Context object fields
Each auditable event has an associated set of information available for logging. This information is grouped into specific context objects. The context objects available for logging a specific event are specified by the event type. This topic details the information that exists for each context object and specifies whether the information is logged by default or is only logged when the verbose logging option is enabled.
The SessionContextObj object
Field Type Description Default or Verbose logging sessionId String An identifier for the user session Default remoteAddr String The IP address for the remote host Default remotePort String The port of the remote host Default remoteHost String The host name of the remote host Default
The PropagationContextObj object
Field Type Description Default or Verbose logging firstCaller String The identity of the first user in the caller list Default callerList String array A list of names representing the identities of the users Verbose
The RegistryContextObj object
Field Type Description Default or Verbose logging type String The type of user registry being used, such as LDAP or AIX Default
The ProcessContextObj object
Field Type Description Default or Verbose logging domain String The domain to which the user belongs Verbose realm String The registry partition to which the user belongs Default
The EventContextObj object
Field Type Description Default or Verbose logging lastEventTrailId String The last ID associated with a given transaction Verbose eventTrailId String array An array of IDs that allow events that belong to a given transaction to be correlated Default creationTime Date The date an event was created Default globalInstanceId Long The unique identifier of this event Default
The DelegationContextObj object
Field Type Description Default or Verbose logging delegationType String no delegation, simple delegation, method delegation or switch user delegation Default roleName String The Run as role being used: runAsClient, runAsSpecified, runAsSystem, own ID Default identityName String Information about the mapped user Default
The AuthnContextObj object
Field Type Description Default or Verbose logging authnType String The type of authentication used Default
The ProviderContextObj object
Field Type Description Default or Verbose logging provider String The provider of the authentication or authorization service Default providerStatus String Status of whether the authentication or authorization event processed successfully by the provider Default
The AuthnMappingContextObj object
Field Type Description Default or Verbose logging mappedSecurityDomain String The security domain after mapping has occurred Default mappedRealm String The realm after mapping has occurred Default mappedUserName String The user name after mapping has occurred Default
The AuthnTermContextObj object
Field Type Description Default or Verbose logging terminateReason String The reason authentication ended Default
The AccessContextObj object
Field Type Description Default or Verbose logging progName String The name of the program that was involved in the event Default action String The action being performed. Default registryUserName String The name of the user in the registry Default appUserName String The name of the user within an application Default accessDecision String The decision of the authorization call Default resourceName String The name of the resource in the context of the application Default resourceType String The type of resource Default resourceUniqueId Long The unique identifier of the resource Default permissionsChecked String array The permissions that were checked during the authorization call Default permissionsGranted String array The permissions that were granted during the authorization call Default rolesChecked String array The roles that were checked during the authorization call Default rolesGranted String array The roles that were granted during the authorization call Default
The PolicyContextObj object
Field Type Description Default or Verbose logging policyName String The name of the policy Default policyType String The type of policy Default
The KeyContextObj object
Field Type Description Default or Verbose logging keyLabel String The key or certificate label Default keyLocation String The physical location of the key database Default certLifetime Date The date when a certificate expires Default
The CipherContextObj object
Field Type Description Default or Verbose logging cipherData Byte array The cipher data that is captured Verbose
The MgmtContextObj object
Field Type Description Default or Verbose logging mgmtType String The type of management operation Default mgmtCommand String The application-specific command that was performed Default targetInfoAttributes Target Atrribute array Information about one or more secondary objects involved in this operation Verbose
The ResponseContextObj object
Field Type Description Default or Verbose logging url String The URL of the HTTP request Default httpRequestHeaders Attributes array The HTTP request headers provided by the client Verbose httpResponseHeaders Attributes array The HTTP response headers returned by the server Verbose
The CustomPropertyContextObj object
Field Type Description Default or Verbose logging key String The label representing the custom property key name Verbose value Object The object value of the custom property Verbose
Supporting Objects: Attributes
Field Type Description Default or Verbose logging name String Name of the attribute Default value String Value of the attribute Default Source String Source of the attribute (user, application, or an input for authz rules) Default
Supporting Objects: TargetAttributes
Field Type Description Default or Verbose logging name String What object is the operation targeted against? Default uniqueId Long Target's unique identifier Default
Runtime Event: Context Object mapping
All runtime events need sessionContext, eventContext, accessContext, propagationContext, processContext, and registryContext objects. In addition to these required context objects, each event needs the context objects listed for that event in the following table:
Event Type Context Objects SECURITY_AUTHN authnContext, providerContext SECURITY_AUTHN_CREDS_MODIFY
SECURITY_AUTHN_DELEGATION delegationContext SECURITY_AUTHN_MAPPING authnMapping, providerContext SECURITY_AUTHN_TERMINATE authnContext, providerContext, authnTermContext SECURITY_AUTHZ providerContext, policyContext SECURITY_ENCRYPTION keyContext SECURITY_MGMT_AUDIT mgmtContext SECURITY_MGMT_CONFIG mgmtContext SECURITY_MGMT_KEY mgmtContext, keyContext SECURITY_MGMT_POLICY mgmtContext, policyContext SECURITY_MGMT_PROVISIONING mgmtContext, regObjContext SECURITY_MGMT_REGISTRY mgmtContext, regObjContext SECURITY_MGMT_RESOURCE mgmtContext SECURITY_RESOURCE_ACCESS responseContext SECURITY_RUNTIME
SECURITY_RUNTIME_KEY keyContext SECURITY_SIGNING keyContext
Create security auditing event type filters Auditing the security infrastructure Context objects for security auditing