This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Login Events

Jay_RRP
New Contributor
New Contributor

‎08-09-2022 01:49 AM

Hi,

 

I have taken a look at the data produced by a test audit log from Saviynt and there are some additional questions. We require the following Login, User access management and System security events.
 
Login events
Records of successful and failed attempts to access an Saviynt EIGA
Typically, they include the following information:
 who attempted to access Saviynt EIGA
 from which system the activity occurred (i.e. source)
 when the activity occurred (i.e. timestamp)
 what the result was (i.e. access was successful or failed)
 
User access management events
Records of successful creation, modification, or removal of identities & roles (e.g. users, groups, roles, profiles) in Saviynt as well as assignment or revocation of permissions to such identities.
Typically, they include the following information:
 which identity (e.g. user, group, role, profile) was created, modified or deleted
 which permission sets were created, modified or deleted
 which permission sets were assigned to or revoked from an identity
 who triggered the activity
 from which system the activity occurred (i.e. source)
 when the activity occurred (i.e. timestamp)
 
System security events
Records of key security-related changes or activities to Saviynt EIGA along with the corresponding date and time of occurrence.
Typically, they include the following events:
 alteration or deactivation of the security log
 changes to the configuration of the Saviynt EIGA
 modifications of other settings that affect the security of the Saviynt EIGA (e.g. password composition parameters)
 who triggered the activity
 from which system the activity occurred (i.e. source)
 when the activity occurred (i.e. timestamp)
 
Is it possible to get the necessary Login events from the application audit log? (The file created on the filesystem)
Is it possible to generate the User access management and System security events from the database audits?
 
Thanks

 

Labels:
0 Kudos
3 REPLIES 3

rushikeshvartak
All-Star
All-Star

‎08-09-2022 04:19 AM

For Database event possible way is OOTB Trigger which can be fired to capture Backend Database CRUD in Database


Regards,
Rushikesh Vartak
0 Kudos

Belwyn
Saviynt Employee
Saviynt Employee

‎08-09-2022 06:39 AM

Hi @Jay_RRP 

Thank you for reaching out to us, 

Could you please confirm for wich version are you looking for the logs details? I could see you have selected 3 versions. 

If you are on v2021 then your failed login will be recorded in ECM pod logs as below: 

ecm2022-08-09T09:46:08.849+0000{log":"2022-08-09 09:46:08147 [http-nio-8080-exec-2] DEBUG auth.LoginController  - thresholdcount...4\n"stream:"stdout"time:"2022-08-09T09:46:08.147460128Z"}"
ecm2022-08-09T09:46:08.849+0000{log":"2022-08-09 09:46:08149 [http-nio-8080-exec-2] DEBUG auth.LoginController  - Before failed tries entry of user...admin\n"stream:"stdout"time:"2022-08-09T09:46:08.150076409Z"}"
ecm2022-08-09T09:46:08.849+0000{log":"2022-08-09 09:46:08245 [http-nio-8080-exec-2] DEBUG security.LoginService  - start to update failed login entries....\n"stream:"stdout"time:"2022-08-09T09:46:08.245312627Z"}"
ecm2022-08-09T09:46:08.849+0000{log":"2022-08-09 09:46:08248 [http-nio-8080-exec-2] DEBUG security.LoginService  - thresholdtime...600\n"stream:"stdout"time:"2022-08-09T09:46:08.248207618Z"}"
ecm2022-08-09T09:46:08.849+0000{log":"2022-08-09 09:46:08248 [http-nio-8080-exec-2] DEBUG security.LoginService  - isLocalAuthEnabled...true\n"stream:"stdout"time:"2022-08-09T09:46:08.248242375Z"}"
ecm2022-08-09T09:46:08.849+0000{log":"2022-08-09 09:46:08248 [http-nio-8080-exec-2] DEBUG security.LoginService  - Inside updating failed tries entry...\n"stream:"stdout"time:"2022-08-09T09:46:08.24825158Z"}"
ecm2022-08-09T09:46:08.849+0000{log":"2022-08-09 09:46:08248 [http-nio-8080-exec-2] DEBUG security.LoginService  - updating users failed tries...\n"stream:"stdout"time:"2022-08-09T09:46:08.24825854Z"}"
ecm2022-08-09T09:46:08.849+0000{log":"2022-08-09 09:46:08260 [http-nio-8080-exec-2] DEBUG changeaction.UserChangeActionService  - Update Fields for User History Tabs : []\n"stream:"stdout"time:"2022-08-09T09:46:08.260926186Z"}"
ecm2022-08-09T09:46:08.849+0000{log":"2022-08-09 09:46:08260 [http-nio-8080-exec-2] DEBUG println.PrintlnToLogger  - Println :: updatedFields [updatedate]\n"stream:"stdout"time:"2022-08-09T09:46:08.260954322Z"}"
ecm2022-08-09T09:46:08.849+0000{log":"2022-08-09 09:46:08263 [http-nio-8080-exec-2] DEBUG changeaction.UserChangeActionService  - inlineeval = false\n"stream:"stdout"time:"2022-08-09T09:46:08.26328263Z"}"
ecm2022-08-09T09:46:08.849+0000{log":"2022-08-09 09:46:08269 [http-nio-8080-exec-2] DEBUG println.PrintlnToLogger  - Println :: this is update state\n"stream:"stdout"time:"2022-08-09T09:46:08.26965033Z"}"
ecm2022-08-09T09:46:08.849+0000{log":"2022-08-09 09:46:08269 [http-nio-8080-exec-2] DEBUG security.LoginService  - thresholdcount: 4 accountLocked: false failedTries:  1\n"
ecm2022-08-09T09:46:08.849+0000{log":"2022-08-09 09:46:08269 [http-nio-8080-exec-2] DEBUG security.LoginService  - end of update failed login entries....\n"stream:"stdout"time:"2022-08-09T09:46:08.269940363Z"}"
ecm2022-08-09T09:46:08.849+0000{log":"2022-08-09 09:46:08278 [http-nio-8080-exec-2] DEBUG auth.LoginController  - Entered password is valid...false\n"stream:"stdout"time:"2022-08-09T09:46:08.278605911Z"}"

let us know if this helps, 

Regards, 
Belwyn.
0 Kudos

Jay_RRP
New Contributor
New Contributor
In response to Belwyn

‎08-09-2022 06:42 AM

Hi Belwyn,

Thank you for your response. We have sp5.5 sp3.11 and 2021.x.

Regards

Jay

0 Kudos
Copyright © 2023 Khoros, LLC