Auditor Operations - Last Actions

This page lists all the recent security-related events, known as Audit Log Contents.

To view the Credential-Status page, go to the Auditor menu, and then click Last Actions.

Audit events are created for security-related actions that are performed manually by users using the Management Console. For details on the fields, refer Audit Log Contents.

If you have configured audit log signing, then the signature column indicates whether the log event signature was successfully verified. The default is to not sign the audit logs. For information on how to enable this property, refer Settings for Audit Logging.

To re-order the list, click any of the column headings (for example, login, account, action, result, ip of actor, or message). The up or down arrow next to the column heading indicates whether the column is sorted in a descending or an ascending order.
For the first time you click a column heading, the column is sorted in a descending order. To sort the list in an ascending order, click the heading again.

List Filtering

You can filter results in this list based on the following criteria:

Contents of a column type, or
A specific account name, issuer nickname, credential S/N, or attribute OID.

Select the option of the search type you desire.
1. If you selected filtering by column, then select the column heading from the drop-down list, and enter the substring in the field.
2. If you selected filtering by actions with target, then select the option from the drop-down list.
Type the substring you’re looking for in the text box, and click Apply Search Criteria.

Note: The substring field is case-sensitive.

View Audit Log Event Detail

On the Last-Actions page, click the magnifying glass to the left of the event.

The Audit Log Event Detail page shows the following details:

Time at which the event was recorded,
IP address of the computer that was used to connect to the Management Console,
IP address of the Validation Authority server machine with a particular action performed by the server,
Account that was used to log on to the Management Console,
Action and result of an action that was taken, and
Detailed messages.

Depending on the action that was taken, the account, issuer or credential that was affected by the action is also displayed.

Audit Log Contents

Validation Authority audit log records information about security-related events, such as:

User login and logout,
Certificate issuer registration or deletion, and
Credential status changes.

The following table describes each Audit Log field:

Field	Description
Creation Date	The date and time when the audit log entry was recorded.
Signature	Indicates that the audit log entry was signed or unsigned. If it was signed, whether or not the signature is valid ( ). An invalid signature ( ) indicates that the log entry was tampered with after it was recorded. Note: Audit log signing is an advanced configuration option. For more information, refer to the ActivID Validation Authority Advanced Administration Guide. Note: Audit log signing is an advanced configuration option. For more information, refer to the ActivID Validation Authority Advanced Administration Guide.
Login	The operating system user that started Validation Authority.
IP Address	IP address of the user logged on to Validation Authority.
Account	The login name of the account responsible for the action.
Action	The type of event that occurred.
Result	The attempted action can be in one of the following statuses: SUCCESS - Logged when an action is performed successfully. DENIED - Logged when the Management Console account does not have permission to perform the action. ERROR - Logged when an action fails due to an internal error.
IP of Actor	The Internet address of the host that connected to the Management Console and performed the action.
Message	A brief explanation of the action that was taken.

Audit logging starts automatically at Validation Authority start-up and stops at Validation Authority shutdown. It is not possible to start or stop audit logging at any other time. You cannot alter the behavior of the audit logging system (for example, change the frequency of audit log signing, configure the messages that can be recorded in the audit log).

The following tables provide details about the messages that are stored in the Audit Log.

Account Login:

Field	Description
Action	ACCOUNT-LOGIN
Description	Logged when a user attempts to log on to the Management Console.
Example Cause	Connect to the Management Console. Enter a login name and password and click the Login button.
Results and Messages	SUCCESS - Password Login or Smartcard Login DENIED - No such account: [login name] DENIED - Incorrect password DENIED - Client certificate authentication required DENIED - Client certificate authentication failed DENIED – Revoked Smart Card Certificate ERROR - Login failure count reached: [count] ERROR - [Exception message]

Account Logout:

Field	Description
Action	ACCOUNT-LOGOUT
Description	Logged when a user logs out from the Management Console.
Example Cause	While logged on to the Management Console, click the Log Out button in the upper right-hand corner of the window.
Results and Messages	SUCCESS - N/A

Account Creation:

Field	Description
Action	ACCOUNT-CREATE
Description	Logged when a user Account is created.
Example Cause	Click user accounts, then click create an account, complete the Create New User Accounts step, and click Create Account.
Results and Messages	SUCCESS - [new account name] DENIED - [new account name]

Account Delete:

Field	Description
Action	ACCOUNT-DELETE
Description	Logged when a user Account is deleted.
Example Cause	Click user accounts, and then click delete for the account to be deleted.
Results and Messages	SUCCESS - [deleted account name] DENIED - [deleted account name]

Account Add Sponsor:

Field	Description
Action	ACCOUNT-ADD-SPONSOR
Description	Logged when a user Account is sponsored.
Example Cause	Click user accounts, then click the magnifying glass next to the user account name, and click Sponsor This Account.
Results and Messages	SUCCESS - [deleted account name] DENIED - [deleted account name]

Account Remove Sponsor:

Field	Description
Action	ACCOUNT-REMOVE-SPONSOR
Description	Logged when a user Account sponsorship is removed.
Example Cause	Click user accounts, then click the magnifying glass next to the user account name, and click Remove Sponsorship.
Results and Messages	SUCCESS - [deleted account name] DENIED - [deleted account name]

