HomeDocumentationAPI Reference
Log In
These docs are for v24. Click to read the latest docs for v33.

Audit Events Reference

Suggest Edits
NAMECODEDESCRIPTION
License-error0The system license does not allow operation.
Configuration-error1The system configuration is invalid.
Service-starting10The service is starting.
Service-running11The service is running.
Service-stopped12The service has been stopped.
User-logged-in100User has logged in to the system.
User-login-failed102User login operation failed.
User-MFA-challenge-sent103User tried to log in without MFA pin code.
User-MFA-challenge-accepted104User successfully authenticated with MFA pin code.
User-MFA-challenge-setup-sent105User was MFA setup information.
Access-token-granted106Access token granted
User-access-token-refreshed110User refreshed the access token
User-access-token-refresh-failed111User access token refresh failed.
OAuth-client-authenticated121OAuth client authenticated
OAuth-client-authentication-failed122OAuth client authentication failed
User-login-attempt-rate-limited130User login attempt rate limited
Role-added201New role added to the system.
Role-modified202Role has been modified.
Role-removed203Role has been removed.
Directory-added210New directory added to the system.
Directory-modified211Directory has been modified.
Directory-removed212Directory has been removed.
Directory-authentication-failed213Directory authentication failed.
User-roles-modified220The user's role associations were changed
AWS-token-granted230AWS token was granted to a user
AWS-token-grant-failed231AWS token grant failed
LogConf-collector-created232LogConf collector created
LogConf-collector-modified233LogConf collector modified
LogConf-collector-removed234LogConf collector removed
LogConf-collector-failed235LogConf collector failed
RoleContext-usage-alert250RoleContext limitations were violated.
RoleContext-role-blocked251RoleContext limitations were violated, role blocked.
Authorized-key-added260Authorized key added
Authorized-key-modified261Authorized key modified
Authorized-key-removed262Authorized key removed
Connection-requested300Connection was requested.
Connection-authenticated301Connection was authenticated.
Connection-rejected302Connection was rejected.
Connection-closed303Connection was closed.
Connection-failed304Connection closed with an error.
Client-authenticated305Client was authenticated.
Session-added310A session was added to a connection.
Session-removed311A session was removed from a connection.
Session-rejected312A session was rejected.
File-upload320File upload performed.
File-download321File download performed.
Host-key-matched324Host key matched
Host-key-denied325Host key denied
Host-key-accepted326Host key accepted
Host-key-saved327Host key saved
Extender-connected328Extender connected
Extender-disconnected329Extender disconnected
File-removed330File removed via SSH.
Folder-removed331Folder removed via SSH.
File-moved332File moved.
Folder-created333Folder created.
Connection-audit-started334Connection audit started
Connection-audit-failed335Connection audit failed
Host-certificate-trusted336Host certificate trusted
Host-certificate-matched337Host certificate matched
Host-certificate-denied338Host certificate denied
Host-certificate-accepted339Host certificate accepted
Host-certificate-saved340Host certificate saved
Authorization-requested400A client requested an authorization.
Authorization-certificate-granted401An authorization certificate granted.
Authorization-role-key-granted402An authorization role key granted.
Authorization-role-key-sign-operation-rejected403An authorization role key sign operation was rejected.
Authorization-role-key-sign-operation-accepted404An authorization role key sign operation was accepted.
Authorization-rejected405An authorization was rejected.
Authorization-certificate-warning406Authorization certificate creation generated warnings.
Authorization-passphrase-returned407Authorization passphrase was returned
Principal-added410A principal was added.
Principal-removed411A principal was removed.
Trusted-client-added420A trusted client was added.
Trusted-client-modified421A trusted client was modified.
Trusted-client-removed423A trusted client was removed.
API-client-added424An API client was added.
API-client-modified425An API client was modified.
API-client-removed426An API client was removed.
License-updated430The service license was updated.
CA-certificate-created440CA certificate was created.
CA-certificate-deleted441CA certificate was deleted.
EE-certificate-enrolled442End entity certificate was enrolled
EE-certificate-revoked443End entity certificate was revoked
CA-certificate-enrolled444CA certificate was enrolled
CA-certificate-revoked445CA certificate was revoked
Access-group-created450Access group created
Access-group-modified451Access group modified
Access-group-deleted452Access group deleted
User-added500New user added to the system.
User-modified501User has been modified.
User-removed502User has been removed.
User-password-modified510User password has been modified.
User-authenticated520User has been authenticated.
User-authentication-failed521User authentication has failed.
Workflow-added600A workflow was added.
Workflow-modified601A workflow was modified.
Workflow-removed602A workflow was removed.
Request-added610A request was added.
Request-removed612A request was removed.
Decision-made620A decision has been made on a request.
Email-sent630A email notification has been sent.
Email-configuration-modified631Email configuration has been modified.
Email-not-sent632Email not sent.
Log-downloaded700Log files have been downloaded.
Log-level-modified710The log level was modified.
Host-added801A host was added.
Host-modified802A host was modified.
Host-removed803A host was removed.
Host-service-connection-re-established804A host service connection re-established.
Host-service-connection-failure805A host service connection failed.
Host-disabled-state-changed806Host disabled state changed
Connection-terminated900Connection terminated.
Connection-terminated-for-host901Connection terminated for host.
Connection-terminated-for-user902Connection terminated for user.
Licensed-connection-count-exceeded903Licensed connection count exceeded.
Access-role-granted910Access role granted
Access-role-revoked911Access role revoked
Connections-meta-removed920Connections meta removed
Trail-opened1000Trail opened.
Trail-open-failed1001Failed to open trail.
Trail-file-open-failed1002Failed to open trail file.
Trail-file-read-failed1003Failed to read trail file.
Trail-removed1004Trail removed.
Trail-remove-failed1005Failed to remove trail.
Trail-file-integrity-failed1006Trail file integrity check failed.
Trail-file-downloaded1007Trail file downloaded.
Config-checksum-added1100A config file checksum was added.
Config-checksum-changed1101A config file checksum has changed.
Transcript-status-scheduled1201Transcript status: scheduled.
Transcript-status-indexing1202Transcript status: indexing.
Transcript-status-indexed1203Transcript status: indexed.
Transcript-status-error1204Transcript status: error.
Transcript-status-not-indexed1205Transcript status: not indexed.
Transcript-trail-removed1206Transcript trail removed.
Transcript-opened1207Transcript opened.
Disk-full1301Disk Full.
Auditevent-removed1302Auditevent removed
PrivX-restarted1303PrivX restarted
Secret-created1400Secret created.
Secret-removed1401Secret removed.
Secret-accessed1402Secret accessed.
Secret-changed1403Secret changed.
Secret-metadata-changed1404Secret's metadata changed.
Settings-modified1501Settings modified.

Updated over 2 years ago