-
Notifications
You must be signed in to change notification settings - Fork 0
Supported events
Christian Haase edited this page Dec 26, 2025
·
2 revisions
| OWASP event type | Logger method |
|---|---|
authn_login_success[:userid] |
LogAuthnLoginSuccess
|
authn_login_successafterfail[:userid,retries] |
LogAuthnLoginSuccessAfterFail
|
authn_login_fail[:userid] |
LogAuthnLoginFail
|
authn_login_fail_max[:userid,maxlimit(int)] |
LogAuthnLoginFailMax
|
authn_login_lock[:userid,reason] |
LogAuthnLoginLock
|
authn_password_change[:userid] |
LogAuthnPasswordChange
|
authn_password_change_fail[:userid] |
LogAuthnPasswordChangeFail
|
authn_impossible_travel[:userid,region1,region2] |
LogAuthnImpossibleTravel
|
authn_token_created[:userid, entitlement(s)] |
LogAuthnTokenCreated
|
authn_token_revoked[:userid,tokenid] |
LogAuthnTokenRevoked
|
authn_token_reuse[:userid,tokenid] |
LogAuthnTokenReuse
|
authn_token_delete[:appid] |
LogAuthnTokenDelete
|
| OWASP event type | Logger method |
|---|---|
authz_fail[:userid,resource] |
LogAuthzFail
|
authz_change[:userid,from,to] |
LogAuthzChange
|
authz_admin[:userid,event] |
LogAuthzAdmin
|
| OWASP event type | Logger method |
|---|---|
crypt_decrypt_fail[userid] |
LogCryptDecryptFail
|
crypt_encrypt_fail[userid] |
LogCryptEncryptFail
|
| OWASP event type | Logger method |
|---|---|
excess_rate_limit_exceeded[userid,max] |
LogExcessRateLimitExceeded
|
| OWASP event type | Logger method |
|---|---|
upload_complete[userid,filename,type] |
LogUploadComplete
|
upload_stored[filename,from,to] |
LogUploadStored
|
| `upload_validation[filename,(virusscan | imagemagick |
upload_delete[userid,fileid] |
LogUploadDelete
|
| OWASP event type | Logger method |
|---|---|
input_validation_fail:[(fieldone,fieldtwo...),userid] |
LogInputValidationFail
|
input_validation_discrete_fail[:field,userid] |
LogInputValidationDiscreteFail
|
| OWASP event type | Logger method |
|---|---|
| `malicious_excess_404:[userid | IP,useragent]` |
| `malicious_extraneous:[userid | IP,inputname,useragent]` |
| `malicious_attack_tool:[userid | IP,toolname,useragent]` |
| `malicious_cors:[userid | IP,useragent,referer]` |
| `malicious_direct_reference:[userid | IP, useragent]` |
| OWASP event type | Logger method |
|---|---|
| `privilege_permissions_changed:[userid,file | object,fromlevel,tolevel]` |
| OWASP event type | Logger method |
|---|---|
| `sensitive_create:[userid,file | object]` |
| `sensitive_read:[userid,file | object]` |
| `sensitive_update:[userid,file | object]` |
| `sensitive_delete:[userid,file | object]` |
| OWASP event type | Logger method |
|---|---|
sequence_fail:[userid] |
LogSequenceFail
|
| OWASP event type | Logger method |
|---|---|
session_created:[userid] |
LogSessionCreate
|
session_renewed:[userid] |
LogSessionRenewed
|
session_expired:[userid,reason] |
LogSessionExpired
|
session_use_after_expire:[userid] |
LogSessionUseAfterExpire
|
| OWASP event type | Logger method |
|---|---|
sys_startup:[userid] |
LogSysStartup
|
sys_shutdown:[userid] |
LogSysShutdown
|
sys_restart:[userid] |
LogSysRestart
|
sys_crash[:reason] |
LogSysCrash
|
sys_monitor_disabled:[userid,monitor] |
LogSysMonitorDisabled
|
sys_monitor_enabled:[userid,monitor] |
LogSysMonitorEnabled
|
| OWASP event type | Logger method |
|---|---|
user_created:[userid,newuserid,attributes[one,two,three]] |
LogUserCreated
|
user_updated:[userid,onuserid,attributes[one,two,three]] |
LogUserUpdated
|
user_archived:[userid,onuserid] |
LogUserArchived
|
user_deleted:[userid,onuserid] |
LogUserDeleted
|