Authentication group event classes
16 April 2024
ID 268835
In the body of CEF messages for classes of Authentication group events, you can use keys in accordance with their semantics (see the table below).
Possible field values of classes of Authentication group events
Key | Value |
---|---|
outcome | Authentication result. |
cs1 | Authentication type. |
cs1Label | The value is always |
src | IP address from which the logon attempt was made, in IPv4 format. |
c6a2 | IP address from which the logon attempt was made, in IPv6 format. |
c6a2Label | The value is always |
suser | User name that was used in the logon attempt. Not recorded in case of failed Kerberos or NTLM logon attempts. |
cs2 | Error type. |
cs2Label | The value is always |
reason | Error text. |
Each class of Tasks group events can contain only keys that are relevant to it (see the table below).
Relevant keys for classes of Authentication group events
Event class | Relevant keys |
---|---|
LMS_EV_AUTH_SUCCESS | outcome, cs1, cs1Label, suser, src, c6a2 |
LMS_EV_AUTH_ERROR | outcome, cs1, cs1Label, src, c6a2, c6a2Label, suser, cs2, cs2Label, reason |