Authentication audit events
The following audit events are triggered for peer to peer remote control sessions that require user ID and password authentication against the target system.
That is, those sessions where the target property CheckUserLogin is enabled. The session rejected audit event was improved to allow authentication to be audited in sufficient detail. To improve auditing, the following audit event was deprecated and replaced with new audit events.
| Event ID | Event Description |
|---|---|
| ibm.trc.audit.0002 | Session Rejected by{\0} |
| Event ID | Event Description |
|---|---|
| ibm.trc.audit.005A | Authenticating user ID {0} using system logon. Allowed groups: {1} |
| ibm.trc.audit.005B | Session rejected because the user ID or password is incorrect |
| ibm.trc.audit.005C | Session rejected because the user is not a member of an allowed group. |
| ibm.trc.audit.005D | Session rejected by {0} |
| ibm.trc.audit.005E | Session rejected automatically after {0} seconds |
| ibm.trc.audit.005F | Session rejected because the session token is invalid |
| ibm.trc.audit.0060 | Session rejected because the session token has expired |
| ibm.trc.audit.0061 | Session rejected because the session token is for a different target |
| ibm.trc.audit.0062 | Session rejected by the server for unknown reason {0} |
| ibm.trc.audit.0063 | Session rejected because {0} mode is not allowed |
| ibm.trc.audit.0064 | Session rejected due to a connection error |
The following audit message is written to the audit log by the controller. This message shows which user is logged in to the target computer and which user ID they used to log in IBM® BigFix® Remote Control to control this session.
| Event ID | Event Description |
|---|---|
| Audit.logged.user | User {0} is logged in as {1} in the controller machine |