Context object fields

Context object fields

Each auditable event has an associated set of information that is available for logging. This information is grouped into specific context objects. The context objects that are available for logging a specific event are specified by the event type. This page details the information that exists for each context object and specifies whether the information is logged by default or is only logged when the verbose logging option is enabled.

The SessionContextObj object

Table 1. SessionContextObj fields

Field Type Description Default or Verbose logging
sessionId String An identifier for the user session Default
remoteAddr String The IP address for the remote host Default
remotePort String The port of the remote host Default
remoteHost String The host name of the remote host Default

The PropagationContextObj object

Table 2. PropagationContextObj fields

Field Type Description Default or Verbose logging
firstCaller String The identity of the first user in the caller list Default
callerList String array A list of names representing the identities of the users Verbose

The RegistryContextObj object

Table 3. RegistryContextObj fields

Field Type Description Default or Verbose logging
type String The type of user registry being used, such as LDAP or AIX Default

The ProcessContextObj object

Table 4. ProcessContextObj fields

Field Type Description Default or Verbose logging
domain String The domain to which the user belongs Verbose
realm String The registry partition to which the user belongs Default

The EventContextObj object

Table 5. EventContextObj fields

Field Type Description Default or Verbose logging
lastEventTrailId String The last ID associated with a given transaction Verbose
eventTrailId String array An array of IDs that allow events that belong to a given transaction to be correlated Default
creationTime Date The date an event was created Default
globalInstanceId Long The unique identifier of this event Default

The DelegationContextObj object

Table 6. DelegationContextObj fields

Field Type Description Default or Verbose logging
delegationType String no delegation, simple delegation, method delegation or switch user delegation Default
roleName String The Run as role being used: runAsClient, runAsSpecified, runAsSystem, own ID Default
identityName String Information about the mapped user Default

The AuthnContextObj object

Table 7. AuthnContextObj fields

Field Type Description Default or Verbose logging
authnType String The type of authentication used Default

The ProviderContextObj object

Table 8. ProviderContextObj fields

Field Type Description Default or Verbose logging
provider String The provider of the authentication or authorization service Default
providerStatus String Status of whether the authentication or authorization event processed successfully by the provider Default

The AuthnMappingContextObj object

Table 9. AuthnMappingContextObj fields

Field Type Description Default or Verbose logging
mappedSecurityDomain String The security domain after mapping has occurred Default
mappedRealm String The realm after mapping has occurred Default
mappedUserName String The user name after mapping has occurred Default

The AuthnTermContextObj object

Table 10. AuthnTermContextObj fields

Field Type Description Default or Verbose logging
terminateReason String The reason authentication ended Default

The AccessContextObj object

Table 11. AccessContextObj fields

Field Type Description Default or Verbose logging
progName String The name of the program that was involved in the event Default
action String The action being performed. Default
registryUserName String The name of the user in the registry Default
appUserName String The name of the user within an application Default
accessDecision String The decision of the authorization call Default
resourceName String The name of the resource in the context of the application Default
resourceType String The type of resource Default
resourceUniqueId Long The unique identifier of the resource Default
permissionsChecked String array The permissions that were checked during the authorization call Default
permissionsGranted String array The permissions that were granted during the authorization call Default
rolesChecked String array The roles that were checked during the authorization call Default
rolesGranted String array The roles that were granted during the authorization call Default

The PolicyContextObj object

Table 12. PolicyContextObj fields

Field Type Description Default or Verbose logging
policyName String The name of the policy Default
policyType String The type of policy Default

The KeyContextObj object

Table 13. KeyContextObj fields

Field Type Description Default or Verbose logging
keyLabel String The key or certificate label Default
keyLocation String The physical location of the key database Default
certLifetime Date The date when a certificate expires Default

The CipherContextObj object

Table 14. CipherContextObj fields

Field Type Description Default or Verbose logging
cipherData Byte array The cipher data that is captured Verbose

The MgmtContextObj object

Table 15. MgmtContextObj fields

Field Type Description Default or Verbose logging
mgmtType String The type of management operation Default
mgmtCommand String The application-specific command that was performed Default
targetInfoAttributes Target Atrribute array Information about one or more secondary objects involved in this operation Verbose

