Auditable Events in AP and DP for Common Criteria

The following table lists the auditable events in the access point (AP) for Common Criteria (CC).

Table 1. Auditable Events in AP for CC
Event Code Event Type Description
99000 keyGenFail This event occurs when PMK is not available to derive PTK
99001 keyDisFail This event occurs when 4-way handshake fails
99002 keyDisFailGTK This event occurs when 4-way handshake fails
99003 wpaEnDecFail This event occurs when WPA encryption and decryption fails
99004 ipsecSesFail This event occurs when there is an IPsec session establishment and termination due to SA failure
99005 authAttempts This event occurs when the number of failed attempts to switch to trusted channel is exceeded
99006 authUnsucces This event occurs when a user has tried maximum number of unsuccessful login attempts
99007 authReauthe This event occurs once the user is blocked and waits for specified amount of time before getting login prompt
99008 auth8021xClient This event occurs when receiving data frame before client is authorized
99009 fwManualInitiation This event occurs when there is manual firmware update
99010 apMGMNTTSFData This event occurs when there is all management activities of TSF data initiated/started/executed
99012 apSelfTests This event occurs when all self-tests are passed for fips_sku builds
99013 fwInitiationUpdate This event occurs when there is firmware update
99014 disContiChan This event occurs when AP syncs its time with SZ
99015 apLocalSessionTimeout This event occurs when local AP session terminates due to session timeout
99016 apRemoteSessionTimeout This event occurs when remote AP session terminates due to session timeout
99017 apSessionExit This event occurs on user-initiated termination of an interactive AP session
99018 sshInitiation This event occurs when the SSH session started with successful authentication
99019 sshTermination This event occurs when there is exit from an established SSH session
99020 sshFailure This event occurs when there is SSH session initiation with failed authentication
99021 tlsInitiation This event occurs when there is a successful login through AP web-GUI or AP establishes a trusted TLS connection
99022 tlsTermination This event occurs when there is logout from AP web-GUI session or AP gracefully terminates a trusted TLS connection
99023 tlsFailure This event occurs whenever there is a failed login through AP web-GUI or AP fails to establish a trusted TLS connection
99024 ipsecInitiation This event occurs when there is an IPsec session initiation
99025 ipsecTermination This event occurs when there is an IPsec session terminated or exited
99026 ipsecFailure This event occurs when there is IPsec session attempt failure

The following table lists the auditable events in the data plane (DP) for Common Criteria (CC).

Table 2. Auditable Events in DP for CC
Event Code Event Type Description
552 dpUpgradeSuccess This event occurs whenever DP upgrade is successful
553 dpUpgradeFailed This event occurs whenever DP upgrade fails
600 dpCompleteTunnelRequest This event occurs whenever there is a TLS termination of AP tunmgr connect to DP tunmgr
601 dpAcceptTunnelRequest This event occurs whenever there is a TLS initiation of AP tunmgr connect to DP tunmgr
602 dpRejectTunnelRequest This event occurs whenever there is a TLS failure of AP tunmgr connect to DP tunmgr
99200 dpIntegrityTestFailed This event occurs whenever the DP self-integrity test fails
99201 dpCliEnableFailed This event occurs whenever vdp_cli enabled fails
99202 dpReAuth This event occurs whenever the DP attempts to re-authenticate
99203 dpPasswordMinLengthUpdated This event occurs whenever the DP minimum password length changed
99204 dpPasswordChanged This event occurs whenever the DP password changed
99205 dpEnablePasswordChanged This event occurs whenever the DP enable password changed
99206 dpHttpsAuthFailed This event occurs whenever X.509 certificate verification failed
99207 dpCertUploaded This event occurs whenever X.509 certificate is uploaded
99208 dpScgFqdnUpdated This event occurs whenever SZ FQDN setting is updated on DP
99210 dpInitUpgrade This event occurs whenever there is an attempt to initiate a manual update
99211 dpDiscontinuousTimeChangeNTPServerdpNtpTimeSync This event occurs whenever there are discontinuous changes to time, either initiated by administrator or changed by an automated process
99213 dpUserLogin This event occurs whenever an administrator login is successful
99214 dpUserLoginFailed This event occurs whenever an administrator login fails
dpUserLogout This event occurs whenever there is a termination of an interactive session
99215 dpAccountLocked This event occurs whenever the maximum number of unsuccessful user authentications has been exceeded with subsequent actions taken and restoration of the account
99220 dpSessionIdleUpdated This event occurs whenever a remote session is terminated by the session locking mechanism
99221 dpSessionIdleTerminated This event occurs whenever a remote session is terminated by the session locking mechanism
99230 dpSshTunnFailed This event occurs whenever there is initiation and termination of trusted path and subsequent failure of the trusted path functions
99231 dpHttpsConnFailed This event occurs whenever there is initiation and termination of trusted path and subsequent failure of the trusted path functions
99240 dpIPsecTunnCreateFailed This event occurs whenever attempts to establish a trusted channel (including IEEE 802.11) fails
99241 dpIPsecTunnInitiate This event occurs whenever attempts to establish a trusted channel (including IEEE 802.11) fails
99242 dpIPsecTunnTerminated This event occurs whenever attempts to establish a trusted channel (including IEEE 802.11) fails
99243 dpIPsecSaFailed This event occurs whenever there is an establishment or termination of an IPsec SA connection
99244 dpIPsecSaUpdated This event occurs whenever cryptographic keys are generated, imported, changed, or deleted