Stream Activity Logs

The Log Streaming Service can send user activity log information to any third-party log analytics tool, such as Splunk and Syslog. The information sent to Syslog and Splunk includes Audit Logs and Activity Logs.

The following table provides information about the activity logs sent to Splunk and Syslog:

Activity Log Field

Description

applicationId

Application unique identifier

applicationName

Application name as configured in the Management Console

applicationProtocol

The protocol used for accessing the application

applicationType

Whether the application was created in the User Portal or in the Management Console

applicationAddress

Address and port used to access the application when connecting through a local network

ConnectorVersion

The version of an installed connector

eventId

Event’s unique identifier. An event is described as any user activity in the system

eventDescription

A sentence describing the activity

eventType

A user's activity within the application

geoLocation

User’s country based on the IP

isBlocked

Boolean field indicating whether the event was blocked (true) or allowed (false) by policy. Click here to learn more about policy rules

identityProviderId

Authenticating IdP unique identifier

MatchedGroups

List of groups in which the user is a member and are included in a policy rule

operationSystem

Client’s device operating system

RequestContentHash

The md5 hash for a file upload in an HTTP session

ResponseContentHash

The md5 hash for a file download in an HTTP session

ruleId

Unique identifier for the policy rule that blocked/allowed the session

RuleName

Name of the policy rule that blocked/allowed the session

sessionId

Session unique identifier

TenantId

Axis tenant ID. Click here to learn about tenant management.

TenantName

Axis tenant name

timestamp

Date and time when the event occurred

userId

User unique identifier, as appears in the IdP

username

For Axis IdPs: username as configured. For third party IdPs: alias

userDisplayName

User’s name as appears in the IdP


Did this page help you?