Event Log Schema

This article describes the schema of the event log.

Sample Code

{
  "userIdentity": {
    "userId": "u15420087818641",
    "userName": "db001",
    "type": "userAccount",
    "accessKey": null,
    "sessionContext": {
      "id": "IAM_S_e6huGLv6FMUW7KCNYZ28zuPML7Uwzg8d",
      "creationDate": "2018-11-20 10:04:20",
      "mfaAuthenticated": false
    }
  },
  "organizationId": "o15420087814661",
  "sourceIpAddress": "172.20.17.248",
  "eventTime": "2018-11-20 10:04:20",
  "eventId": "signInSelectOrganization15427082605511",
  "eventName": "signInSelectOrganization",
  "eventType": "consoleAction",
  "eventVersion": "V1.0",
  "resources": [
    {consoleSignIn
      "resourceId": "u15420087818641",
      "resourceName": "db001",
      "resourceType": "user"
    },
    {
      "resourceId": "o15420087814661",
      "resourceName": "db001",
      "resourceType": "organization"
    }
  ],
  "serviceName": "IAM-Service",
  "requestId": null,
  "requestParameters": "{\"sessionId\":\"IAM_S_e6huGLv6FMUW7KCNYZ28zuPML7Uwzg8d\",\"workingOrganizationId\":\"o15420087814661\",\"organizationId\":\"o15420087814661\"}",
  "apiVersion": null,
  "errorCode": null,
  "errorMsg": null
}

Property Descriptions

  • userIdentity: The information of the actor of this event.
    • type: The account type of this user.
    • userId: The unique identifier of the user.
    • userName: The username of the user.
    • sessionContext: The session information of this event. A session is created when the user starts to perform operations in the EnOS Management Console. A session has the following information:
      • id: The unique identifier of this session.
      • creationDate: The date and time when the session is created.
      • mfAuthentication: Indicates whether MFA is enabled when the user logs in to the EnOS Management Console.
  • sourceIpAddress:The source IP address of the API request. If the API request is sent from the EnOS Management Console, the source IP address is the IP address of the user’s browser.
  • eventTime: The timestamp of the API request, in UTC format.
  • eventId: The unique identifier of the event that is generated by the auditing service.
  • eventName:The action of the event.
  • eventType: The category of the event. For example, ConsoleSignIn, ConsoleSignOut, and ApiCall. For more information on the event type, see Event Types.
  • eventVersion:The version of the event format.
  • resource:The resource that the action is performed on.
    • resourceId: The identifier of the resource.
    • resourceName: The name of the resource.
    • resourceType: The type of the resource. For example, Policy, User, and UserGroup.
  • serviceName: The service that the API belongs to. For example, IAM.
  • requestId:The identifier of the API request.
  • requestParameters:The input parameters of the API request.
  • apiVersion: The version of the invoked API.
  • responseElements:The response message. For example, action succeeded or failed.
  • errorCode:The error code of the API request。
  • errorMessage: The error message that is returned for the API request.

Event Types

The values returned for eventType are listed as follows.

Event Name Action
consoleSignIn Log in to the EnOS Management Console
consoleSignOut Log out from the EnOS Management Console
signInSelectOrganization Select an organization when logged in to the EnOS Management Console
createUser Create a user
deleteUser Delete a user
resetUserPassword User password is reset by the OU administration
modifyUserPassword Password is modified by the account owner
retrieveUserPassword User password is retrieved by the account owner
setUserAccountStatus Enable or disable the user account by the OU administration
addExternalUser Import an external user
removeExternalUser Remove an external user
createGroup Create a user group
deleteGroup Delete a user group
addUserToGroup Add a user to a group
removeUserFromGroup Remove a user from a group
createPolicy Create a policy
deletePolicy Delete a policy
appendResource Attach services to a policy
revokeResource Revoke services from a policy
grantPolicy Associate a policy to a user or a group
removePolicy Remove a policy from a user or a group