Is there anway to get the signed into user URL in the payload for syslog so we can report on URL use in STRM or "some" other collector? I don't seem to see this information in the payloads, set logging level from 0 to 7 for user and system, still no go. Thanks in advance!
Maybe I don't really understand the question, because the answer seems simple to me. Maybe it's just because of the way we configure our SAs -
In Signing In >> Policies, we build a mapping of login URLs to realms. In our case, it is one-to-one. So, if I configure that a user logging in on URL https://happy.holidays.com will map to realm Kris and a user logging in on https://peaceonearth.goodwill.com maps to realm Kringle, then I can work backwards from the realm in the user access log to the URLs the user entered.
Of course, if I map one URL to multiple realms, or multiple URLs to a single realm, I can't do this.
If you have a one-to-one mapping between login URLs and realms, you could use the realm - which is reported in the syslog messages - as an indicator of what login URL is being used for each login.