Skip to content

AUTH_FAIL Audit Event

Jump to bottom
Endi S. Dewata edited this page May 31, 2023 · 3 revisions

Overview

The AUTH_FAIL audit event is generated when authentication fails (in case of SSL-client auth, only webserver env can pick up the SSL violation; CS authMgr can pick up certificate mis-match, so this event is used).

Properties:

  • Outcome should always be Failure in this event (obviously, if authentication failed, you won’t have a valid SubjectID, so in this case, SubjectID should be $Unidentified$)

  • AuthMgr must be the authentication manager instance name that did this authentication

  • AttemptedCred must be the credential attempted and failed

Note: In PKI 10.5 this event is renamed to AUTH.

Examples

Start PKI console and login with a wrong password.

The server will generate the following events:

[AuditEvent=AUTH_FAIL][SubjectID=$Unidentified$][Outcome=Failure][AuthMgr=passwd
UserDBAuthMgr][AttemptedCred=caadmin] authentication failure
Tip
 To find a page in the Wiki, enter the keywords in search field, press Enter, then click Wikis.
Clone this wiki locally