[ZTA] Syslog Event ID

Below you will find the Event_ID table for Syslog:

Code	Event ID	Parameter Name	Severity Level	Message Body	Comments
A001	10 1 2 10001	Validation access failure	Informational	"%s: failed to validate access: %s", []interface{}{enforceable.EnforceableName()}, err	enforceable validation error. webhook, mfa, geolocation, certificate
A002	10 1 1 10001	Validation access success	Informational	"%s: successfully validated access", []interface{}{enforceable.EnforceableName()}	all enforceable validations passed.
A003	10 1 3 10001	Access message	Informational	"access %s by %s. user reason was: %s", action, approval.Approver(), approval.Justification()	logs an administrative message about the approval action = approved/revoked
A004	10 1 1 10002	Access approved	Informational	"access approved by %s", approval.Approver()	token approver in question approver user id of the approval
A005	10 1 2 10002	Access denied	Informational	"access denied: in-existent or expired auth code"	handles OAuth2 token endpoint which trades access-token for an auth code. "grant_type" not "refresh_token" nor "authorization_code" and no authentication code
A006	10 1 2 10003	Access denied	Informational	"access was denied: %v", err	handles OAuth2 token endpoint which trades access-token for an auth code. parse form error, refresh token error, convert token code error
A007	10 3 2 10001	Bad SAML request	Error	"bad saml request http method"	saml idp http request not post nor get
A008	10 1 1 10003	Certificate changed successfully	Informational	"Certificate was successfully changed"	certificate successfully changed
A009	10 2 2 10001	Connection error	Warning	"connection error: " + msg	tunnel guac error usually unauthorized or unreachable
A010	10 3 2 10002	SAML mapping error	Error	"current mapping %q is not a saml saas mapping", mapping.Name	mapping protocol is not SAAS
A011	10 3 2 10003	SAML mapping error	Error	"current mapping %q is not a saml saas mapping", mapping.Name	mapping protocol not SAAS when serves saas mappings sso via their virtual idp
A012	10 1 2 10004	Access denied	Informational	"denied policy access"	access denied since no policy time access/supervisor/certificate/eforceable valid found
A013	10 3 2 10004	User upsert to DB failed	Error	"enrollment failed: %v", err	upsert the new user to the database failed
A014	10 2 2 10002	Certificate not authorized	Warning	"error verifying peer certificate, %v", err	policy’s certificate not authorized
A015	10 2 2 10003	Error creating certificate	Warning	"Error while running recerter: %v", err	create certificate
A016	10 2 2 10004	Failed forms SSO login	Warning	"failed forms sso login: %v", err	failed to perform forms-sso returning all generated cookies to the client and error is not redirected
A017	10 3 2 10005	Failed to generate RDP method	Error	"failed to build rdp file: %v", err	failed to generates native rdp methods of connection to the rdp server via the rdp gateway
A019	10 2 2 10005	Failed to change password	Warning	"failed to change password: %v", err	failed to change password
A020	10 3 2 10007	Failed to encode allowed networks	Error	"failed to encode allowed networks: %v", err	failed to get parse one of the user's allowed nat.Networks associated with the Mapping
A021	10 2 3 10005	Failed to establish user session	Warning	"failed to establish a user session: %v", err	failed to find a session for the current request and to create an anonymous session
A022	10 2 2 10006	Failed to find personal desktop IP	Warning	"failed to find a site to serve the user's personal desktop: %v", err	failed to match a given site using its CIDR to the given address
A023	10 3 3 10003	Failed to find IdP	Error	"failed to get saas mapping named %s", mapping.Name	failed to find a virtual idp from mapping
A024	10 2 3 10006	Failed to initiate ssh supervised access	Warning	"failed to initiate native ssh supervision session: %v", err	failed to set the deadline for future Read calls and any currently-blocked Read call
A025	10 2 3 10007	Failed to initiate ssh underlying transport	Warning	"failed to initiate native ssh supervision session: %v", err	failed to starts a new SSH server with connection as the underlying transport
A026	10 3 2 10008	Failed to initiate ssh supervised access	Error	"failed to initiate native ssh supervision session: tunnel with id %q not found", sshConn.User()	failed to initiate native ssh supervision session
A027	10 3 2 10009	Failed to inect post sso script	Error	"failed to inject post sso script: %v", err	failed to post sso web script (either to establish user session or to inject post sso script)
A028	10 2 2 10007	Failed to notify approver	Warning	"failed to notify approver: %v", err	failed to notify approval that approval was marked as pending
A029	10 2 2 10008	Failed to process notifications for user	Warning	"failed to process notifications for user: %v", err	failed to retrieve open notifications for a user
