User interface

Initial View

When Log Viewer is invoked, it initially loads the current Audit log file, selects the last page and scrolls directly to the bottom of the page, displaying the log entries that were last written by Ubisecure SSO.

Figure 1: Log Viewer initial view, viewing Audit log

Note that initially the extended log entry information is not shown on the page, in order to make the event history more legible.

Date / Type - Selection Menus

These dropdown-select boxes make it easier to navigate to a certain date. The view updates immediately when any field is changed. The date fields are laid out in descending format, that is: year, month and day. Only the years, days and months of logs that are in the logs directory, are shown in selection list.

Ext. Msg. Radio Buttons

Ext. msg. is an abbreviation of extended messages. These are initially turned off in order to make the view more legible. Changing the value immediately updates the view. Multi-line system errors are only displayed if Ext. msg is on.

Entries/Page-Menu

Available options are 22, 50, 100 and all. Changing this value immediately updates the view with the new values. Note that it also resets the view to the beginning of the log file.

These links vary depending on the number of available pages as follows:

  • for 1 page – Refresh
  • for 2 pages - First Page, Last Page
  • greater than or equal to 3 pages First Page, Prev Page, Next Page, Last Page

In addition to reloading the log file, "Refresh" and "Last Page" will dynamically scroll the view down to the last available log entry. This feature makes it easier to trace newly written log entries if the view holds more entries than can be viewed simultaneously.

Logfile Navigation Buttons

These buttons navigate between the entire range of log files of the currently selected type – for example, seeing the same log type from the next or previous day.

Headers

Log Viewer's each header is a generic description of the individual event's each field. Since most events contain different information by type, the view would expand inconveniently if each field were represented under an exactly describing header and therefore make the event tracing cumbersome.

Entry Representation of Audit-Events:

The "login" event (successful authentication)

Headers

Name by specification

REMOTE_ADDR

addr

ACTION

"login"

USER INFO

 

INFO

 

MASTER SESSION

masterSessionId

LOGIN INFO

authMethod

AGENT

agent

USER AGENT

userAgent

The "invalid login" event

Headers

Name by specification

REMOTE_ADDR

addr

ACTION

"invalid.login"

USER INFO

loginName

INFO

reason

MASTER SESSION

masterSessionId

LOGIN INFO

authMethod

AGENT

agent

USER AGENT

userAgent

The "ticket granted" event

Headers

Name by specification

REMOTE_ADDR

addr

ACTION

"ticket granted"

USER INFO

mappedUsername (userName)

INFO

agentURL

MASTER SESSION

masterSessionId

LOGIN INFO

requestId

AGENT

agent

USER AGENT

userAgent

The "access denied" event

Headers

Name by specification

REMOTE_ADDR

addr

ACTION

"access denied"

USER INFO

 

INFO

reason

MASTER SESSION

masterSessionId

LOGIN INFO

 

AGENT

agent

USER AGENT

userAgent

The "logout" event

Headers

Name by specification

REMOTE_ADDR

addr

ACTION

"logout"

USER INFO

 

INFO

 

MASTER SESSION

masterSessionId

LOGIN INFO

 

AGENT

 

USER AGENT

userAgent

The "authentication method list" event

Headers

Name by specification

REMOTE_ADDR

addr

ACTION

"authentication method list"

USER INFO

 

INFO

 

MASTER SESSION

masterSessionId

LOGIN INFO

 

AGENT

agent

USER AGENT

userAgent


The "authentication method selected" event

Headers

Name by specification

REMOTE_ADDR

addr

ACTION

"authentication method selected"

USER INFO

 

INFO

 

MASTER SESSION

masterSessionId

LOGIN INFO

authMethod

AGENT

agent

USER AGENT

userAgent


The "assertion received" event

Headers

Name by specification

REMOTE_ADDR

addr

ACTION

"assertion received"

USER INFO

 

INFO

authenticatorId / attributes

MASTER SESSION

masterSessionId

LOGIN INFO

authMethod

AGENT

 

USER AGENT

userAgent


Entry Representation of Diag-Events:

Diagnostics events all follow the same convention.

All events

Headers

Description

TYPE

Which action / component caused the event

IP ADDRESS

The client's ip address

REQUEST ID

For tracing associated events

MESSAGE

Elaboration, also ext.msg (stacktrace or elaboration)