Account Update Password:

Field	Description
Action	ACCOUNT-UPDATE-PASSWORD
Description	Logged when a user Account password is modified.
Example Cause	Change your account password. Click change password, enter your existing password and the new password, and click Change Password.
Results and Messages	SUCCESS - N/A DENIED - N.A ERROR - Password too short

Account Update Certificate:

Field	Description
Action	ACCOUNT-UPDATE-CERTIFICATE
Description	Logged when a user account certificate is added, modified, or deleted.
Example Cause	Change your account password. Click change password, enter your existing password and the new password, and click Change Password. Change the certificate for an account. Click user accounts, click the magnifying glass next to the account login name to which a digital certificate is to be assigned. Select Upload new certificate to require client SSL authentication, click Browse to search for an X.509 certificate on the file system, and click Update Account. Delete the existing certificate. Click user accounts, click the magnifying glass next to the account login name for which a digital certificate to be deleted, select No client SSL authentication, and click Update Account.
Results and Messages	SUCCESS - [Distinguished Name field from uploaded digital certificate] SUCCESS - (none) DENIED -[Distinguished Name field from uploaded digital certificate]

Account Update Issuer:

Field	Description
Action	ACCOUNT-UPDATE-ISSUER
Description	Logged when a user account’s certificate issuer is modified.
Example Cause	Click user accounts, click the magnifying glass next to the account login name, select the new issuer from the Issuer drop-down list, and click Update Account.
Results and Messages	SUCCESS - [issuer nickname] SUCCESS - unlimited DENIED -[issuer nickname] DENIED - unlimited

Account Update Permissions:

Field	Description
Action	ACCOUNT-UPDATE-PERMISSIONS
Description	Logged when a user account’s roles are modified.
Example Cause	Click user accounts, click the magnifying glass next to the account login name whose roles are to be modified, select or clear the role(s), and click Update Account.
Results and Messages	SUCCESS - [role name] [true\|false] DENIED - N/A

Issue Create:

Field	Description
Action	ISSUER-CREATE
Description	Logged when a new certificate issuer is registered.
Example Cause	Click certificate issuers, then click register a new certificate issuer, complete the Register Certificate Issuer step (by browsing the file system for the issuer certificate and specifying a nickname for the new issuer), and click Register Certificate Issuer.
Results and Messages	SUCCESS - [DN from digital certificate] DENIED - Issuer: [nickname]

Issue Add Sponsor:

Field	Description
Action	ISSUER-ADD-SPONSOR
Description	Logged when a certificate issuer is sponsored.
Example Cause	Click certificate issuers, then click the magnifying glass next to the issuer nickname, and click Sponsor This Issuer.
Results and Messages	SUCCESS - [DN from digital certificate] DENIED - [DN from digital certificate]

Issue Delete:

Field	Description
Action	ISSUER-DELETE
Description	Logged when a certificate issuer is removed.
Example Cause	Click certificate issuers, then click register a new certificate issuer, complete the Register Certificate Issuer step (by browsing the file system for the issuer certificate and specifying a nickname for the new issuer), and click Register Certificate Issuer.
Results and Messages	SUCCESS - [DN from digital certificate] DENIED - [DN from digital certificate]

Issue Remove Sponsor:

Field	Description
Action	ISSUER-REMOVE-SPONSOR
Description	Logged when a certificate issuer sponsorship is removed.
Example Cause	Click certificate issuers, then click the magnifying glass next to the issuer nickname, and click Remove Sponsorship.
Results and Messages	SUCCESS - [DN from digital certificate] DENIED - [DN from digital certificate]

Credential Create:

Field	Description
Action	CREDENTIAL-CREATE
Description	Logged when a new certificate is registered.
Example Cause	Click certificates, click the register a new certificate link, browse the file system for the digital certificate to be registered, and click Register Certificate.
Results and Messages	SUCCESS – X.509 Certificate: [DN from digital certificate] DENIED – X.509 Certificate

Credential Update Status:

Field	Description
Action	CREDENTIAL-UPDATE-STATUS
Description	Logged when an attempt is made to change the status of a certificate.
Example Cause	Click certificates, click the magnifying glass icon next to the certificate to be altered, and click one of the status buttons (Suspend, Revoke, Unsuspend, or Unrevoke). Clicking the Unsuspend or Unrevoke button changes the certificate status to Valid. Note: A message is logged only if the new status differs from the credential current status.
Results and Messages	SUCCESS – [Valid\|Suspended\|Revoked] DENIED – [Valid\|Suspended\|Revoked]

CRL Create:

Field	Description
Action	CRL-CREATE
Description	Logged when an attempt is made to register a CRL.
Example Cause	Click revocation lists, enter the path in the Revocation List field, or click Browse to locate the appropriate file (which should be in DER format), then click Register Revocation List.
Results and Messages	SUCCESS - [CRL name] DENIED - [CRL name] ERROR - [CRL name] if CRL is already registered

Proof List Generate:

Field	Description
Action	PROOF-LIST-GENERATE
Description	Logged when an OCSP response list is generated.
Example Cause	Click play on the jobs page.
Results and Messages	SUCCESS - [name of response list generation job] DENIED - [name of response list generation job] ERROR - [name of response list generation job]: [exception message]