A030	10 2 2 10009	Failed to resolve credentials for user	Warning	"failed to resolve credentials for user %s: %v", session.User.Name, err	failed to resolved credentials for user when creating an application tunnel to the user's personal desktop
A031	10 2 2 10010	Failed to resolve IdP cookie	Warning	"failed to resolve saml idp cookie, %v", err	failed to resolve saml idp cookie
A032	10 2 2 10011	Failed to resolve IdP cookie	Warning	"failed to resolve saml idp cookie, %v", err	failed to resolve saml idp cookie when serving saas mappings sso via their virtual idp
A036	10 2 2 10014	Failed to send Post to SAML	Warning	"failed to send saml post to saml server"	failed to send Post method to saml idp server
A037	10 2 2 10015	Faied to serve user request	Warning	"failed to serve user request: %v", err	attempts to register an SSH Handler callback with the native ssh proxy related failures dial the ssh proxy to obtain a reverse connection accept the ssh connection as a server dial the ssh backend as a client redial the ssh proxy to obtain a new reverse connection
A038	10 1 2 10006	Failed to supervise tunnel	Informational	"failed to supervise tunnel: %v", err	attempts to view the tunnel per the request failed due to find user's session or creates an anonymous session otherwise if not exist to find the tunnel associated with the request to authorize the user's request to get a default tunnel config to start an application tunnel with configuration
A039	10 2 2 10016	Failed to tunnel user request	Warning	"failed to tunnel user request: %v", err	attempts to tunnel the user's request to the correct backend failed due to get backend address (udp) to dial a connection on behalf of the user to upgrade an http request into a net.Conn
A040	10 2 3 10008	Failed to update DB	Warning	"failed to update last login: %v", err	failed to update last login property for the current user
A041	10 3 3 10004	Failed to send email	Error	"log in failed with email: %v", err	failed to send email for otp process
A042	10 3 3 10005	Failed to send sms	Error	"log in failed with sms: %v", err	failed to send sms for otp process
A043	10 1 1 10004	Successful log via OTP	Informational	"log in success with %s", otpCodeMethod	succeed to login with otp
A044	10 1 1 10005	Login approved	Informational	"login approved by %s for user %s", session.User.Supervisor.Name, session.User.Id	login approved by supervisor
A045	10 1 2 10007	Login failed	Informational	"login failed: %v", err	login process failed
A046	10 1 1 10006	Password change successfully	Informational	"password changed successfully"	password changed successfully
A047	10 1 1 10007	Password too long	Informational	"password too long (%d chars)", plen	change password → password to long
A048	10 2 2 10017	Invalid license	Warning	"request dropped: invalid license: %v", err	invalid license → request dropped
A049	10 2 2 10018	Missing license	Warning	"request dropped: no license"	missing license → request dropped
A050	10 1 3 10002	Bad SAML URL path	Informational	"requested path %q not found", r.URL.Path	exposes saml metadata or sso endpoints of sp named "name" request path has no metadata nor sso in the url path
A051	10 1 1 10008	Successful SAML authentication	Informational	"saml service provider was authenticated successfully"	logs a successful saml Authentication
A052	10 2 2 10019	Session recording failed	Warning	"session recording failed: %v", err	failed to store ssh session recording
A053	10 2 2 10020	Session was not recorded	Warning	"session was not recorded: %v", err	failed to start session recording
A054	10 1 1 10009	Tunnel opened successfully	Informational	"tunnel was opened successfully"
A055	10 1 1 10010	User connected successfully	Informational	"user connected successfully"	attempts to register an SSHHandler callback with the native ssh proxy user successfully connected
A056	10 1 1 10011	User deleted file	Informational	"user deleted a file: %s", fullPath	user deleted a fs file → /v1/delete/
A057	10 1 1 10012	User downloaded a file	Informational	"user downloaded a file: %s", fPath	user downloaded a fs file -> /v1/browse
A058	10 1 2 10012	User login failed	Informational	"user failed logging into %s using %s: %v", config.Hostname, config.Protocol, err	attempts to start an application tunnel with configuration failed
A059	10 1 1 10013	User logged in successfully	Informational	"user logged in to %s using %s", config.Hostname, config.Protocol	user's connection success
A060	10 1 1 10014	User logged in successfully	Informational	"user logged in"
A061	10 1 1 10015	User logged out successfully	Informational	"user logged out"
A062	10 1 1 10016	User session ended by admin	Informational	"user session ended by %s", admin	user session ended by admin
A063	10 1 1 10017	User accessed network successfully	Informational	"user successfully accessed the network"
A064	10 1 1 10018	User connected to remote computer successfully	Informational	"user successfully connected to the remote computer"	connected to the remote computer with rdp
A065	10 1 1 10019	User enrolled successfully	Informational	"user successfully enrolled"	creates the user in the repository and finishes the enrollment process.
