Syslog Event ID
Below you will find the Event_ID table for Syslog:
| Code | Event ID | Parameter Name | Severity Level | Message Body | Comments |
|---|---|---|---|---|---|
| A001 | 10 1 2 10001 | Validation access failure | Informational | "%s: failed to validate access: %s", []interface{}{enforceable.EnforceableName()}, err | enforceable validation error. webhook, mfa, geolocation, certificate |
| A002 | 10 1 1 10001 | Validation access success | Informational | "%s: successfully validated access", []interface{}{enforceable.EnforceableName()} | all enforceable validations passed. |
| A003 | 10 1 3 10001 | Access message | Informational | "access %s by %s. user reason was: %s", action, approval.Approver(), approval.Justification() | logs an administrative message about the approval. action = approved/revoked |
| A004 | 10 1 1 10002 | Access approved | Informational | "access approved by %s", approval.Approver() | token approver in question. approver user id of the approval |
| A005 | 10 1 2 10002 | Access denied | Informational | "access denied: in-existent or expired auth code" | handles OAuth2 token endpoint which trades access-token for an auth code. |
| A006 | 10 1 2 10003 | Access denied | Informational | "access was denied: %v", err | handles OAuth2 token endpoint which trades access-token for an auth code. parse form error, refresh token error, convert token code error |
| A007 | 10 3 2 10001 | Bad SAML request | Error | "bad saml request http method" | saml idp http request not post nor get |
| A008 | 10 1 1 10003 | Certificate changed successfully | Informational | "Certificate was successfully changed" | certificate successfully changed |
| A009 | 10 2 2 10001 | Connection error | Warning | "connection error: " + msg | tunnel guac error usually unauthorized or unreachable |
| A010 | 10 3 2 10002 | SAML mapping error | Error | "current mapping %q is not a saml saas mapping", mapping.Name | mapping protocol is not SAAS |
| A011 | 10 3 2 10003 | SAML mapping error | Error | "current mapping %q is not a saml saas mapping", mapping.Name | mapping protocol not SAAS when serves saas mappings sso via their virtual idp |
| A012 | 10 1 2 10004 | Access denied | Informational | "denied policy access" | access denied since no policy time access/supervisor/certificate/eforceable valid found |
| A013 | 10 3 2 10004 | User upsert to DB failed | Error | "enrollment failed: %v", err | upsert the new user to the database failed |
| A014 | 10 2 2 10002 | Certificate not authorized | Warning | "error verifying peer certificate, %v", err | policyโs certificate not authorized |
| A015 | 10 2 2 10003 | Error creating certificate | Warning | "Error while running recerter: %v", err | create certificate |
| A016 | 10 2 2 10004 | Failed forms SSO login | Warning | "failed forms sso login: %v", err | failed to perform forms-sso returning all generated cookies to the client and error is not redirected |
| A017 | 10 3 2 10005 | Failed to generate RDP method | Error | "failed to build rdp file: %v", err | failed to generates native rdp methods of connection to the rdp server via the rdp gateway |
| A019 | 10 2 2 10005 | Failed to change password | Warning | "failed to change password: %v", err | failed to change password |
| A020 | 10 3 2 10007 | Failed to encode allowed networks | Error | "failed to encode allowed networks: %v", err | failed to get parse one of the user's allowed nat.Networks associated with the Mapping |
| A021 | 10 2 3 10005 | Failed to establish user session | Warning | "failed to establish a user session: %v", err | failed to find a session for the current request and to create an anonymous session |
| A022 | 10 2 2 10006 | Failed to find personal desktop IP | Warning | "failed to find a site to serve the user's personal desktop: %v", err | failed to match a given site using its CIDR to the given address |
| A023 | 10 3 3 10003 | Failed to find IdP | Error | "failed to get saas mapping named %s", mapping.Name | failed to find a virtual idp from mapping |
| A024 | 10 2 3 10006 | Failed to initiate ssh supervised access | Warning | "failed to initiate native ssh supervision session: %v", err | failed to set the deadline for future Read calls and any currently-blocked Read call |
| A025 | 10 2 3 10007 | Failed to initiate ssh underlying transport | Warning | "failed to initiate native ssh supervision session: %v", err | failed to starts a new SSH server with connection as the underlying transport |
| A026 | 10 3 2 10008 | Failed to initiate ssh supervised access | Error | "failed to initiate native ssh supervision session: tunnel with id %q not found", sshConn.User() | failed to initiate native ssh supervision session |
| A027 | 10 3 2 10009 | Failed to inject post sso script | Error | "failed to inject post sso script: %v", err | failed to post sso web script (either to establish user session or to inject post sso script) |
| A028 | 10 2 2 10007 | Failed to notify approver | Warning | "failed to notify approver: %v", err | failed to notify approval that approval was marked as pending |
