Audit Codes¶
4.2.4¶
secOps (1xxx)¶
Code | Message | Target |
---|---|---|
1000 | Create user | User |
1001 | Update user | User |
1002 | Delete user | User |
1003 | Update user’s password | User |
1004 | Lock user | User |
1005 | Unlock user | User |
1006 | Clear user’s failed login attempts | User |
1007 | Clear user’s old passwords | User |
1008 | Log out all users | Users |
1009 | User login succeeded | User |
1010 | User login failed | User |
1011 | Log out user | User |
1012 | Not authorized | User |
1013 | Not permitted | User |
1014 | Create role | Role |
1015 | Update role | Role |
1016 | Delete role | Role |
1017 | Update authentication configuration | Authentication |
1018 | Update tunnel configuration | Tunnel |
1019 | Update SSL configuration | SSL |
1020 | Update redaction configuration | Redaction |
1021 | Clear audit log | AuditLog |
1022 | Update audit configuration | AuditLog |
1023 | Audit error | |
1024 | Create session | Session |
1025 | Delete session | Session |
1026 | Enable SSH remote access | SSH |
1027 | Disable SSH remote access | SSH |
1028 | Create API key | APIKey |
1029 | Update API key | APIKey |
1030 | Delete API key | APIKey |
1031 | Lock API key | APIKey |
1032 | Unlock API key | APIKey |
1033 | Update Strict-Transport-Secu rity HTTP header configuration | HSTS |
1034 | Update user interface port configuration | UIPorts |
1035 | Update global redaction settings | GlobalRedaction |
1036 | Update shell password | ShellPassword |
1037 | Deleted shell password | ShellPassword |
sysOps (2xxx)¶
Code | Message | Target |
---|---|---|
2000 | Update network configuration | Network |
2001 | Update capture filter | CaptureFilter |
2002 | Update capture filter mode | CaptureFilter |
2003 | Create capture VLAN | CaptureVLAN |
2004 | Update capture VLAN | CaptureVLAN |
2005 | Delete capture VLAN | CaptureVLAN |
2006 | Update capture source | CaptureSource |
2007 | Enable capture source identify | CaptureSource |
2008 | Disable all capture source identifiers | CaptureSource |
2009 | Update NTP configuration | Time |
2010 | Update server time | Time |
2011 | Update server timezone | Time |
2012 | Update syslog configuration | Syslog |
2013 | Restart system | System |
2014 | Power down system | System |
2015 | Restart UI server | System |
2016 | Reset to factory configuration | System |
2017 | Create system state report | SystemStateReport |
2018 | Delete system state report | SystemStateReport |
2019 | Initialize system for file management | FileManagement |
2020 | Upload backup | Backup |
2021 | Delete backup | Backup |
2022 | Download backup | Backup |
2023 | Set password for backup | Backup |
2024 | Unlock backup | Backup |
2025 | Initialize system for restoring a backup | |
2026 | Restore backup | Backup |
2027 | Create backup | Backup |
2028 | Upload upgrade | |
2029 | Delete upgrade | Update |
2030 | Apply upgrade | Upgrade |
2031 | Kill watchdog | System |
2032 | Enable watchdog | System |
2033 | Disable watchdog | System |
2034 | Update registry | Registry |
2035 | Update CMS configuration | CMS |
2036 | Create a unit within CMS | |
2037 | Update a unit within CMS | Unit |
2038 | Delete a unit within CMS | |
2039 | User accepted the EULA | EULA |
2040 | EULA covered under seperate agreement | EULA |
2041 | Clear user data | System |
2042 | System resource lock debug | [lockName] |
2043 | Delete job | Job |
2044 | CMDB data was downloaded | CMDB |
2045 | CMDB data was merged into the system | CMDB |
2046 | CMDB configuration data was downloaded | CMDB |
2047 | CMDB configuration data was loaded | CMDB |
2048 | User did not accept the EULA | EULA |
2049 | Create archive drive | System |
2050 | Expand archive drive | System |
