The exact moment in time that the audit record was generated
Unique identification of an audit event. It is a Lightweight Identifier.
Type of audit event. It describes what kind of operation was executed (adding an object, modification, user login, ...)
Stage of event processing: request of execution. See below.
Identifier of the interactive session in which the event have taken place. For security reason this is different than the content of the session cookie.
Unique identification of a task that this event is a part. It is a Lightweight Identifier.
OID of a task that this event is part of (if the task is persistent). Since 4.3 the OID of the task tree root is used, if applicable.
Identifier of a host that generated the audit record. This is the host name corresponding to a network interface that accepted the HTTP request.
|Node Identifier||Identifier of a node in a midPoint cluster that generated the audit record.|
|Remote Host Address||Network address of a remote host that originated the request causing this event.|
User that initiated ("caused") the event. It may the user that started the operation from a GUI or web service interface, the user that is owner of the task that recorded the event, etc.
Object that is a primary target of an operation (if applicable). In case that operation targets more than one object, the "primary" or the most important is recorded (e.g. the user object)
Owner of the object that is a target of this operation (if applicable). E.g. a owner of a task that is being stopped, owner of an account that is being modified, etc.
The changes that are being made to the targets. Deltas contain detailed information about the operation.
The channel that was the source of the operation that this record describes
Result of the operation: success, failure, partial failure, etc.