| A029 | 10 2 2 10008 | Failed to process notifications for user | Warning | "failed to process notifications for user: %v", err | failed to retrieve open notifications for a user |
| A030 | 10 2 2 10009 | Failed to resolve credentials for user | Warning | "failed to resolve credentials for user %s: %v", session.User.Name, err | failed to resolved credentials for user when creating an application tunnel to the user's personal desktop |
| A031 | 10 2 2 10010 | Failed to resolve IdP cookie | Warning | "failed to resolve saml idp cookie, %v", err | failed to resolve saml idp cookie |
| A032 | 10 2 2 10011 | Failed to resolve IdP cookie | Warning | "failed to resolve saml idp cookie, %v", err | failed to resolve saml idp cookie when serving saas mappings sso via their virtual idp |
| A036 | 10 2 2 10014 | Failed to send Post to SAML | Warning | "failed to send saml post to saml server" | failed to send Post method to saml idp server |
| A037 | 10 2 2 10015 | Failed to serve user request | Warning | "failed to serve user request: %v", err | attempts to register an SSH Handler callback with the native ssh proxy related failures |
| A038 | 10 1 2 10006 | Failed to supervise tunnel | Informational | "failed to supervise tunnel: %v", err | attempts to view the tunnel per the request failed due to find user's session |
| A039 | 10 2 2 10016 | Failed to tunnel user request | Warning | "failed to tunnel user request: %v", err | attempts to tunnel the user's request to the correct backend failed |
| A040 | 10 2 3 10008 | Failed to update DB | Warning | "failed to update last login: %v", err | failed to update last login property for the current user |
| A041 | 10 3 3 10004 | Failed to send email | Error | "log in failed with email: %v", err | failed to send email for otp process |
| A042 | 10 3 3 10005 | Failed to send sms | Error | "log in failed with sms: %v", err | failed to send sms for otp process |
| A043 | 10 1 1 10004 | Successful log via OTP | Informational | "log in success with %s", otpCodeMethod | succeed to login with otp |
| A044 | 10 1 1 10005 | Login approved | Informational | "login approved by %s for user %s", session.User.Supervisor.Name, session.User.Id | login approved by supervisor |
| A045 | 10 1 2 10007 | Login failed | Informational | "login failed: %v", err | login process failed |
| A046 | 10 1 1 10006 | Password change successfully | Informational | "password changed successfully" | password changed successfully |
| A047 | 10 1 1 10007 | Password too long | Informational | "password too long (%d chars)", plen | change password โ password too long |
| A048 | 10 2 2 10017 | Invalid license | Warning | "request dropped: invalid license: %v", err | invalid license โ request dropped |
| A049 | 10 2 2 10018 | Missing license | Warning | "request dropped: no license" | missing license โ request dropped |
| A050 | 10 1 3 10002 | Bad SAML URL path | Informational | "requested path %q not found", r.URL.Path | exposes saml metadata or sso endpoints of sp named "name" |
| A051 | 10 1 1 10008 | Successful SAML authentication | Informational | "saml service provider was authenticated successfully" | logs a successful saml Authentication |
| A052 | 10 2 2 10019 | Session recording failed | Warning | "session recording failed: %v", err | failed to store ssh session recording |
| A053 | 10 2 2 10020 | Session was not recorded | Warning | "session was not recorded: %v", err | failed to start session recording |
| A054 | 10 1 1 10009 | Tunnel opened successfully | Informational | "tunnel was opened successfully" | |
| A055 | 10 1 1 10010 | User connected successfully | Informational | "user connected successfully" | attempts to register an SSHHandler callback with the native ssh proxy user successfully connected |
| A056 | 10 1 1 10011 | User deleted file | Informational | "user deleted a file: %s", fullPath | user deleted a fs file โ /v1/delete/ |
| A057 | 10 1 1 10012 | User downloaded a file | Informational | "user downloaded a file: %s", fPath | user downloaded a fs file -> /v1/browse |
| A058 | 10 1 2 10012 | User login failed | Informational | "user failed logging into %s using %s: %v", config.Hostname, config.Protocol, err | attempts to start an application tunnel with configuration failed |
| A059 | 10 1 1 10013 | User logged in successfully | Informational | "user logged in to %s using %s", config.Hostname, config.Protocol | user's connection success |
| A060 | 10 1 1 10014 | User logged in successfully | Informational | "user logged in" | |
| A061 | 10 1 1 10015 | User logged out successfully | Informational | "user logged out" | |
| A062 | 10 1 1 10016 | User session ended by admin | Informational | "user session ended by %s", admin | user session ended by admin |
| A063 | 10 1 1 10017 | User accessed network successfully | Informational | "user successfully accessed the network" | |