2051 | Expand primary drive | System |
2052 | System started | System |
2053 | File uploaded | File |
2054 | File downloaded | File |
2055 | File deleted | File |
2056 | Update a file | File |
2057 | Prepare CMS configuration | CMS |
2058 | Deregister CMS configuration | CMS |
2059 | Abort job | Job |
2060 | Force fail job | Job |
2061 | Detach job | Job |
appOps (3xxx)¶
Code | Message | Target |
---|---|---|
3000 | Map a service to a database | Mapping |
3001 | Unmap a service from a database | Mapping |
3002 | Unmanage a service | Mapping |
3003 | Update time period | TimeLearning |
3004 | Commit time learning | TimeLearning |
3005 | Learn statement | statementLearning |
3006 | Blacklist statement | statementLearning |
3007 | Update database configuration | Database |
3008 | Terminal session started | Terminal |
3009 | Terminal session ended | Terminal |
3010 | Terminal session not authorized | Terminal |
3011 | Terminal session not authorized for tail | Terminal |
uiCalls (4xxx)¶
Code | Message |
---|---|
4000 | UI route logs |
cliCommands (5xxx)¶
Code | Message |
---|---|
5000 | CLI command run |
5001 | CLI command failed |
ldapAuth (6xxx)¶
Code | Message |
---|---|
6000 | Ldap authentication logs |
aclOps (7xxx)¶
Code | Message |
---|---|
7000 | Access control list |
7001 | Access control list debug |
certOps (8xxx)¶
Code | Message |
---|---|
8000 | Certificate debug |
8001 | Certificate being used |
8002 | Certificate has been verified |
distributedOps (10xxx)¶
Code | Message | Target |
---|---|---|
10000 | Backup remote unit | Node |
10001 | Create archive drive on remote unit | Node |
10002 | Expand archive drive on remote unit | Node |
10003 | Expand primary drive on remote unit | Node |
10004 | Update network configuration on remote unit | Node |
10005 | Power down remote unit | Node |
10006 | Restart remote unit | Node |
10007 | Restart UI server on remote unit | Node |
10008 | Restore backup on remote unit | Node |
10009 | Clear user data on remote unit | Node |
10010 | Update syslog configuration on remote unit | Node |
10011 | Update server time on remote unit | Node |
10012 | Apply upgrade on remote unit | Node |
3.0.0¶
secOps
(1000-1999)¶
Security Operations (secOps
):
Code | Message | Target |
---|---|---|
1000 | Create user | User |
1001 | Update user | User |
1002 | Delete user | User |
1003 | Update user’s password | User |
1004 | Lock user | User |
1005 | Unlock user | User |
1006 | Clear user’s failed login attempts | User |
1007 | Clear user’s old passwords | User |
1008 | Logout all users | User |
1009 | User login succeeded | User |
1010 | User login failed | User |
1011 | Logout user | User |
1012 | Not authorized | User |
1013 | Not permitted | User |
1014 | Create role | Role |
1015 | Update role | Role |
1016 | Delete role | Role |
1017 | Update authentication configuration | Authentication |
1018 | Update tunnel configuration | Tunnel |
1019 | Update SSL configuration | SSL |
1020 | Update redaction configuration | Redaction |
1021 | Clear audit log | AuditLog |
1022 | Update audit configuration | AuditLog |
1023 | Audit Error | N/A |
1024 | Create session | Session |
1025 | Delete session | Session |
1026 | Enable SSH remote access | SSH |
1027 | Disable SSH remote access | SSH |
1028 | Create API key | APIKey |
1029 | Update API key | APIKey |
1030 | Delete API key | APIKey |
1031 | Lock API key | APIKey |
1032 | Unlock API key | APIKey |
1033 | Update Strict-Transport-Security HTTP header configuration | HSTS |
1034 | Update user interface port configuration | UIPorts |
1035 | Update global redaction settings | GlobalRedation |
1036 | Update shell password | ShellPassword |
1037 | Deleted shell password | ShellPassword |
