View and Export Events
The Illumio Core web console provides an ongoing log of all Organization events that occur in your Illumio Core organization. For example, Organization events capture actions such as users logging in and logging out, tenant creation, failed login attempts, and so on.
From the platform and API perspective, Organization events are referred to internally as auditable_events and are generated by the auditable_events_service.
View Events
Tip
A wealth of information about Events is available in the Core PCE documentation in the Events Administration Guide. However, please note that not all of the information in that guide pertains to your Illumio Core organization. For assistance, please send a message to [email protected].
Click the Global menu in the upper left corner.
Select Troubleshooting > Events.
Use the filters to search for events by type of event, event severity level, and when the event occurred.
Once you've defined a filter, click Go to run the query.
Export Events
You can export all Organization events or a filtered list of events to a CSV file.
Click the Global menu in the upper left corner.
Select Troubleshooting > Events.
To export all Organization events, click Export and then select Export All.
To export a filtered list of events, filter the list, click Export, and then select Export Filtered.
To search for events based on event type, severity, status, timestamp, and who generated them, use the search filter.
To use Quick Filters, click the double arrows.
List of Events
The following table provides the types of JSON events generated and their description. For each of these events, the CEF/LEEF success or failure events generated are the event name followed by .success or .failure.
For example, the CEF/LEEF success event for auth_security_principal.create is auth_security_principal.create.success and the failure event is auth_security_principal.create.failure.
Each event can generate a variety of notification messages. See Notification Messages in Events.
JSON Event Type | Description | Severity |
|---|---|---|
| RBAC auth security principal created | Informational |
| RBAC auth security principal deleted | Informational |
| RBAC auth security principal updated | Informational |
| Authentication settings updated | Informational |
| Organization created | Informational |
| Organization deleted | Informational |
| Organization updated | Informational |
| VENs unpaired | Informational |
| Active VEN count for a list of orgs obtained | Informational |
| Password policy created | Informational |
| Password policy deleted | Informational |
| Password policy updated | Informational |
| RBAC permission created | Informational |
| RBAC permission deleted | Informational |
| RBAC permission updated | Informational |
| API request authentication failed | Informational |
| API request authorization failed | Informational |
| API request failed due to internal server error | Informational |
| API request failed because it was invalid | Informational |
| API request failed due to unavailable service | Informational |
| API request failed due to unknown server error | Informational |
| SAML assertion consumer services updated | Informational |
| SAML configuration created | Informational |
| SAML configuration deleted | Informational |
| SAML signing certificate created or rotated | Informational |
| SAML configuration updated | Informational |
| RBAC security principal created | Informational |
| RBAC security principal deleted | Informational |
| RBAC security principal updated | Informational |
| RBAC security principals bulk created | Informational |
| Event pruning completed | Informational |
| User invitation accepted | Informational |
| User authenticated | Informational |
| User created | Informational |
| User session created | Informational |
| User deleted | Informational |
| User invited | Informational |
| User logged in | Informational |
| User login session terminated | Informational |
| User logged out | Informational |
| User session terminated | Informational |
| User password reset | Informational |
| User session created | Informational |
| User session terminated | Informational |
| User session updated | Informational |
| User password updated | Informational |
| User entered expired password | Informational |
| User local profile created | Informational |
| User local profile deleted | Informational |
| User local profile reinvited | Informational |
| User local password updated | Informational |
Notification Messages in Events
Events can generate a variety of notifications that are appended after the event type:
hard_limit.exceeded
pce.application_started
pce.application_stopped
request.authentication_failed
request.authorization_failed
request.internal_server_error
request.invalid
request.service_unavailable
request.unknown_server_error
soft_limit.exceeded
system_task.event_pruning_completed
system_task.hard_limit_recovery_completed
user.csrf_validation_failed
user.login_failed
user.login_failure_count_exceeded
user.login_session_created
user.login_session_terminated
user.pce_session_created
user.pce_session_terminated
user.pw_change_failure
user.pw_changed
user.pw_complexity_not_met
user.pw_reset_completed
user.pw_reset_requested