This section illustrates sample audit records for the Portal Interface events defined in Table 6-15. In the audit records, the AssetType is identified by the term “Resource Class,” and the AccessType is called “Action.” To enable auditing for these AssetType/AccessType combinations, see “Defining which events to audit using Enterprise Security Manager”.
AssetType |
AccessType |
|---|---|
SYSTEM.Session |
SYSTEM.Login |
SYSTEM.Session |
SYSTEM.Logout |
PORTAL.Portlets |
Portal.Playback |
<?xml version="1.0" encoding="UTF-8"?>
<audit:AuditLog xmlns:audit="http://www.sybase.com/ep/xsd/audit/6.0">
<AuditRecord Action="SYSTEM.Login" Decision="permit"
Subject="908102000000001001" When="2003-08-12T23:41:02"
SessionID="SYBSECPK28670A1655304788d5f6f888a4198000"
ID="0A165530:4788d5:f6f888a419:-7fff">
<Resource Class="SYSTEM.Session"
ID="SYBSECPK28670A1655304788d5f6f888a4198000"/>
<Attribute Name="AuthenticationType" Value="AUTH_BY_CREDENTIAL"/>
<Attribute Name="SubjectUID" Value="hwong1"/>
</AuditRecord>
<AuditRecord Action="SYSTEM.Logout"
Decision="permit"
Subject="908102000000001001" When="2003-08-12T23:46:05"
SessionID="SYBSECPK28670A1655304788d5f6f888a4198000"
ID="0A165530:4788d5:f6f888a419:-7ff6">
<Resource Class="SYSTEM.Session"
ID="SYBSECPK28670A1655304788d5f6f888a4198000"/>
<Attribute Name="LogoutTime" Value="2003-08-12T23:46:05"/>
<Attribute Name="LogoutType" Value="Terminated"/>
</AuditRecord>
<AuditRecord Action="Playback"
Decision="permit"
Subject="908102000000001001" When="2003-08-12T23:41:16"
SessionID="SYBSECPK28670A1655304788d5f6f888a4198000"
ID="0A165530:4788d5:f6f888a419:-7ffe">
<Resource Class="PORTAL.Portlets" ID="231"/>
<Attribute Name="taborder" Value="1"/>
<Attribute Name="rid" Value="1"/>
<Attribute Name="tabset" Value="1"/>
</AuditRecord>