The ResponseContextObj object

Table 16. ResponseContextObj fields

Field Type Description Default or Verbose logging
url String The URL of the HTTP request Default
httpRequestHeaders Attributes array The HTTP request headers provided by the client Verbose
httpResponseHeaders Attributes array The HTTP response headers returned by the server Verbose

The CustomPropertyContextObj object

Table 17. CustomPropertyContextObj fields

Field Type Description Default or Verbose logging
key String The label representing the custom property key name Verbose
value Object The object value of the custom property Verbose

Related tasks

Audit the security infrastructure
Create security auditing event type filters

Related

Context objects for security auditing

Field	Type	Description	Default or Verbose logging
sessionId	String	An identifier for the user session	Default
remoteAddr	String	The IP address for the remote host	Default
remotePort	String	The port of the remote host	Default
remoteHost	String	The host name of the remote host	Default

Field	Type	Description	Default or Verbose logging
firstCaller	String	The identity of the first user in the caller list	Default
callerList	String array	A list of names representing the identities of the users	Verbose

Field	Type	Description	Default or Verbose logging
domain	String	The domain to which the user belongs	Verbose
realm	String	The registry partition to which the user belongs	Default

Field	Type	Description	Default or Verbose logging
lastEventTrailId	String	The last ID associated with a given transaction	Verbose
eventTrailId	String array	An array of IDs that allow events that belong to a given transaction to be correlated	Default
creationTime	Date	The date an event was created	Default
globalInstanceId	Long	The unique identifier of this event	Default

Field	Type	Description	Default or Verbose logging
delegationType	String	no delegation, simple delegation, method delegation or switch user delegation	Default
roleName	String	The Run as role being used: runAsClient, runAsSpecified, runAsSystem, own ID	Default
identityName	String	Information about the mapped user	Default

Field	Type	Description	Default or Verbose logging
provider	String	The provider of the authentication or authorization service	Default
providerStatus	String	Status of whether the authentication or authorization event processed successfully by the provider	Default

Field	Type	Description	Default or Verbose logging
mappedSecurityDomain	String	The security domain after mapping has occurred	Default
mappedRealm	String	The realm after mapping has occurred	Default
mappedUserName	String	The user name after mapping has occurred	Default

Field	Type	Description	Default or Verbose logging
progName	String	The name of the program that was involved in the event	Default
action	String	The action being performed.	Default
registryUserName	String	The name of the user in the registry	Default
appUserName	String	The name of the user within an application	Default
accessDecision	String	The decision of the authorization call	Default
resourceName	String	The name of the resource in the context of the application	Default
resourceType	String	The type of resource	Default
resourceUniqueId	Long	The unique identifier of the resource	Default
permissionsChecked	String array	The permissions that were checked during the authorization call	Default
permissionsGranted	String array	The permissions that were granted during the authorization call	Default
rolesChecked	String array	The roles that were checked during the authorization call	Default
rolesGranted	String array	The roles that were granted during the authorization call	Default

Field	Type	Description	Default or Verbose logging
policyName	String	The name of the policy	Default
policyType	String	The type of policy	Default

Field	Type	Description	Default or Verbose logging
keyLabel	String	The key or certificate label	Default
keyLocation	String	The physical location of the key database	Default
certLifetime	Date	The date when a certificate expires	Default

Field	Type	Description	Default or Verbose logging
mgmtType	String	The type of management operation	Default
mgmtCommand	String	The application-specific command that was performed	Default
targetInfoAttributes	Target Atrribute array	Information about one or more secondary objects involved in this operation	Verbose

Field	Type	Description	Default or Verbose logging
url	String	The URL of the HTTP request	Default
httpRequestHeaders	Attributes array	The HTTP request headers provided by the client	Verbose
httpResponseHeaders	Attributes array	The HTTP response headers returned by the server	Verbose

Field	Type	Description	Default or Verbose logging
key	String	The label representing the custom property key name	Verbose
value	Object	The object value of the custom property	Verbose