Initial view
When Log Viewer is invoked, it initially loads the current Audit log file, selects the last page and scrolls directly to the bottom of the page, displaying the log entries that were last written by Ubisecure SSO.
Figure 1: Log Viewer initial view, viewing Audit log |
Note that initially the extended log entry information is not shown on the page, in order to make the event history more legible.
Date / Type - Selection menus
These dropdown-select boxes make it easier to navigate to a certain date. The view updates immediately when any field is changed. The date fields are laid out in descending format, that is: year, month and day. Only the years, days and months of logs that are in the logs directory, are shown in selection list.
Ext. Msg. radio buttons
Ext. msg. is an abbreviation of extended messages. These are initially turned off in order to make the view more legible. Changing the value immediately updates the view. Multi-line system errors are only displayed if Ext. msg is on.
Entries/Page menu
Available options are 22, 50, 100 and all. Changing this value immediately updates the view with the new values. Note that it also resets the view to the beginning of the log file.
Page navigation links
These links vary depending on the number of available pages as follows:
- for 1 page – Refresh
- for 2 pages - First Page, Last Page
- greater than or equal to 3 pages First Page, Prev Page, Next Page, Last Page
In addition to reloading the log file, "Refresh" and "Last Page" will dynamically scroll the view down to the last available log entry. This feature makes it easier to trace newly written log entries if the view holds more entries than can be viewed simultaneously.
Logfile navigation buttons
These buttons navigate between the entire range of log files of the currently selected type – for example, seeing the same log type from the next or previous day.
Headers
Log Viewer's each header is a generic description of the individual event's each field. Since most events contain different information by type, the view would expand inconveniently if each field were represented under an exactly describing header and therefore make the event tracing cumbersome.
Entry representation of Audit-Events:
The "login" event (successful authentication)
Headers | Name by specification |
---|---|
REMOTE_ADDR | addr |
ACTION | "login" |
USER INFO |
|
INFO |
|
MASTER SESSION | masterSessionId |
LOGIN INFO | authMethod |
APPLICATION | application |
USER AGENT | userAgent |
The "invalid login" event
Headers | Name by specification |
---|---|
REMOTE_ADDR | addr |
ACTION | "invalid.login" |
USER INFO | loginName |
INFO | reason |
MASTER SESSION | masterSessionId |
LOGIN INFO | authMethod |
APPLICATION | application |
USER AGENT | userAgent |
The "ticket granted" event
Headers | Name by specification |
---|---|
REMOTE_ADDR | addr |
ACTION | "ticket granted" |
USER INFO | mappedUsername (userName) |
INFO | application URL |
MASTER SESSION | masterSessionId |
LOGIN INFO | requestId |
APPLICATION | application |
USER AGENT | userAgent |
The "access denied" event
Headers | Name by specification |
---|---|
REMOTE_ADDR | addr |
ACTION | "access denied" |
USER INFO |
|
INFO | reason |
MASTER SESSION | masterSessionId |
LOGIN INFO |
|
APPLICATION | application |
USER AGENT | userAgent |
The "logout" event
Headers | Name by specification |
---|---|
REMOTE_ADDR | addr |
ACTION | "logout" |
USER INFO |
|
INFO |
|
MASTER SESSION | masterSessionId |
LOGIN INFO |
|
APPLICATION |
|
USER AGENT | userAgent |
The "authentication method list" event
Headers | Name by specification |
---|---|
REMOTE_ADDR | addr |
ACTION | "authentication method list" |
USER INFO |
|
INFO |
|
MASTER SESSION | masterSessionId |
LOGIN INFO |
|
APPLICATION | application |
USER AGENT | userAgent |
The "authentication method selected" event
Headers | Name by specification |
---|---|
REMOTE_ADDR | addr |
ACTION | "authentication method selected" |
USER INFO |
|
INFO |
|
MASTER SESSION | masterSessionId |
LOGIN INFO | authMethod |
APPLICATION | application |
USER AGENT | userAgent |
The "assertion received" event
Headers | Name by specification |
---|---|
REMOTE_ADDR | addr |
ACTION | "assertion received" |
USER INFO |
|
INFO | authenticatorId / attributes |
MASTER SESSION | masterSessionId |
LOGIN INFO | authMethod |
APPLICATION |
|
USER AGENT | userAgent |
Entry representation of Diag-Events:
Diagnostics events all follow the same convention.
All events
Headers | Description |
---|---|
TYPE | Which action / component caused the event |
IP ADDRESS | The client's ip address |
REQUEST ID | For tracing associated events |
MESSAGE | Elaboration, also ext.msg (stacktrace or elaboration) |