Secure Access Logs
For supported software information, click here.
Secure access logs report information about connectivity, user registration, and global and user statistics. In addition, alarm logs can be parsed to find secure access user events such as IPSEC events, IKE connection and disconnect events, and authentication failures. This article describes secure access logs and alarm logs containing secure access event information.
Secure Access Connection Event Logs
For Releases 22.1.1 and later.
Secure Access Connectivity Event Log Message Format
2026-04-17T19:03:54+0000 secAccUserConnEventLog, applianceName=HE-DC-Branch-1, tenantName=Corp-Inline-Customer-1, vsnId=0, applianceId=1, tenantId=1, userName=yu.mao@versa-networks.com, deviceName=Michaels MacBook Pro 4, racTunnelIP=172.30.61.243, racIP=72.139.194.69, racAccessType=dtls, racEventType=delete, secAccRuleName=, secAccRuleAction=, authProfile=unknown, vpnProfile=SSL-Profile-1, rInst=Corp-Inline-Customer-1-LAN-VR, uptime=306, failureReason=, mdmDevType=unmanaged, mdmComplState=, latitude=43.7064, longitude=-79.3987, macAddr=32:b5:4b:21:06:4a, racTunnelIPv6=0.0.0.0, eipProfileName=Unknown, secAccMdmInfo=
2024-01-11T18:03:56+0000 secAccUserConnEventLog, applianceName=Bangalore-ECT-DC-Active,
tenantName=Corp-Inline-Customer1, vsnId=0, applianceId=1, tenantId=1,
userName=user123@versa-networks.com, deviceName=LAPTOP-123ABC, racTunnelIP=172.30.58.131,
racIP=152.58.208.86, racAccessType=ipsec, racEventType=create, secAccRuleName=ALLOW_MANAGED_DEVICES,
secAccRuleAction=allow, authProfile=unknown, vpnProfile=split-tunnel-RAS,
rInst=Corp-Inline-Customer-1LAN-VR, uptime=0, failureReason=
2024-01-11T18:08:10+0000 secAccUserConnEventLog, applianceName=Bangalore-ECT-DC-Active,
tenantName=Corp-Inline-Customer1, vsnId=0, applianceId=1, tenantId=1,
userName=user123@versa-networks.com, deviceName=LAPTOP-123ABC, racTunnelIP=172.30.58.131,
racIP=152.58.208.86, racAccessType=ipsec, racEventType=delete, secAccRuleName=,
secAccRuleAction=, authProfile=unknown, vpnProfile=, rInst=, uptime=252, failureReason=
2024-01-11T18:06:13+0000 secAccUserConnEventLog, applianceName=Bangalore-ECT-DC-Active,
tenantName=Corp-Inline-Customer1, vsnId=0, applianceId=1, tenantId=1,
userName=user124@versa-networks.com, deviceName=, racTunnelIP=, racIP=49.37.168.80,
racAccessType=unknown, racEventType=failure, secAccRuleName=, secAccRuleAction=,
authProfile=SAML-Authentication-Profile, vpnProfile=, rInst=, uptime=0, failureReason=forbidden
Secure Access Connectivity Event Message Fields
|
Field |
Description |
|---|---|
|
applianceName |
Name of the Versa Operating SystemTM (VOSTM) device. This is the name displayed in the output of the show system identification CLI command on the VOS device. |
|
applianceId |
VOS device identifier. This field is not used. |
|
authProfile |
For create requests, the authentication profile used for the user’s request. |
|
deviceName |
(For Releases 22.1.3 and later.) Remote access device name. |
| eipProfileName | (For Release 22.1.4 (Service Release dated 2026-02-24) and later.) EIP profile name. |
|
failureReason |
For failure events, the reason for the connectivity failure. |
| latitude | Latitude of the mobile device. |
| longitude | Longitude of the mobile device. |
| macAddr | (For Release 22.1.4 (Service Release dated 2025-05-01) and later.) Mac address of the device. |
|
mdmComplState |
(For Release 22.1.4 (Service Release dated 2025-05-01) and later.) For a managed device, indicates the MDM compliance state such as, compliant, noncompliant, and conflict. |
|
mdmDevType |
