-
Notifications
You must be signed in to change notification settings - Fork 137
ACCESS_SESSION_ESTABLISH Audit Event
Endi S. Dewata edited this page May 31, 2023
·
3 revisions
The ACCESS_SESSION_ESTABLISH audit event is generated when PKI client managed to establish a secure connection to PKI server successfully.
Properties:
-
ClientIP: Client’s IP address -
ServerIP: Server’s IP address -
SubjectID: Client certificate’s subject DN -
Outcome:SuccessorFailure -
Info: Failure reason
In PKI 10.5 the ACCESS_SESSION_ESTABLISH_SUCCESS and ACCESS_SESSION_ESTABLISH_FAILURE events are merged into ACCESS_SESSION_ESTABLISH event.
Use PKI CLI to connect to the server:
$ pki -n caadmin ca-user-find
The server will generate the following events:
[AuditEvent=ACCESS_SESSION_ESTABLISH][ClientIP=--][ServerIP=--][SubjectID=CN=PKI Administrator,[email protected],OU=pki-tomcat,O=EXAMPLE][Outcome=Success] a ccess session establish success
Configure PKI CLI to use a cipher that is disabled on the server:
SSL_CIPHERS="TLS_RSA_WITH_AES_128_CBC_SHA256" SSL_DEFAULT_CIPHERS="false"
Then use PKI CLI to connect to the server:
$ pki -n caadmin ca-user-find
The operation will fail and the server will generate the following events:
[AuditEvent=ACCESS_SESSION_ESTABLISH_FAILURE][ClientIP=10.34.78.30][ServerIP=10. 34.78.30][SubjectID=][Outcome=Failure][Info=HANDSHAKE_FAILURE] access session es tablish failure
|
Tip
|
To find a page in the Wiki, enter the keywords in search field, press Enter, then click Wikis. |