Context object fields


Each auditable event has an associated set of information that is available for logging. This information is grouped into specific context objects. The context objects that are available for logging a specific event are specified by the event type. This page details the information that exists for each context object and specifies whether the information is logged by default or is only logged when the verbose logging option is enabled.

 

The SessionContextObj object


Table 1. SessionContextObj fields

Field Type Description Default or Verbose logging
sessionId String An identifier for the user session Default
remoteAddr String The IP address for the remote host Default
remotePort String The port of the remote host Default
remoteHost String The host name of the remote host Default

 

The PropagationContextObj object


Table 2. PropagationContextObj fields

Field Type Description Default or Verbose logging
firstCaller String The identity of the first user in the caller list Default
callerList String array A list of names representing the identities of the users Verbose

 

The RegistryContextObj object


Table 3. RegistryContextObj fields

Field Type Description Default or Verbose logging
type String The type of user registry being used, such as LDAP or AIX Default

 

The ProcessContextObj object


Table 4. ProcessContextObj fields

Field Type Description Default or Verbose logging
domain String The domain to which the user belongs Verbose
realm String The registry partition to which the user belongs Default

 

The EventContextObj object


Table 5. EventContextObj fields

Field Type Description Default or Verbose logging
lastEventTrailId String The last ID associated with a given transaction Verbose
eventTrailId String array An array of IDs that allow events that belong to a given transaction to be correlated Default
creationTime Date The date an event was created Default
globalInstanceId Long The unique identifier of this event Default

 

The DelegationContextObj object


Table 6. DelegationContextObj fields

Field Type Description Default or Verbose logging
delegationType String no delegation, simple delegation, method delegation or switch user delegation Default
roleName String The Run as role being used: runAsClient, runAsSpecified, runAsSystem, own ID Default
identityName String Information about the mapped user Default

 

The AuthnContextObj object


Table 7. AuthnContextObj fields

Field Type Description Default or Verbose logging
authnType String The type of authentication used Default

 

The ProviderContextObj object


Table 8. ProviderContextObj fields

Field Type Description Default or Verbose logging
provider String The provider of the authentication or authorization service Default
providerStatus String Status of whether the authentication or authorization event processed successfully by the provider Default

 

The AuthnMappingContextObj object


Table 9. AuthnMappingContextObj fields

Field Type Description Default or Verbose logging
mappedSecurityDomain String The security domain after mapping has occurred Default
mappedRealm String The realm after mapping has occurred Default
mappedUserName String The user name after mapping has occurred Default

 

The AuthnTermContextObj object


Table 10. AuthnTermContextObj fields

Field Type Description Default or Verbose logging
terminateReason String The reason authentication ended Default

 

The AccessContextObj object


Table 11. AccessContextObj fields

Field Type Description Default or Verbose logging
progName String The name of the program that was involved in the event Default
action String The action being performed. Default
registryUserName String The name of the user in the registry Default
appUserName String The name of the user within an application Default
accessDecision String The decision of the authorization call Default
resourceName String The name of the resource in the context of the application Default
resourceType String The type of resource Default
resourceUniqueId Long The unique identifier of the resource Default
permissionsChecked String array The permissions that were checked during the authorization call Default
permissionsGranted String array The permissions that were granted during the authorization call Default
rolesChecked String array The roles that were checked during the authorization call Default
rolesGranted String array The roles that were granted during the authorization call Default

 

The PolicyContextObj object


Table 12. PolicyContextObj fields

Field Type Description Default or Verbose logging
policyName String The name of the policy Default
policyType String The type of policy Default

 

The KeyContextObj object


Table 13. KeyContextObj fields

Field Type Description Default or Verbose logging
keyLabel String The key or certificate label Default
keyLocation String The physical location of the key database Default
certLifetime Date The date when a certificate expires Default

 

The CipherContextObj object


Table 14. CipherContextObj fields

Field Type Description Default or Verbose logging
cipherData Byte array The cipher data that is captured Verbose

 

The MgmtContextObj object


Table 15. MgmtContextObj fields

Field Type Description Default or Verbose logging
mgmtType String The type of management operation Default
mgmtCommand String The application-specific command that was performed Default
targetInfoAttributes Target Atrribute array Information about one or more secondary objects involved in this operation Verbose

 

The ResponseContextObj object


Table 16. ResponseContextObj fields

Field Type Description Default or Verbose logging
url String The URL of the HTTP request Default
httpRequestHeaders Attributes array The HTTP request headers provided by the client Verbose
httpResponseHeaders Attributes array The HTTP response headers returned by the server Verbose

 

The CustomPropertyContextObj object


Table 17. CustomPropertyContextObj fields

Field Type Description Default or Verbose logging
key String The label representing the custom property key name Verbose
value Object The object value of the custom property Verbose





 

Related tasks


Audit the security infrastructure
Create security auditing event type filters

 

Related


Context objects for security auditing