sysOps
(2000-2999)¶
System Operations (sysOps
):
Code | Message | Target |
---|---|---|
2000 | Update network configuration | Network |
2001 | Update capture filter | CaptureFilter |
2002 | Update capture filter mode | CaptureFilter |
2003 | Create capture VLAN | CaptureVLAN |
2004 | Update capture VLAN | CaptureVLAN |
2005 | Delete capture VLAN | CaptureVLAN |
2006 | Update capture source | CaptureSource |
2007 | Enable capture source identify | CaptureSource |
2008 | Disable all capture source identifiers | CaptureSource |
2009 | Update NTP configuration | Time |
2010 | Update server time | Time |
2011 | Update server timezone | Time |
2012 | Update syslog configuration | Syslog |
2013 | Restart system | System |
2014 | Power system down | System |
2015 | Restart UI server | System |
2016 | Reset to factory configuration | System |
2017 | Create system state report | SystemStateReport |
2018 | Delete system state report | SystemStateReport |
2019 | Initialize system for file management | FileManagement |
2020 | Upload backup | Backup |
2021 | Delete backup | Backup |
2022 | Download backup | Backup |
2023 | Set password for backup | Backup |
2024 | Unlock backup | Backup |
2025 | Initialize system for restoring a backup | N/A |
2026 | Restore backup | Backup |
2027 | Create backup | Backup |
2028 | Upload update | N/A |
2029 | Delete update | Update |
2030 | Apply update | Update |
2031 | Kill watchdog | Watchdog |
2032 | Enable watchdog | Watchdog |
2033 | Disable watchdog | Watchdog |
2034 | Update registry | Registry |
2035 | Update CMS configuration | CMS |
2036 | Create a unit within CMS | N/A |
2037 | Update a unit within CMS | Unit |
2038 | Delete a unit within CMS | N/A |
2039 | User accepted the EULA | EULA |
2040 | EULA covered under seperate agreement | EULA |
2041 | Clear user data | System |
2042 | System resource lock debug | [lockName] |
2043 | Delete job | Job |
2044 | CMDB data was downloaded | CMDB |
2045 | CMDB data was merged into the system | CMDB |
2046 | CMDB configuration data was downloaded | CMDB |
2047 | CMDB configuration data was loaded | CMDB |
2048 | User did not accept the EULA | EULA |
appOps
(3000-3999)¶
Application Operations (appOps
):
Code | Message | Target |
---|---|---|
3000 | Map a service to a database | Mapping |
3001 | Unmap a service from a database | Mapping |
3002 | Unmanage a service | Mapping |
3003 | Update time period | TimeLearning |
3004 | Commit time learning | TimeLearning |
3005 | Learn statement | StatementLearning |
3006 | Blacklist statement | StatementLearning |
3007 | Update database configuration | Database |
3008 | Terminal session started | Terminal |
3009 | Terminal session ended | Terminal |
3010 | Terminal session not authorized | Terminal |
3011 | Terminal session not authorized for tail | Terminal |
cliCommands
(5000-5999)¶
Command Line Interface Command Details (cliCommands
):
Code | Message |
---|---|
5000 | CLI command run |
5001 | CLI command failed |
aclOps
(7000-7999)¶
Access Control List Operations (aclOps
):
Code | Message |
---|---|
7000 | Access control list |
7001 | Access control list debug |
certOps
(8000-8999)¶
Certificate Operations (certOps
):
Code | Message |
---|---|
8000 | Certificate debug |
8001 | Certificate being used |
8002 | Certificate has been verified |
2.2.14¶
secOps
(1000-1999)¶
Security Operations (secOps
):
Code | Message | Target |
---|---|---|
1000 | Create user | User |
1001 | Update user | User |
1002 | Delete user | User |
1003 | Update user’s password | User |
1004 | Lock user | User |
1005 | Unlock user | User |
1006 | Clear user’s failed login attempts | User |
1007 | Clear user’s old passwords | User |
