Hi,

Several collectors (including Windows and Cisco switch collectors) are
generating parsed event data with XDAS Taxonomy Level3 field set to
LOGIN_FAILED.
But there is no such value at the SDK documentation ( 'Sentinel
Taxonomy' (http://www.novell.com/developer/sentinel_taxonomy.html) )

I think the correct way to parse LOGIN FAILED event is to set the XDAS
Taxonomy Level3 value to LOGIN and set XDAS Outcome to
XDAS_OUT_FAILURE.
Because the action is not LOGIN_FAILED but the result of the LOGIN
action is FAILURE.

Am I correct, or should I also set the Action field to LOGIN_FAILED for
failed logons?

Thanks.


--
hkalyoncu
------------------------------------------------------------------------
hkalyoncu's Profile: http://forums.novell.com/member.php?userid=63527
View this thread: http://forums.novell.com/showthread.php?t=452730