(For Release 22.1.4 (Service Release dated 2025-05-01) and later.) Mobile device management (MDM) type: managed or unmanaged. |
|
racAccessType |
Remote access type: IPsec, DTLS, TLS, or trusted-network. |
|
racEventType |
Remote access event type: create, delete or failure. |
|
racIP |
Remote access WAN IP address. |
|
racTunnelIP |
Remote access tunnel IPv4 address. |
| racTunnelIPv6 | (For Release 22.1.4 (Service Release dated 2026-02-24) and later.) Remote access tunnel IPv6 address. |
|
rInst |
For create requests, the routing instance used for the client’s request. |
| secAccMdmInfo | (For Release 22.1.4 (Service Release dated 2026-02-24) and later.) Secure access mobile device management (MDM) information. |
| secAccRuleAction | Secure access rule action. |
|
secAccRuleName |
For create requests, the secure access rule that matches the user’s access request. |
|
tenantId |
Tenant or organization identifier. |
|
tenantName |
Name of the organization (tenant). |
|
uptime |
For delete requests, how long the connection was up. |
|
userName |
Remote access user name. |
|
vpnProfile |
For create requests, the VPN profile used for the user’s request. |
|
vsnId |
Virtual service node identifier. This field is not used. |
Secure Access Event Logs
This section provides examples of alarm logs that report secure access events. For a description of the fields in the alarm logs, see Alarm Logs.
Alarm Log Message Format for Alarm Type IPsec-IKE-Down with a Cleared Alarm
Alarm is cleared for the user user@versa-networks.com.
2021-01-21T19:20:14+0000 alarmLog, applianceName=HE-DC-Branch-1, tenantName=Corp-Inline-Customer-1, alarmType=ipsec-ike-down, alarmKey=73.158.203.189|10|abc@versa-networks.com, generateTime=1611256822, applianceId=1, vsnId=0, tenantId=1, alarmCause=causeOther, alarmClearable=yes, alarmClass=cleared, alarmKind=root, alarmEventType=communicationsAlarm, alarmSeverity=cleared, alarmOwner=provider, alarmSeqNo=50322, alarmText="IKE connection with peer 73.158.203.189 user user@versa-networks.com (routing-instance Internet-1-Transport-VR) is up", alarmKeyExt=, serialNum=HE-DC-Branch-1
Alarm Log Message Format for Alarm Type IPsec-Tunnel-Down with a Cleared Alarm
Alarm is cleared for the user user@versa-networks.com.
2021-01-21T19:20:14+0000 alarmLog, applianceName=HEDC-Branch-1, tenantName=Corp-Inline-Customer-1, alarmType=ipsec-tunneldown, alarmKey=73.158.203.189|10|abc@versa-networks.com, generateTime=1611256822, applianceId=1, vsnId=0, tenantId=1, alarmCause=causeOther, alarmClearable=yes, alarmClass=cleared, alarmKind=root, alarmEventType=communicationsAlarm, alarmSeverity=cleared, alarmOwner=provider, alarmSeqNo=50323, alarmText="IPSEC tunnel with peer 73.158.203.189 user user@versa-networks.com (routing-instance Internet-1-Transport-VR) is up", alarmKeyExt=, serialNum=HE-DC-Branch-1
Alarm Log Message Format for Alarm Type IPsec-Tunnel-Down with a New Alarm
Alarm is set alarm for the user user@versa-networks.com.
2021-01-21T19:20:44+0000 alarmLog, applianceName=HEDC-Branch-1, tenantName=Corp-Inline-Customer-1, alarmType=ipsec-tunneldown, alarmKey=73.158.203.189|10|abc@versa-networks.com, generateTime=1611256852, applianceId=1, vsnId=0, tenantId=1, alarmCause=causeOther, alarmClearable=yes, alarmClass=new, alarmKind=root, alarmEventType=communicationsAlarm, alarmSeverity=major, alarmOwner=provider, alarmSeqNo=50327, alarmText="IPSEC tunnel with peer 73.158.203.189 user user@versa-networks.com (routing-instance Internet-1-Transport-VR) is down", alarmKeyExt=, serialNum=HE-DC-Branch-1
Alarm Log Message Format for Alarm Type IPsec-IKE-Down with a New Alarm
Alarm is set for the user user@versa-networks.com.
