Showing results for 
Search instead for 
Did you mean: 

User Log event IDs

New Contributor

User Log event IDs

I am trying to build a log filter that would only show me authentication logs for users signing in successfully to our SA 6000 devices. From what I see within the logs, AUT22670 seems to be the event ID that indicates this activity. However, I'm not sure because I only see a few of these events occuring in the past month. Is there a Juniper document that details event IDs along with a description of its meaning?


Frequent Contributor

Re: User Log event IDs

How abouit filterin on the msg content?

In our case we have to messages indicating the sign-in process to be successfull

1.) "Primary authentication successful"...

-> But here it may happen that the user may not get mapped any roles,so the overall result will not be successfull, but anyway good to know, e.g. for troubleshooting

2.) "Login succeeded"....

The filter could look like:

msg = ("*Primary authentication successful*" OR "*Login succeeded*")