| A064 | 10 1 1 10018 | User connected to remote computer successfully | Informational | "user successfully connected to the remote computer" | connected to the remote computer with rdp |
| A065 | 10 1 1 10019 | User enrolled successfully | Informational | "user successfully enrolled" | creates the user in the repository and finishes the enrollment process. |
| A066 | 10 1 2 10008 | User access denied as account is disabled | Informational | "user tried to access application but their account was disabled" | user is disabled to enroll |
| A067 | 10 1 1 10020 | User uploaded a file | Informational | "user uploaded a file: %s", fullPath | user uploaded a file |
| A068 | 10 1 1 10021 | User access to application permitted | Informational | "user was allowed access to application" | authentication middleware user allowed access to mapping |
| A069 | 10 1 2 10009 | User access to application denied | Informational | "user was denied access to application" | authentication middleware user disallowed access to mapping |
| A070 | 10 1 2 10010 | User access to remote application denied | Informational | "user was denied access to remote-app %q", explicitApp | user sent an explicit application, using the "remoteapp" parameter, authorize it against the mapping remote apps |
| A071 | 10 1 2 10011 | Username too long | Informational | "username too long (%d chars)", ulen | |
| A072 | 10 3 3 10001 | Handler error | Error | err.Error() --> handleError | cmd/idac/controller/drive_application.go handler failed for new drive application controller |
| A073 | 10 2 3 10009 | TCP serve HTTP error | Warning | err.Error() ServerHTTP | cmd/idac/controller/tcp_application.go TCP application, ServeHTTP |
| A074 | 10 2 3 10002 | SAML IdP cookie error | Warning | "SAML wire is missing" | saml idp โ is missing from the cookie |
| A075 | 10 2 3 10003 | SAML IdP cookie error | Warning | err.Error() | Set SAML cookie error |
| A076 | 10 2 3 10004 | SAML IdP cookie expired | Warning | SAML IDP cookie was expired | |
| A077 | 10 3 3 10002 | Unexpected SAML state | Error | "unexpected saml wire state, %d:%s", state, state | |
| A078 | 10 2 2 10021 | Destroy User Session Failed | Warning | "failed to destroy user's session: %v", err | destroy user session by agent failed |
| A080 | 10 2 3 10001 | RDP connection error | Warning | "%v", err | cmd/idac/controller/tunnel_application.go rdp connection failed to close, log the error |
| A081 | 10 3 2 10010 | Failed SAML SSO login | Error | failed saml sso sp initiated %s flow: %v | |
| A082 | 10 1 1 10082 | Send reset password otp succeed | Informational | "reset password otp sent by %s succeed" | otp method |
| A083 | 10 3 3 10083 | Send reset password otp failed | Error | "reset password otp sent by %s failed" | otp method |
| A086 | 10 2 2 10012 | Failed to reset password | Warning | failed to reset password: %v | |
| A087 | 10 1 1 10023 | Password has been successfully reset | Informational | password has been successfully reset | |
| A088 | 10 1 1 10088 | Reset password otp verified | Informational | "reset password otp verified" | |
| A089 | 10 3 3 10089 | Reset password fetch user failure | Error | "failed to fetch user %q for password reset: %v" | user name parameter, err |
| A090 | 10 3 3 10090 | Reset password otp method not allowed | Error | "requested otp method %q for user %q is not allowed" | method (sms/email), user name |
| A091 | 10 2 2 10091 | Failed to change password | Warning | "failed to change password: problem with allowed mfa methods %v, %v" | |
| A092 | 10 3 3 10092 | Reset password fetch user origin failure | Error | "failed to fetch user %q origin for password reset: %v" | |
| A093 | 10 3 3 10093 | Controller id, device authentication error | Error | โfailed to perform device authentication with %s: %w" | |
| A094 | 10 1 1 10094 | Device controller | Informational | "successfully authenticated user device with %q" | |
| A095 | 101110095 | Reset password fetch user success | Informational | "succeed to fetch user %q for password reset: %v" | |
| A096 | 101310096 | Change password is not allowed for this IDP type | Informational | "password can't be changed for idp %q of type %q" | |
| A100 | 101110100 | Open Desktop Application Succeeded | Informational | "open desktop application (%s) succeeded" | info.Name |
| A101 | 103210101 | Open Desktop Application Failed | Error | "open desktop application (%s) failed: %v" | info.Name, error |
| A102 | 100310102 | Device controller name | Debug | "%s: received device posture webhook" | |
| A103 | 103210103 | Device controller name, Error | Error | "%s: failed to parse/update device posture: %s" | |
| A104 | 102210104 | WAF Request | Warning | "WAF: request blocked by rule %s: "$s", correlation id is: "%s", offending payload was: "%s"" | rule id, rule message, guid, payload capped to 50 |
| A105 | 103210105 | WAF Request Blocked | Error | ||
| A106 | 101110106 | Supervised Approval Requested | Informational | "supervise approval requested, reason: %s" | user's reason |