Context object fields

Context object fields

Each auditable event has an associated set of information that is available for logging. This information is grouped into specific context objects. The context objects that are available for logging a specific event are specified by the event type. This topic details the information that exists for each context object and specifies whether the information is logged by default or is only logged when the verbose logging option is enabled.

The SessionContextObj object

Field Type Description Default or Verbose logging
sessionId String An identifier for the user session Default
remoteAddr String The IP address for the remote host Default
remotePort String The port of the remote host Default
remoteHost String The host name of the remote host Default

The PropagationContextObj object

Field Type Description Default or Verbose logging
firstCaller String The identity of the first user in the caller list Default
callerList String array A list of names representing the identities of the users Verbose

The RegistryContextObj object

Field Type Description Default or Verbose logging
type String The type of user registry being used, such as LDAP or AIX Default

The ProcessContextObj object

Field Type Description Default or Verbose logging
domain String The domain to which the user belongs Verbose
realm String The registry partition to which the user belongs Default

The EventContextObj object

Field Type Description Default or Verbose logging
lastEventTrailId String The last ID associated with a given transaction Verbose
eventTrailId String array An array of IDs that allow events that belong to a given transaction to be correlated Default
creationTime Date The date an event was created Default
globalInstanceId Long The unique identifier of this event Default

The DelegationContextObj object

Field Type Description Default or Verbose logging
delegationType String no delegation, simple delegation, method delegation or switch user delegation Default
roleName String The Run as role being used: runAsClient, runAsSpecified, runAsSystem, own ID Default
identityName String Information about the mapped user Default

The AuthnContextObj object

Field Type Description Default or Verbose logging
authnType String The type of authentication used Default

The ProviderContextObj object

Field Type Description Default or Verbose logging
provider String The provider of the authentication or authorization service Default
providerStatus String Status of whether the authentication or authorization event processed successfully by the provider Default

The AuthnMappingContextObj object

Field Type Description Default or Verbose logging
mappedSecurityDomain String The security domain after mapping has occurred Default
mappedRealm String The realm after mapping has occurred Default
mappedUserName String The user name after mapping has occurred Default

The AuthnTermContextObj object

Field Type Description Default or Verbose logging
terminateReason String The reason authentication ended Default

The AccessContextObj object

Field Type Description Default or Verbose logging
progName String The name of the program that was involved in the event Default
action String The action being performed. Default
registryUserName String The name of the user in the registry Default
appUserName String The name of the user within an application Default
accessDecision String The decision of the authorization call Default
resourceName String The name of the resource in the context of the application Default
resourceType String The type of resource Default
resourceUniqueId Long The unique identifier of the resource Default
permissionsChecked String array The permissions that were checked during the authorization call Default
permissionsGranted String array The permissions that were granted during the authorization call Default
rolesChecked String array The roles that were checked during the authorization call Default
rolesGranted String array The roles that were granted during the authorization call Default

The PolicyContextObj object

Field Type Description Default or Verbose logging
policyName String The name of the policy Default
policyType String The type of policy Default

The KeyContextObj object

Field Type Description Default or Verbose logging
keyLabel String The key or certificate label Default
keyLocation String The physical location of the key database Default
certLifetime Date The date when a certificate expires Default

The CipherContextObj object

Field Type Description Default or Verbose logging
cipherData Byte array The cipher data that is captured Verbose

The MgmtContextObj object

Field Type Description Default or Verbose logging
mgmtType String The type of management operation Default
mgmtCommand String The application-specific command that was performed Default
targetInfoAttributes Target Atrribute array Information about one or more secondary objects involved in this operation Verbose

The ResponseContextObj object

Field Type Description Default or Verbose logging
url String The URL of the HTTP request Default
httpRequestHeaders Attributes array The HTTP request headers provided by the client Verbose
httpResponseHeaders Attributes array The HTTP response headers returned by the server Verbose

The CustomPropertyContextObj object

Field Type Description Default or Verbose logging
key String The label representing the custom property key name Verbose
value Object The object value of the custom property Verbose

Support Objects: Attributes

table describes the Attribute fields.
Field Type Description Default or Verbose logging
name String Name of the attribute Default
value String Value of the attribute Default
Source String Source of the attribute (user, application, or an input for authz rules) Default

Support Objects: TargetAttributes

table describes the TargetAttribute fields.
Field Type Description Default or Verbose logging
name String What object is the operation targeted against? Default
uniqueId Long Target's unique identifier Default

Runtime Event: Context Object mapping

All runtime events need sessionContext, eventContext, accessContext, propagationContext, processContext, and registryContext objects. In addition to these required context objects, each event needs the context objects listed for that event in the following table:

Event Type Context Objects
SECURITY_AUTHN authnContext, providerContext
SECURITY_AUTHN_CREDS_MODIFY

SECURITY_AUTHN_DELEGATION delegationContext
SECURITY_AUTHN_MAPPING authnMapping, providerContext
SECURITY_AUTHN_TERMINATE authnContext, providerContext, authnTermContext
SECURITY_AUTHZ providerContext, policyContext
SECURITY_ENCRYPTION keyContext
SECURITY_MGMT_AUDIT mgmtContext
SECURITY_MGMT_CONFIG mgmtContext
SECURITY_MGMT_KEY mgmtContext, keyContext
SECURITY_MGMT_POLICY mgmtContext, policyContext
SECURITY_MGMT_PROVISIONING mgmtContext, regObjContext
SECURITY_MGMT_REGISTRY mgmtContext, regObjContext
SECURITY_MGMT_RESOURCE mgmtContext
SECURITY_RESOURCE_ACCESS responseContext
SECURITY_RUNTIME

