Login Events

New Contributor
New Contributor



I have taken a look at the data produced by a test audit log from Saviynt and there are some additional questions. We require the following Login, User access management and System security events.
Login events
Records of successful and failed attempts to access an Saviynt EIGA
Typically, they include the following information:
 who attempted to access Saviynt EIGA
 from which system the activity occurred (i.e. source)
 when the activity occurred (i.e. timestamp)
 what the result was (i.e. access was successful or failed)
User access management events
Records of successful creation, modification, or removal of identities & roles (e.g. users, groups, roles, profiles) in Saviynt as well as assignment or revocation of permissions to such identities.
Typically, they include the following information:
 which identity (e.g. user, group, role, profile) was created, modified or deleted
 which permission sets were created, modified or deleted
 which permission sets were assigned to or revoked from an identity
 who triggered the activity
 from which system the activity occurred (i.e. source)
 when the activity occurred (i.e. timestamp)
System security events
Records of key security-related changes or activities to Saviynt EIGA along with the corresponding date and time of occurrence.
Typically, they include the following events:
 alteration or deactivation of the security log
 changes to the configuration of the Saviynt EIGA
 modifications of other settings that affect the security of the Saviynt EIGA (e.g. password composition parameters)
 who triggered the activity
 from which system the activity occurred (i.e. source)
 when the activity occurred (i.e. timestamp)
Is it possible to get the necessary Login events from the application audit log? (The file created on the filesystem)
Is it possible to generate the User access management and System security events from the database audits?




For Database event possible way is OOTB Trigger which can be fired to capture Backend Database CRUD in Database

Saviynt Employee
Saviynt Employee

Hi @Jay_RRP 

Thank you for reaching out to us, 

Could you please confirm for wich version are you looking for the logs details? I could see you have selected 3 versions. 

If you are on v2021 then your failed login will be recorded in ECM pod logs as below: 

ecm2022-08-09T09:46:08.849+0000{log":"2022-08-09 09:46:08147 [http-nio-8080-exec-2] DEBUG auth.LoginController  - thresholdcount...4\n"stream:"stdout"time:"2022-08-09T09:46:08.147460128Z"}"
ecm2022-08-09T09:46:08.849+0000{log":"2022-08-09 09:46:08149 [http-nio-8080-exec-2] DEBUG auth.LoginController  - Before failed tries entry of user...admin\n"stream:"stdout"time:"2022-08-09T09:46:08.150076409Z"}"
ecm2022-08-09T09:46:08.849+0000{log":"2022-08-09 09:46:08245 [http-nio-8080-exec-2] DEBUG security.LoginService  - start to update failed login entries....\n"stream:"stdout"time:"2022-08-09T09:46:08.245312627Z"}"
ecm2022-08-09T09:46:08.849+0000{log":"2022-08-09 09:46:08248 [http-nio-8080-exec-2] DEBUG security.LoginService  - thresholdtime...600\n"stream:"stdout"time:"2022-08-09T09:46:08.248207618Z"}"
ecm2022-08-09T09:46:08.849+0000{log":"2022-08-09 09:46:08248 [http-nio-8080-exec-2] DEBUG security.LoginService  - isLocalAuthEnabled...true\n"stream:"stdout"time:"2022-08-09T09:46:08.248242375Z"}"
ecm2022-08-09T09:46:08.849+0000{log":"2022-08-09 09:46:08248 [http-nio-8080-exec-2] DEBUG security.LoginService  - Inside updating failed tries entry...\n"stream:"stdout"time:"2022-08-09T09:46:08.24825158Z"}"
ecm2022-08-09T09:46:08.849+0000{log":"2022-08-09 09:46:08248 [http-nio-8080-exec-2] DEBUG security.LoginService  - updating users failed tries...\n"stream:"stdout"time:"2022-08-09T09:46:08.24825854Z"}"
ecm2022-08-09T09:46:08.849+0000{log":"2022-08-09 09:46:08260 [http-nio-8080-exec-2] DEBUG changeaction.UserChangeActionService  - Update Fields for User History Tabs : []\n"stream:"stdout"time:"2022-08-09T09:46:08.260926186Z"}"
ecm2022-08-09T09:46:08.849+0000{log":"2022-08-09 09:46:08260 [http-nio-8080-exec-2] DEBUG println.PrintlnToLogger  - Println :: updatedFields [updatedate]\n"stream:"stdout"time:"2022-08-09T09:46:08.260954322Z"}"
ecm2022-08-09T09:46:08.849+0000{log":"2022-08-09 09:46:08263 [http-nio-8080-exec-2] DEBUG changeaction.UserChangeActionService  - inlineeval = false\n"stream:"stdout"time:"2022-08-09T09:46:08.26328263Z"}"
ecm2022-08-09T09:46:08.849+0000{log":"2022-08-09 09:46:08269 [http-nio-8080-exec-2] DEBUG println.PrintlnToLogger  - Println :: this is update state\n"stream:"stdout"time:"2022-08-09T09:46:08.26965033Z"}"
ecm2022-08-09T09:46:08.849+0000{log":"2022-08-09 09:46:08269 [http-nio-8080-exec-2] DEBUG security.LoginService  - thresholdcount: 4 accountLocked: false failedTries:  1\n"
ecm2022-08-09T09:46:08.849+0000{log":"2022-08-09 09:46:08269 [http-nio-8080-exec-2] DEBUG security.LoginService  - end of update failed login entries....\n"stream:"stdout"time:"2022-08-09T09:46:08.269940363Z"}"
ecm2022-08-09T09:46:08.849+0000{log":"2022-08-09 09:46:08278 [http-nio-8080-exec-2] DEBUG auth.LoginController  - Entered password is valid...false\n"stream:"stdout"time:"2022-08-09T09:46:08.278605911Z"}"

let us know if this helps, 


New Contributor
New Contributor

Hi Belwyn,

Thank you for your response. We have sp5.5 sp3.11 and 2021.x.