Saviynt Forums

Jay_RRP · ‎08/09/2022

Hi,

I have taken a look at the data produced by a test audit log from Saviynt and there are some additional questions. We require the following Login, User access management and System security events.

Login events

Records of successful and failed attempts to access an Saviynt EIGA

Typically, they include the following information:

who attempted to access Saviynt EIGA

from which system the activity occurred (i.e. source)

when the activity occurred (i.e. timestamp)

what the result was (i.e. access was successful or failed)

User access management events

Records of successful creation, modification, or removal of identities & roles (e.g. users, groups, roles, profiles) in Saviynt as well as assignment or revocation of permissions to such identities.

Typically, they include the following information:

which identity (e.g. user, group, role, profile) was created, modified or deleted

which permission sets were created, modified or deleted

which permission sets were assigned to or revoked from an identity

who triggered the activity

from which system the activity occurred (i.e. source)

when the activity occurred (i.e. timestamp)

System security events

Records of key security-related changes or activities to Saviynt EIGA along with the corresponding date and time of occurrence.

Typically, they include the following events:

alteration or deactivation of the security log

changes to the configuration of the Saviynt EIGA

modifications of other settings that affect the security of the Saviynt EIGA (e.g. password composition parameters)

who triggered the activity

from which system the activity occurred (i.e. source)

when the activity occurred (i.e. timestamp)

Is it possible to get the necessary Login events from the application audit log? (The file created on the filesystem)

Is it possible to generate the User access management and System security events from the database audits?

Thanks

rushikeshvartak · ‎08/09/2022

For Database event possible way is OOTB Trigger which can be fired to capture Backend Database CRUD in Database

Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

Belwyn · ‎08/09/2022

Hi @Jay_RRP

Thank you for reaching out to us,

Could you please confirm for wich version are you looking for the logs details? I could see you have selected 3 versions.

If you are on v2021 then your failed login will be recorded in ECM pod logs as below:

ecm	2022-08-09T09:46:08.849+0000	{log":"2022-08-09 09:46:08	147 [http-nio-8080-exec-2] DEBUG auth.LoginController - thresholdcount...4\n"	stream:"stdout"	time:"2022-08-09T09:46:08.147460128Z"}"
ecm	2022-08-09T09:46:08.849+0000	{log":"2022-08-09 09:46:08	149 [http-nio-8080-exec-2] DEBUG auth.LoginController - Before failed tries entry of user...admin\n"	stream:"stdout"	time:"2022-08-09T09:46:08.150076409Z"}"
ecm	2022-08-09T09:46:08.849+0000	{log":"2022-08-09 09:46:08	245 [http-nio-8080-exec-2] DEBUG security.LoginService - start to update failed login entries....\n"	stream:"stdout"	time:"2022-08-09T09:46:08.245312627Z"}"
ecm	2022-08-09T09:46:08.849+0000	{log":"2022-08-09 09:46:08	248 [http-nio-8080-exec-2] DEBUG security.LoginService - thresholdtime...600\n"	stream:"stdout"	time:"2022-08-09T09:46:08.248207618Z"}"
ecm	2022-08-09T09:46:08.849+0000	{log":"2022-08-09 09:46:08	248 [http-nio-8080-exec-2] DEBUG security.LoginService - isLocalAuthEnabled...true\n"	stream:"stdout"	time:"2022-08-09T09:46:08.248242375Z"}"
ecm	2022-08-09T09:46:08.849+0000	{log":"2022-08-09 09:46:08	248 [http-nio-8080-exec-2] DEBUG security.LoginService - Inside updating failed tries entry...\n"	stream:"stdout"	time:"2022-08-09T09:46:08.24825158Z"}"
ecm	2022-08-09T09:46:08.849+0000	{log":"2022-08-09 09:46:08	248 [http-nio-8080-exec-2] DEBUG security.LoginService - updating users failed tries...\n"	stream:"stdout"	time:"2022-08-09T09:46:08.24825854Z"}"
ecm	2022-08-09T09:46:08.849+0000	{log":"2022-08-09 09:46:08	260 [http-nio-8080-exec-2] DEBUG changeaction.UserChangeActionService - Update Fields for User History Tabs : []\n"	stream:"stdout"	time:"2022-08-09T09:46:08.260926186Z"}"
ecm	2022-08-09T09:46:08.849+0000	{log":"2022-08-09 09:46:08	260 [http-nio-8080-exec-2] DEBUG println.PrintlnToLogger - Println :: updatedFields [updatedate]\n"	stream:"stdout"	time:"2022-08-09T09:46:08.260954322Z"}"
ecm	2022-08-09T09:46:08.849+0000	{log":"2022-08-09 09:46:08	263 [http-nio-8080-exec-2] DEBUG changeaction.UserChangeActionService - inlineeval = false\n"	stream:"stdout"	time:"2022-08-09T09:46:08.26328263Z"}"
ecm	2022-08-09T09:46:08.849+0000	{log":"2022-08-09 09:46:08	269 [http-nio-8080-exec-2] DEBUG println.PrintlnToLogger - Println :: this is update state\n"	stream:"stdout"	time:"2022-08-09T09:46:08.26965033Z"}"
ecm	2022-08-09T09:46:08.849+0000	{log":"2022-08-09 09:46:08	269 [http-nio-8080-exec-2] DEBUG security.LoginService - thresholdcount: 4	accountLocked: false	failedTries: 1\n"
ecm	2022-08-09T09:46:08.849+0000	{log":"2022-08-09 09:46:08	269 [http-nio-8080-exec-2] DEBUG security.LoginService - end of update failed login entries....\n"	stream:"stdout"	time:"2022-08-09T09:46:08.269940363Z"}"
ecm	2022-08-09T09:46:08.849+0000	{log":"2022-08-09 09:46:08	278 [http-nio-8080-exec-2] DEBUG auth.LoginController - Entered password is valid...false\n"	stream:"stdout"	time:"2022-08-09T09:46:08.278605911Z"}"

let us know if this helps,

Regards,

Belwyn.

Jay_RRP · ‎08/09/2022

Hi Belwyn,

Thank you for your response. We have sp5.5 sp3.11 and 2021.x.

Regards

Jay

Saviynt Forums

Login Events