Integration Server 10.11 | Audit Logging Guide | Viewing Audit Log Data | View the Audit Logs in Integration Server Administrator | View the Security Log
 
View the Security Log
In Integration Server Administrator, go to the Logs > Security page to view the security log.
The following table describes the fields in a security log.
Column
Description
Date/Time
Date and time the audit record was written to the database or file system.
Audit time stamp
Date and time the entry was written to the log.
Message
Text that explains the security event that occurred.
Server ID
Integration Server on which the security event occurred. This is necessary information when Integration Servers are clustered and writing to a shared RDBMS. The ID can be DNSname:port or IPaddress:port.
Note:
The port is always the Integration Server’s primary port, even if the event occurred on a different (non‑primary) Integration Server port.
Client ID
Network IP address for the client from which the security event was performed.
When watt.server.securityLog.ignoreXForwardedForHeader is set to false, Integration Server obtains the originating client IP address from the X-Forwarded-For request header and uses that client IP address as the Client Id in the security log and security log message. When watt.server.securityLog.ignoreXForwardedForHeader is set to true, Integration Server ignores the X-Forwarded-For request header and uses the IP address of the proxy server as the client Id.
When watt.server.securityLog.eg.enableExternalClientIP is set to true, the IP address of the client application that invokes a service in Integration Server through Enterprise Gateway is recorded. Otherwise, the IP address of Enterprise Gateway is recorded.
User ID
Integration Server user name under which the client connected to perform the security event.
When watt.server.securityLog.logAnonymousRequests is set to true, the security logger will write anonymous authentication requests to the security log. In a log entry, the User Id for an anonymous request will be "local/default".
Security event type
Category for the security event that occurred (authentication, authorization, certificates, configuration, and so on).
Result
The result of the request for which security action was logged, either SUCCESS or FAILURE.
Service name
Name of the service that generated the audit event.
Client application
Client application accessing the server. This could be an OAuth client application.
Request size
Size of the request in bytes. This is for OAuth events.
Root Context
Parent Context
Current Context
Context information Monitor uses to connect related entries from different logs.