This repository has been archived by the owner on Aug 4, 2024. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 28
Customizing log and email messages
Ryan Newington edited this page Jun 24, 2018
·
1 revision
The audit messages that are logged can be customized by editing the templates stored in the /App_Data/Templates folder.
The following placeholders can be used anywhere in these files
| Placeholder | Description |
|---|---|
{user.SamAccountName} |
The user name of the authenticated user |
{user.DisplayName} |
The display name of the authenticated user |
{user.UserPrincipalName} |
The UPN of the authenticated user |
{user.Sid} |
The SID of the authenticated user |
{user.DistinguishedName} |
The distinguished name of the authenticated user |
{user.Description} |
The description of the authenticated user |
{user.EmailAddress} |
The email address of the authenticated user |
{user.Guid} |
The objectGUID of the authenticated user |
{user.GivenName} |
The given name of the authenticated user |
{user.Surname} |
The surname of the authenticated user |
The following Active Directory attributes are available when the requested computer has been matched to a target and found in the directory
| Placeholder | Description |
|---|---|
{computer.SamAccountName} |
The account name of the computer |
{computer.DistinguishedName} |
The DN of the computer |
{computer.Description} |
The description of the computer |
{computer.DisplayName} |
The display name of the computer |
{computer.Guid} |
The objectGuid of the computer |
{computer.Sid} |
The SID of the computer |
{computer.LapsExpiryDate} |
The expiry date of the LAPS password |
| Placeholder | Description |
|---|---|
{target.ID} |
The ID of the matched target rule |
{target.IDType} |
The type of object referenced in the ID |
{target.Notify} |
The list of email addresses to notify when this target is accessed |
| Placeholder | Description |
|---|---|
{reader.Principal} |
The principal that allowed the user to access the password |
{reader.Notify} |
The list of email addresses to notify when this reader accesses a password |
| Placeholder | Description |
|---|---|
{requestedComputerName} |
The specific text entered by the user into the requested computer name field |
{message} |
A message about the request, such as the reason the user was denied access to the password |
{request.IPAddress} |
The IP address of the network client who accessed the web site |
{request.HostName} |
The hostname or IP address of the network client who accessed the web site |
{request.Xff} |
The first IP address in the X-Forwarded-For header (used when a client is behind a proxy or the server is behind a load balancer) |
{request.XffAll} |
The list of IP addresses in the X-Forwarded-For header (used when a client is behind a proxy or the server is behind a load balancer) |
{request.UnmaskedIPAddress} |
Returns either the {request.Xff} value if present, or the {request.IPAddress} value. Be aware that the X-Forwarded-For header can be set on the client side and they could use this to try and mask their real IP address. You should always log {request.IPAddress} as well |
{datetime} |
The current date and time in local server time |
{datetimeutc} |
The current date and time in universal time |