wire is missing” |
saml idp → is missing from the cookie |
|
A075 |
10 2 3 10003 |
SAML IdP cookie error |
Warning |
err.Error() |
Set SAML cookie error |
|
A076 |
10 2 3 10004 |
SAML IdP cookie expired |
Warning |
SAML IDP cookie was expired |
|
|
A077 |
10 3 3 10002 |
Unexpected SAML state |
Error |
"unexpected saml wire state, %d:%s", state, state |
|
|
A078 |
10 2 2 10021 |
Destroy User Session Failed |
Warning |
"failed to destroy user's session: %v", err |
destroy user session by agent failed |
|
A080 |
10 2 3 10001 |
RDP connection error |
Warning |
"%v", err |
cmd/idac/controller/tunnel_application.go rdp connection failed to close, log the error |
|
A081 |
10 3 2 10010 |
Failed SAML SSO login |
Error |
failed saml sso sp initiated %s flow: %v |
|
|
A082 |
10 1 1 10082 |
Send reset password otp succeed |
Informational |
"reset password otp sent by %s succeed" |
otp method |
|
A083 |
10 3 3 10083 |
Send reset password otp failed |
Error |
"reset password otp sent by %s failed" |
otp method |
|
A086 |
10 2 2 10012 |
Failed to reset password |
Warning |
failed to reset password: %v |
|
|
A087 |
10 1 1 10023 |
Password has been successfully reset |
Informational |
password has been successfully reset |
|
|
A088 |
10 1 1 10088 |
Reset password otp verified |
Informational |
"reset password otp verified" |
|
|
A089 |
10 3 3 10089 |
Reset password fetch user failure |
Error |
"failed to fetch user %q for password reset: %v" |
user name parameter, err |
|
A090 |
10 3 3 10090 |
Reset password otp method not allowed |
Error |
"requested otp method %q for user %q is not allowed |
method (sms/email), user name |
|
A091 |
10 2 2 10091 |
Failed to change password |
Warning |
"failed to change password: problem with allowed mfa methods %v, %v" |
|
|
A092 |
10 3 3 10092 |
Reset password fetch user origin failure |
Error |
"failed to fetch user %q origin for password reset: %v" |
|
|
A093 |
10 3 3 10093 |
Controller id, device authentication error |
Error |
“failed to perform device authentication with %s: %w" |
|
|
A094 |
10 1 1 10094 |
Device controller |
Informational |
"successfully authenticated user device with %q" |
|
|
A095 |
101110095 |
Reset password fetch user success |
|
"succeed to fetch user %q for password reset: %v" |
|
|
A096 |
101310096 |
Change password is not allowed for this IDP type |
Informational |
"password can't be changed for idp %q of type %q" |
|
|
A100 |
101110100 |
Open Desktop Application Succeeded |
Informational |
"open desktop application (%s) succeeded" |
info.Name |
|
A101 |
103210101 |
Open Desktop Application Failed |
Error |
"open desktop application (%s) failed: %v" |
info.Name, error |
|
A102 |
100310102 |
Device controller name |
Debug |
"%s: received device posture webhook" |
|
|
A103 |
103210103 |
Device controller name, Error |
Error |
"%s: failed to parse/update device posture: %s" |
|
|
A104 |
102210104 |
WAF Request |
Warning |
WAF: request blocked by rule %s: "$s", correlation id is: "%s", offending payload was: "%s" |
rule id, rule message, guid, payload capped to 50 |
|
A105 |
103210105 |
WAF Request Blocked |
Error |
|
|
|
A106 |
101110106 |
Supervised Approval Requested |
Informational |
supervise approval requested, reason: %s | user's reason |