API authentication logging in syslog
The results of attempts to log on to APIs are published via syslog integration to help identify unauthorized access attempts. The system sends successful logons to the syslog as INFO-level messages, and failed logons as WARNING-level messages.
Each message sent to the syslog contains the following details:
- Client account name
- Client IP address
- Status of the logon (success or failure)
- Root cause of any failure
- Time of the logon attempt (in UTC time)
- Time requested for the export
Syslog message format for a successful logon
<UTCDate> INFO Logon event - The user <accountName> has successfully logged on for export from <IPAddress>. Requested data from <start> to <end>.
Syslog message format for a failed logon
<UTCDate> WARNING Logon event - The user <accountName> from <IPAddress> has failed to log on (<reason>). Requested data from <start> to <end>.
Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*