A066	10 1 2 10008	User access denied as account is disabled	Informational	"user tried to access application but their account was disabled"	user is disabled to enroll
A067	10 1 1 10020	User uploaded a file	Informational	"user uploaded a file: %s", fullPath	user uploaded a file
A068	10 1 1 10021	User access to application permitted	Informational	"user was allowed access to application"	authentication middleware user allowed access to mapping
A069	10 1 2 10009	User access to application denied	Informational	"user was denied access to application"	authentication middleware user disallowed access to mapping
A070	10 1 2 10010	User access to remote application denied	Informational	"user was denied access to remote-app %q", explicitApp	user sent an explicit application, using the "remoteapp" parameter, authorize it against the mapping remote apps app is unauthorized in mapping, log and return error
A071	10 1 2 10011	Username too long	Informational	"username too long (%d chars)", ulen
A072	10 3 3 10001	Handler error	Error	err.Error() --> handleError	cmd/idac/controller/drive_application.go handler failed for new drive application controller
A073	10 2 3 10009	TCP serve HTTP error	Warning	err.Error() ServerHTTP	cmd/idac/controller/tcp_application.go TCP application, ServeHTTP notify the admin an error that occurred
A074	10 2 3 10002	SAML IdP cookie error	Warning	“SAML wire is missing”	saml idp → is missing from the cookie
A075	10 2 3 10003	SAML IdP cookie error	Warning	err.Error()	Set SAML cookie error
A076	10 2 3 10004	SAML IdP cookie expired	Warning	SAML IDP cookie was expired
A077	10 3 3 10002	Unexpected SAML state	Error	"unexpected saml wire state, %d:%s", state, state
A078	10 2 2 10021	Destroy User Session Failed	Warning	"failed to destroy user's session: %v", err	destroy user session by agent failed
A080	10 2 3 10001	RDP connection error	Warning	"%v", err	cmd/idac/controller/tunnel_application.go rdp connection failed to close, log the error
A081	10 3 2 10010	Failed SAML SSO login	Error	failed saml sso sp initiated %s flow: %v
A082	10 1 1 10082	Send reset password otp succeed	Informational	"reset password otp sent by %s succeed"	otp method
A083	10 3 3 10083	Send reset password otp failed	Error	"reset password otp sent by %s failed"	otp method
A086	10 2 2 10012	Failed to reset password	Warning	failed to reset password: %v
A087	10 1 1 10023	Password has been successfully reset	Informational	password has been successfully reset
A088	10 1 1 10088	Reset password otp verified	Informational	"reset password otp verified"
A089	10 3 3 10089	Reset password fetch user failure	Error	"failed to fetch user %q for password reset: %v"	user name parameter, err
A090	10 3 3 10090	Reset password otp method not allowed	Error	"requested otp method %q for user %q is not allowed	method (sms/email), user name
A091	10 2 2 10091	Failed to change password	Warning	"failed to change password: problem with allowed mfa methods %v, %v"
A092	10 3 3 10092	Reset password fetch user origin failure	Error	"failed to fetch user %q origin for password reset: %v"
A093	10 3 3 10093	Controller id, device authentication error	Error	“failed to perform device authentication with %s: %w"
A094	10 1 1 10094	Device controller	Informational	"successfully authenticated user device with %q"
A095	101110095	Reset password fetch user success		"succeed to fetch user %q for password reset: %v"
A096	101310096	Change password is not allowed for this IDP type	Informational	"password can't be changed for idp %q of type %q"
A100	101110100	Open Desktop Application Succeeded	Informational	"open desktop application (%s) succeeded"	info.Name
A101	103210101	Open Desktop Application Failed	Error	"open desktop application (%s) failed: %v"	info.Name, error
A102	100310102	Device controller name	Debug	"%s: received device posture webhook"
A103	103210103	Device controller name, Error	Error	"%s: failed to parse/update device posture: %s"
A104	102210104	WAF Request	Warning	WAF: request blocked by rule %s: "$s", correlation id is: "%s", offending payload was: "%s"	rule id, rule message, guid, payload capped to 50
A105	103210105	WAF Request Blocked	Error
A106	101110106	Supervised Approval Requested	Informational	supervise approval requested, reason: %s	user's reason