1008 | Logout all users | User |
1009 | User login succeeded | User |
1010 | User login failed | User |
1011 | Logout user | User |
1012 | Not authorized | User |
1013 | Not permitted | User |
1014 | Create role | Role |
1015 | Update role | Role |
1016 | Delete role | Role |
1017 | Update authentication configuration | Authentication |
1018 | Update tunnel configuration | Tunnel |
1019 | Update SSL configuration | SSL |
1020 | Update redaction configuration | Redaction |
1021 | Clear audit log | AuditLog |
1022 | Update audit configuration | AuditLog |
1023 | Audit Error | AuditError |
1024 | Create session | Session |
1025 | Delete session | Session |
1026 | Enable SSH remote access | SSH |
1027 | Disable SSH remote access | SSH |
1028 | Create API key | APIKey |
1029 | Update API key | APIKey |
1030 | Delete API key | APIKey |
1031 | Lock API key | APIKey |
1032 | Unlock API key | APIKey |
1033 | Update Strict-Transport-Security HTTP header configuration | HSTS |
1034 | Update user interface port configuration | UIPorts |
sysOps
(2000-2999)¶
System Operations (sysOps
):
Code | Message | Target |
---|---|---|
2000 | Update network configuration | Network |
2001 | Update capture filter | CaptureFilter |
2002 | Update capture filter mode | CaptureFilter |
2003 | Create capture VLAN | CaptureVLAN |
2004 | Update capture VLAN | CaptureVLAN |
2005 | Delete capture VLAN | CaptureVLAN |
2006 | Update capture source | CaptureSource |
2007 | Enable capture source identify | CaptureSource |
2008 | Disable all capture source identifiers | CaptureSource |
2009 | Update NTP configuration | Time |
2010 | Update server time | Time |
2011 | Update server timezone | Time |
2012 | Update syslog configuration | Syslog |
2013 | Restart system | System |
2014 | Power system down | System |
2015 | Restart UI server | System |
2016 | Reset to factory configuration | System |
2017 | Create system state report | SystemStateReport |
2018 | Delete system state report | SystemStateReport |
2019 | Initialize system for file management | FileManagement |
2020 | Upload backup | Backup |
2021 | Delete backup | Backup |
2022 | Download backup | Backup |
2023 | Set password for backup | Backup |
2024 | Unlock backup | Backup |
2025 | Initialize system for restoring a backup | Backup |
2026 | Restore backup | Backup |
2027 | Create backup | Backup |
2028 | Upload update | Update |
2029 | Delete update | Update |
2030 | Apply update | Update |
2031 | Kill watchdog | Watchdog |
2032 | Enable watchdog | Watchdog |
2033 | Disable watchdog | Watchdog |
2034 | Update registry | Registry |
appOps
(3000-3999)¶
Application Operations (appOps
):
3000 | Map a service to a database | Mapping |
---|---|---|
3001 | Unmap a service from a database | Mapping |
3002 | Unmanage a service | Mapping |
3003 | Update time period | TimeLearning |
3004 | Commit time learning | TimeLearning |
3005 | Learn statement | StatementLearning |
3006 | Blacklist statement | StatementLearning |
3007 | Update database configuration | Database |
3008 | Terminal session started | Terminal |
3009 | Terminal session ended | Terminal |
3010 | Terminal session not authorized | Terminal |
3011 | Terminal session not authorized for tail | Terminal |
cliCommands
(5000-5999)¶
Command Line Interface Command Details (cliCommands
):
Code | Message |
---|---|
5000 | CLI command run |
5001 | CLI command failed |
aclOps
(7000-7999)¶
Access Control List Operations (aclOps
):
Code | Message |
---|---|
7000 | Access control list |
7001 | Access control list debug |
certOps
(8000-8999)¶
Certificate Operations (certOps
):
Code | Message |
---|---|
8000 | Certificate debug |
8001 | Certificate being used |
8002 | Certificate has been verified |