Skip to main content

Logs Tab Configuration

Introduction

Use this guide to configure the Logs tab in the Web Admin for each SecureAuth IdP realm.

This includes enabling or disabling audit, error, and debug logs.

Prerequisites

1. Create a New Realm for the target resource for which the configuration settings will apply, or open an existing realm for which configurations have already been started

2. Configure the Overview, Data, Workflow, Adaptive Authentication, Multi-Factor Methods, and Post Authentication tabs in the Web Admin before configuring the Logs tab

Logs Configuration Steps

44833613.png

1. In the Log Options section, provide the Log Instance ID, e.g. the Application Name or the realm name (SecureAuth1)

2. Check which Audit, Debug, and Error Logs to enable

3. Select On or Remote Only from the Custom Errors dropdown to redirect end-users to a distinct page when a custom error occurs

4. Provide the URL for the Custom Error Redirect if On or Remote Only is selected in step 3

Reports

44833612.png

5. Review the log Reports and Charts by downloading the information

6. Review the Error Logs, Audit Logs, and / or Certificate Logs as enabled here in the Web Admin as needed

Warning

Click Save once the configurations have been completed and before leaving the Logs page to avoid losing changes

Enhanced Logging

Key-Value Pair Properties

Key-value pair properties defined in the table below are pertinent to the structured data element of a syslog entry. Several of these properties are also logged in the header or message elements of the log entry but are difficult to parse or extract. These properties are outputted in their original location as well as in the structured data element.

Property

Description

Notes

AE.IP.RiskScore

Risk score based on IP Address evaluation and threat intelligence data

Applicable only to IP reputation log entries; also logged in the message element

AllowedTokens

For some authentication methods, this property may tell which method of 2FA was used.

Text string; possible values are:

  • COOKIE

  • ZCOOKIE

  • BROWSERFINGERPRINT

  • ALL

EventID

Category of the event being logged

Also logged in the header element

ReceiveToken

Integer

RequestDuration

Displays the response time of an application request

Applicable only to log entries with event ID9004x; also logged in the message element

RequestID

Displays a unique identifier that shows the workflow for a specific request

An "Application End" log entry marks the end of a request and its corresponding RequestID

TrxResult

Displays result of an authentication attempt

Also logged in the message element

UseJava

True / False

Syslog Logging Event

Syslog generates a log entry when a user opens or saves a tab using the Web Admin tool. This tool provides information about the realm a user modified at the time the log entry was generated.

Property

Description

Notes

Loading: [ realm# ]

Describes the realm number that was opened in the Web Admin

This log entry type is generated when a user opens a realm (by clicking the sidebar in the Web Admin) or opens a tab in a realm (e.g. Workflow, Data)

Saving to: [ realm#,... ]

Describes the realm number(s) where changes were saved in the Web Admin

The value of this key lists all realms that were saved to when the log entry was generated

Information About Transaction Logs (20990)

Events recorded in Transaction Logs (20990) provide information that can assist in troubleshooting or analyzing end-user activity on the SecureAuth IdP appliance.

The table below provides details about common fields and values identified in transaction logs, and how to interpret that data.

Field / Description

Values / Description

Reserved

Reserved

As specified by the Service Provider

As specified by the Service Provider

As specified by the Service Provider