Stream Activity Logs
The Log Streaming Service can send user activity log information to any third-party log analytics tool, such as Splunk and Syslog. The information sent to Syslog and Splunk includes Audit Logs and Activity Logs.
The following table provides information about the activity logs sent to Splunk and Syslog:
| Activity Log Field | Description |
|---|---|
| applicationId | Application unique identifier |
| applicationName | Application name as configured in the Management Console |
| applicationProtocol | The protocol used for accessing the application |
| applicationType | Whether the application was created in the User Portal or in the Management Console |
| applicationAddress | Address and port used to access the application when connecting through a local network |
| eventId | Event’s unique identifier. An event is described as any user activity in the system |
| eventDescription | A sentence describing the activity |
| eventType | A user's activity within the application |
| geoLocation | User’s country based on the IP |
| isBlocked | Boolean field indicating whether the event was blocked (true) or allowed (false) by policy. Click here to learn more about policy rules |
| identityProviderId | Authenticating IdP unique identifier |
| operationSystem | Client’s device operating system |
| ruleId | Unique identifier for the policy rule that blocked/allowed the session |
| RuleName | Name of the policy rule that blocked/allowed the session |
| sessionId | Session unique identifier |
| TenantId | Axis tenant ID. Click here to learn about tenant management. |
| TenantName | Axis tenant name |
| timestamp | Date and time when the event occurred |
| userId | User unique identifier, as appears in the IdP |
| username | For Axis IdPs: username as configured. For third party IdPs: alias |
| userDisplayName | User’s name as appears in the IdP |
Updated 8 months ago