Event Log Schema


This section describes the schema of the event log.

Sample Code

{
  "userIdentity": {
    "userId": "u15420087818641",
    "userName": "db001",
    "type": "userAccount",
    "accessKey": null,
    "sessionContext": {
      "id": "IAM_S_e6huGLv6FMUW7KCNYZ28zuPML7Uwzg8d",
      "creationDate": "2018-11-20 10:04:20",
      "mfaAuthenticated": false
    }
  },
  "organizationId": "yourOrgId",
  "sourceIpAddress": "172.20.17.248",
  "eventTime": "2018-11-20 10:04:20",
  "eventId": "signInSelectOrganization15427082605511",
  "eventName": "signInSelectOrganization",
  "eventType": "consoleAction",
  "eventVersion": "V1.0",
  "resources": [
    {
      "resourceId": "u15420087818641",
      "resourceName": "db001",
      "resourceType": "user"
    },
    {
      "resourceId": "o15420087814661",
      "resourceName": "db001",
      "resourceType": "organization"
    }
  ],
  "serviceName": "IAM-Service",
  "requestId": null,
  "requestParameters": "{\"sessionId\":\"IAM_S_e6huGLv6FMUW7KCNYZ28zuPML7Uwzg8d\",\"workingOrganizationId\":\"o15420087814661\",\"organizationId\":\"o15420087814661\"}",
  "apiVersion": null,
  "errorCode": null,
  "errorMsg": null
}

Property Descriptions

  • userIdentity: The information of the actor of this event.
    • type: The account type of this user.
    • userId: The unique identifier of the user.
    • userName: The username of the user.
    • sessionContext: The session information of this event. A session is created when the user starts to perform operations in the EnOS Management Console. A session has the following information:
      • id: The unique identifier of this session.
      • creationDate: The date and time when the session is created.
      • mfAuthentication: Indicates whether MFA is enabled when the user logged in to the EnOS Management Console.
  • organizationId: The organization ID.
  • sourceIpAddress: The source IP address of the API request. If the API request is sent from the EnOS Management Console, the source IP address is the IP address of the user’s browser.
  • eventTime: The timestamp of the API request, in UTC format.
  • eventId: The unique identifier of the event that is generated by the auditing service.
  • eventName: The action of the event. For more information on events, see List of Events.
  • eventType: The category of the event. For example, ConsoleSignIn, ConsoleSignOut, ApiCall, etc.
  • eventVersion: The version of the event format.
  • resource: The resource that the action is performed on.
    • resourceId: The identifier of the resource.
    • resourceName: The name of the resource.
    • resourceType: The type of the resource. For example, Policy, User, UserGroup, etc.
  • serviceName: The service that the API belongs to. For example, IAM.
  • requestId: The identifier of the API request.
  • requestParameters: The input parameters of the API request.
  • apiVersion: The version of the invoked API.
  • responseElements: The response message. For example, action succeeded or failed.
  • errorCode: The error code of the API request.
  • errorMessage: The error message that is returned for the API request.

List of Events

The values returned for eventName are listed as follows.

Event Name Action
consoleSignIn Log in to the EnOS Management Console.
consoleSignOut Log out from the EnOS Management Console.
signInSelectOrganization Select an organization when logged in to the EnOS Management Console.
createUser Create a user.
deleteUser Delete a user.
resetUserPassword User password is reset by the OU administration.
modifyUserPassword Password is modified by the account owner.
retrieveUserPassword User password is retrieved by the account owner.
setUserAccountStatus Enable or disable the user account by the OU administration.
addExternalUser Import an external user.
removeExternalUser Remove an external user.
createGroup Create a user group.
deleteGroup Delete a user group.
addUserToGroup Add a user to a group.
removeUserFromGroup Remove a user from a group.
createPolicy Create a policy.
deletePolicy Delete a policy.
appendResource Attach services to a policy.
revokeResource Revoke services from a policy.
grantPolicy Associate a policy to a user or a group.
removePolicy Remove a policy from a user or a group.
createFirmware Upload a firmware.
deleteFirmware Delete a firmware
updateFirmware Update a firmware.
createVerificationJob Create a firmware verification job.
deleteVerificationJob Delete a firmware verification job.
updateVerificationJob Update a firmware verification job.
updateUpgradeJob Update a firmware upgrade job.
createUpgradeJob Create a firmware upgrade job.
deleteUpgradeJob Delete a firmware upgrade job.
startVerificationJob Start a firmware verification job.
stopVerificationJob Stop a firmware verification job.
startUpgradeJob Start a firmware upgrade job.
stopUpgradeJob Stop a firmware upgrade job.
cancelOTATask Cancel an OTA task.
retryOTATask Retry an OTA task.