2021-01-21T19:20:14+0000 alarmLog, applianceName=HE-DC-Branch-1, tenantName=Corp-Inline-Customer-1, alarmType=ipsec-ike-down, alarmKey=73.158.203.189|10|abc@versa-networks.com, generateTime=1611256822, applianceId=1, vsnId=0, tenantId=1, alarmCause=causeOther, alarmClearable=yes, alarmClass=new, alarmKind=root, alarmEventType=communicationsAlarm, alarmSeverity=cleared, alarmOwner=provider, alarmSeqNo=50322, alarmText="IKE connection with peer 73.158.203.189 user user@versa-networks.com (routing-instance Internet-1-Transport-VR) is down", alarmKeyExt=, serialNum=HE-DC-Branch-1
Alarm Log Message Format for Alarm Type IPsec-IKE-Auth-Failure with a New Alarm
Alarm is set, but the user is not known. You can use the public IP address to track the source.
2021-01-21T19:13:16+0000 alarmLog, applianceName=HE-DC-Branch-1, tenantName=Corp-Inline-Customer-1, alarmType=ipsec-ike-auth-failure, alarmKey=12.179.178.188|9, generateTime=1611256404, applianceId=1, vsnId=0, tenantId=1, alarmCause=causeOther, alarmClearable=yes, alarmClass=new, alarmKind=root, alarmEventType=communicationsAlarm, alarmSeverity=indeterminate, alarmOwner=provider, alarmSeqNo=50276, alarmText="IKE authentication with peer 12.179.178.188 (routing-instance Internet1-Transport-VR) failed", alarmKeyExt=, serialNum=HE-DC-Branch-1
Secure Access Global Statistics Logs
Secure Access Global Statistics Log Message Format
2021-01-21T16:54:52+0000 secAccGlobalStatsLog, applianceName=HE-DCBranch-1, tenantName=Corp-Inline-Customer-1, mstatsTimeBlock=1611248100, tenantId=1, applianceId=0, concurrentUsers=27, failedAttempts=14, successfulAttempts=0
Secure Access Global Statistics Message Fields
|
Field |
Description |
|---|---|
|
applianceName |
Name of the VOS device. This is the name displayed in the output of the show system identification CLI command on the VOS device. |
|
tenantName |
Name of the organization (tenant). |
|
applianceId |
VOS device identifier. This field is not used. |
|
tenantId |
Tenant or organization identifier. |
|
mstatsTimeBlock |
Time since the log was generated, in UNIX epoch format. |
|
concurrentUsers |
Snapshot of the concurrent users on the gateway when the log was generated. |
|
failedAttempts |
Number of failed attempts in the last measurement interval. |
|
successfulAttempts |
Number of successful attempts in the last measurement interval. |
Secure Access User Registration Event Logs
For Releases 22.1.4 (Service Release dated 2026-02-24) and later.