SECURITY_RUNTIME_KEY keyContext
SECURITY_SIGNING keyContext

Related tasks

Create security auditing event type filters
Audit the security infrastructure

Context objects for security auditing

Field	Type	Description	Default or Verbose logging
sessionId	String	An identifier for the user session	Default
remoteAddr	String	The IP address for the remote host	Default
remotePort	String	The port of the remote host	Default
remoteHost	String	The host name of the remote host	Default

Field	Type	Description	Default or Verbose logging
firstCaller	String	The identity of the first user in the caller list	Default
callerList	String array	A list of names representing the identities of the users	Verbose

Field	Type	Description	Default or Verbose logging
domain	String	The domain to which the user belongs	Verbose
realm	String	The registry partition to which the user belongs	Default

Field	Type	Description	Default or Verbose logging
lastEventTrailId	String	The last ID associated with a given transaction	Verbose
eventTrailId	String array	An array of IDs that allow events that belong to a given transaction to be correlated	Default
creationTime	Date	The date an event was created	Default
globalInstanceId	Long	The unique identifier of this event	Default

Field	Type	Description	Default or Verbose logging
delegationType	String	no delegation, simple delegation, method delegation or switch user delegation	Default
roleName	String	The Run as role being used: runAsClient, runAsSpecified, runAsSystem, own ID	Default
identityName	String	Information about the mapped user	Default

Field	Type	Description	Default or Verbose logging
provider	String	The provider of the authentication or authorization service	Default
providerStatus	String	Status of whether the authentication or authorization event processed successfully by the provider	Default

Field	Type	Description	Default or Verbose logging
mappedSecurityDomain	String	The security domain after mapping has occurred	Default
mappedRealm	String	The realm after mapping has occurred	Default
mappedUserName	String	The user name after mapping has occurred	Default

Field	Type	Description	Default or Verbose logging
progName	String	The name of the program that was involved in the event	Default
action	String	The action being performed.	Default
registryUserName	String	The name of the user in the registry	Default
appUserName	String	The name of the user within an application	Default
accessDecision	String	The decision of the authorization call	Default
resourceName	String	The name of the resource in the context of the application	Default
resourceType	String	The type of resource	Default
resourceUniqueId	Long	The unique identifier of the resource	Default
permissionsChecked	String array	The permissions that were checked during the authorization call	Default
permissionsGranted	String array	The permissions that were granted during the authorization call	Default
rolesChecked	String array	The roles that were checked during the authorization call	Default
rolesGranted	String array	The roles that were granted during the authorization call	Default

Field	Type	Description	Default or Verbose logging
policyName	String	The name of the policy	Default
policyType	String	The type of policy	Default

Field	Type	Description	Default or Verbose logging
keyLabel	String	The key or certificate label	Default
keyLocation	String	The physical location of the key database	Default
certLifetime	Date	The date when a certificate expires	Default

Field	Type	Description	Default or Verbose logging
mgmtType	String	The type of management operation	Default
mgmtCommand	String	The application-specific command that was performed	Default
targetInfoAttributes	Target Atrribute array	Information about one or more secondary objects involved in this operation	Verbose

Field	Type	Description	Default or Verbose logging
url	String	The URL of the HTTP request	Default
httpRequestHeaders	Attributes array	The HTTP request headers provided by the client	Verbose
httpResponseHeaders	Attributes array	The HTTP response headers returned by the server	Verbose

Field	Type	Description	Default or Verbose logging
key	String	The label representing the custom property key name	Verbose
value	Object	The object value of the custom property	Verbose

Field	Type	Description	Default or Verbose logging
name	String	Name of the attribute	Default
value	String	Value of the attribute	Default
Source	String	Source of the attribute (user, application, or an input for authz rules)	Default

Field	Type	Description	Default or Verbose logging
name	String	What object is the operation targeted against?	Default
uniqueId	Long	Target's unique identifier	Default

Event Type	Context Objects
SECURITY_AUTHN	authnContext, providerContext
SECURITY_AUTHN_CREDS_MODIFY
SECURITY_AUTHN_DELEGATION	delegationContext
SECURITY_AUTHN_MAPPING	authnMapping, providerContext
SECURITY_AUTHN_TERMINATE	authnContext, providerContext, authnTermContext
SECURITY_AUTHZ	providerContext, policyContext
SECURITY_ENCRYPTION	keyContext
SECURITY_MGMT_AUDIT	mgmtContext
SECURITY_MGMT_CONFIG	mgmtContext
SECURITY_MGMT_KEY	mgmtContext, keyContext
SECURITY_MGMT_POLICY	mgmtContext, policyContext
SECURITY_MGMT_PROVISIONING	mgmtContext, regObjContext
SECURITY_MGMT_REGISTRY	mgmtContext, regObjContext
SECURITY_MGMT_RESOURCE	mgmtContext
SECURITY_RESOURCE_ACCESS	responseContext
SECURITY_RUNTIME
SECURITY_RUNTIME_KEY	keyContext
SECURITY_SIGNING	keyContext