%d
|
Transaction time.
|
exchangeId
|
Identifies the ID for a specific request-response pair.
|
AUDIT.applicationID
|
Specifies the ID of the requested application.
|
AUDIT.applicationName
|
Specifies the name of the requested application.
|
AUDIT.resourceID
|
Specifies the ID of the requested resource.
|
AUDIT.resourceName
|
Specifies the name of the requested resource.
|
AUDIT.pathPrefix
|
Specifies the path prefix of the requested application or
resource.
|
AUDIT.pathPrefixType
|
Specifies the pattern type of the path prefix,
Wildcard or Regex .
|
AUDIT.authMech
|
The mechanism used for authentication:
- Engine Auditing
Cookie (WAM session),
OAuth , unknown (for
example, pass-through or static assets). Pass-through assets
are resources with no policies or web session
configured.
- Admin Auditing
Basic , OAuth ,
Cookie , unknown
(unknown displays only in an
authentication failure).
|
AUDIT.client
|
The IP
(Internet Protocol) The method by which data is sent across the Internet from the source host
to the destination host. address of the requesting
client.
|
AUDIT.failedRuleName
|
The name of the rule that failed. If there was no rule failure, this
field will be blank.
Note:
This element is applicable only to the
pingaccess_engine_audit.log.
|
AUDIT.failedRuleType
|
The type of rule that failed. If there was no rule failure, this
field will be blank.
Note:
This element is applicable only to the
pingaccess_engine_audit.log.
|
AUDIT.failedRuleClass
|
The Java class of the rule that failed. If there was no rule failure,
this field will be blank.
Note:
This element is applicable only to the
pingaccess_engine_audit.log.
|
AUDIT.failedRuleSetName
|
The name of the containing rule set that failed. If there was no rule
failure, this field will be blank.
Note:
This element is applicable only to the
pingaccess_engine_audit.log.
|
AUDIT.host
|
The PingAccess host name or IP
address.
|
AUDIT.targetHost
|
The backend target that processed the request and generated a
response to the PingAccess
engine.
This variable is unset when PingAccess generated the response
directly.
|
AUDIT.method
|
The HTTP method of the request. For example,
GET .
|
AUDIT.resource
|
The name of the resource used to fulfill the request.
Note:
This element is applicable only to the
pingaccess_engine_audit.log.
|
AUDIT.responseCode
|
The HTTP status code of the response. For example,
200.
|
AUDIT.requestUri
|
The request URI
(Uniform Resource Identifier) Identifies a web resource with a string of characters conforming
to a specified format. portion of the request.
For example, /foo/bar .
|
AUDIT.subject
|
The subject of the transaction.
|
AUDIT.trackingId
|
The PingFederate tracking ID. You can
use this element to help correlate audit information in the PingAccess audit log with
information recorded in the PingFederate audit log.
This value depends on whether the application type is
Web or API .
If the application type is Web , the value is
formatted as
tid:<Session_Identifier> .
The <Session_Identifier> can be used by the
PingFederate Session Revocation
API to revoke the session without disabling the user in
the identity store.
If the application type is API , the value is
formatted as atid:<Hash> .
The <Hash> value dervies from the OAuth
Access token for the session, and only serves as an identifier; it
can't be used for session revocation.
|
AUDIT.reqReceivedMillisec
|
The time in milliseconds since 1970 that a client request was first
received.
|
AUDIT.reqSentMillisec
|
The time in milliseconds since 1970 that the agent or engine sent a
backchannel
A direct, cross-domain communication path using a protocol that doesn't rely on a browser as an
intermediary. or proxy request.
|
AUDIT.respReceivedMillisec
|
The time in milliseconds since 1970 that the agent or engine received
a response from a backchannel call or proxy request.
|
AUDIT.respSentMillisec
|
The time in milliseconds since 1970 that a response was sent back to
the client.
|
AUDIT.roundTripMS
|
The respSentMillisec time minus the
reqReceivedMillisec time.
This represents the total number of milliseconds that it took
PingAccess to respond to a
client’s request, including the
proxyRoundTripMS .
|
AUDIT.proxyRoundTripMS
|
The respReceivedMillisec time minus the
reqSentMillisec time. This represents the total
number of milliseconds that PingAccess was waiting for another
entity to respond to a backchannel call or proxy request.
|
AUDIT.siteUnavailableInfo
|
If a site is unavailable, this is reason why the last attempted site
target is unavailable.
|
AUDIT.agentName
|
The name of the agent.
|
AUDIT.responder
|
The component that generated the response. Valid values are
PingAccess , PingOne , Site , Third
Party Service , OpenID Provider , and
Authorization Server .
Note:
The PingOne responder type refers only
to the PingOne Protect integration. When you're using PingOne as a
token provider, PingAccess labels backchannel communications as
either OpenID Provider or Authorization
Server , depending on the context of the
transaction.
|
AUDIT.clientCertSerialNum
|
The serial number of the client certificate.
|
AUDIT.clientCertSubjectDn
|
The subject of the client certificate as an X.500 domain name.
|
AUDIT.clientCertIssuerDn
|
The issuer of the client certificate as an X.500 domain name.
|
AUDIT.sidebandName
|
The name of the requesting sideband client.
|
AUDIT.sidebandDecision
|
The policy decision returned in response to the sideband client
request. Valid values are accept and
reject.
|
agent{a-header-value-key}
|
The vnd-pi-agent header value for a given key. This
represents the header value that an agent sends to PingAccess. Well-known keys are:
- v
- The version of the agent that's making the request.
- h
- The host name of the server where the agent resides.
- t
- The type of agent or the type of platform where the agent
resides.
This information isn't sent by default. For more information about
logging these details, see Agent inventory logging.
|
appRequestHeader{a-header-name}
|
The HTTP request header value for the given HTTP request header name.
Represents the header value that PingAccess sends to the backend
site.
|
appResponseHeader{a-header-name}
|
The HTTP response header value for the given HTTP request header
name. Represents the header value that the application sent PingAccess.
|
clientRequestHeader{a-header-name}
|
The HTTP request header value for the given HTTP request header name.
Represents the header value that the client sent PingAccess.
|
clientResponseHeader{a-header-name}
|
The HTTP response header value for the given HTTP request header
name. Represents the header value that PingAccess returned to the
client.
|