Secure Access User Registration Event Log Message Format
2026-03-30T22:40:10+0000 secAccUserRegEventLog, applianceName=HE-DC-Branch-1, tenantName=Corp-Inline-Customer-1,
vsnId=0, applianceId=1, tenantId=1, userName=user1@versa-networks.com, latitude=37.4150, longitude=-121.9740,
os=macos, osVersion=15.6.1, secAccClientVersion=7.7.0, secAccRuleName=All-Users, secAccRuleAction=allow,
secAccProfName=Default-Profile, mdmDevType=managed, mdmComplState=, deviceName=Vengals MacBook Pro,
macAddr=ce:08:e4:e4:64:3c, eipProfileName=Unknown,
secAccMdmInfo="{"deviceId":"6c80622c-456f-4930-8cf1-57112f1d0e4f","sysMfr":"LENOVO","devOwnerType":"company","mdmUserDispName":"User 1","mdmEmail":"user1@versa-networks.com","mdmDevName":"user1_Windows_1\/21\/2026_5:53 AM","azureDevId":"1456c5e7-044c-4c7e-912f-c007d7a3dbeb","mdmRegState":"registered","mdmModel":"21M70062IG","mdmJailBroken":"Unknown"}"
Secure Access User Registration Event Message Fields
|
Field |
Description |
|---|---|
|
applianceName |
Name of the VOS device. This is the name displayed in the output of the show system identification CLI command on the VOS device. |
|
tenantName |
Name of the organization (tenant). |
|
vsnId |
Virtual service node identifier. This field is not used. |
|
applianceId |
VOS device identifier. This field is not used. |
|
tenantId |
Tenant or organization identifier. |
|
vsnId |
Virtual service node identifier. This field is not used. |
|
userName |
Remote access username. |
|
latitude |
Location of the user by latitude during the registration process. Note: For the Events table on the Analytics > Dashboard > Secure Access Users > Events dashboard, the city and country are derived from the latitude and longitude. |
|
longitude |
Location of the user by longitude during the registration process. |
|
os |
Operating system of the device from which the user is registering. |
|
osVersion |
Operating system version of the device from which the user is registering. |
|
secAccClientVersion |
Secure access client version running on the device from which the user is registering. |
|
secAccRuleName |
For create requests, the secure access rule that matches the user’s access request. |
| secAccRuleAction | Secure access rule action, allow or deny. |
| secAccProfName | Secure access profile name. |
|
mdmDevType |
Mobile device management (MDM) type: managed or unmanaged. |
|
mdmComplState |
For a managed device, indicates the MDM compliance state such as, compliant, noncompliant, and conflict. |
| deviceName | Remote access device name. |
| macAddr | Mac address of the device. |
| eipProfileName | EIP profile name. |
| secAccMdmInfo | MDM details. |
Secure Access User Statistics Logs
Secure access user statistics logs provide per-user usage statistics, round-trip time, and location information. This log is sent every 5 minutes if there is user activity.
Secure Access User Statistics Log Message Format
2021-01-21T17:29:59+0000 secAccUserStatsLog, applianceName=SJC-GW, tenantName=Versa-Networks,
mstatsTimeBlock=1611250200, tenantId=3, applianceId=0, mstatsTotSessDuration=300000,
userName=user123@versa-networks.com, racIP=76.21.120.137, racRxBytes=575392, racTxBytes=919920,
roundTripTime=340, latitude=53.00, longitude=42.00, isp=COMCAST-7922
Secure Access User Statistics Message Fields
|
Field |
Description |
|---|---|
|
applianceName |
Name of the VOS device. This is the name displayed in the output of the show system identification CLI command on the VOS device. |
|
tenantName |
Name of the organization (tenant). |
|
applianceId |
VOS device identifier. This field is not used. |
|
tenantId |
Tenant or organization identifier. |
|
mstatsTimeBlock |
Time since the log was generated, in UNIX epoch format. |
|
mstatsTotSessDuration |
Measurement interval in milliseconds. |
|
Username |
Remote access username. |
|
racIP |
Remote access client public IP address. |
|
racRxBytes |
Bytes received in the last measurement interval (5 minutes) from the remote access user. |
|
racTxBytes |
Bytes sent in the last measurement interval (5 minutes) to the remote access user. |
|
roundTripTime |
(For Releases 21.2.1 and later.) Round-trip time from the remote access user’s device to the secure access gateway. |
|
Latitude |
(For Releases 21.2.1 and later.) Location of the user by latitude. |
|
Longitude |
(For Releases 21.2.1 and later.) Location of the user by longitude. |
|
ISP |
(For Releases 21.2.1 and later.) Internet service provider of the WAN link used to connect to the secure access gateway. |
Supported Software Information
Releases 21.1.1 and later support all content described in this article, except:
- Release 21.2.1 adds support for log type secAccUserRegEventLog.
- Release 22.1.1 adds support for log type secAccUserConnEventLog.
- Release 22.1.2 adds support for fields roundTripTime, Latitude, Longitude, and ISP for log type secAccUserStatsLog.
- Release 22.1.3 adds support for field deviceName for log type secAccUserConnEventLog.
- Release 22.1.4 (Service Release dated 2025-05-01 or later) adds support for fields mdmDevType, mdmComplState, and macAddr.