log fields
15 views
Skip to first unread message
gbarbe...@gmail.com
Sep 30, 2016, 1:02:18 PM9/30/16
to SimpleSAMLphp
I'm importing our logs into splunk and now I'm in the process of creating new fields to improve searching. My question is what to label some of these fields
6278 I assume this is a port id and this 276543ff7d is a session id. Is that correct?
gbarbe...@gmail.com
Sep 30, 2016, 2:17:55 PM9/30/16
to SimpleSAMLphp
Correction 6278 is the process id, so I figured that much out. Still not sure what 276543ff7d refers to.
Jaime Pérez Crespo
Oct 4, 2016, 3:34:45 AM10/4/16
to simple...@googlegroups.com
Hi!
gbarbe...@gmail.com wrote:
> Correction 6278 is the process id, so I figured that much out. Still not
> sure what 276543ff7d refers to.
That's right, 6278 here is the process ID for the SimpleSAMLphp instance.
The string between squared brackets, on the other hand, is the "track
ID" (which shall not be confused with the session ID. The session ID is
kept private because otherwise we would be able to impersonate a user by
setting the session cookie to the session ID. Therefore, we keep what we
call a "track ID", which is an identifier tied to a session (same host,
same browser, and it survives login/logout) that allows us to track that
session, without being able to use it ourselves.
--
Jaime Pérez
UNINETT / Feide
jaime...@uninett.no
jaime...@protonmail.com
9A08 EA20 E062 70B4 616B 43E3 562A FE3A 6293 62C2
"Two roads diverged in a wood, and I, I took the one less traveled by,
and that has made all the difference."
- Robert Frost
gbarbe...@gmail.com wrote:
> Correction 6278 is the process id, so I figured that much out. Still not
> sure what 276543ff7d refers to.
The string between squared brackets, on the other hand, is the "track
ID" (which shall not be confused with the session ID. The session ID is
kept private because otherwise we would be able to impersonate a user by
setting the session cookie to the session ID. Therefore, we keep what we
call a "track ID", which is an identifier tied to a session (same host,
same browser, and it survives login/logout) that allows us to track that
session, without being able to use it ourselves.
--
Jaime Pérez
UNINETT / Feide
jaime...@uninett.no
jaime...@protonmail.com
9A08 EA20 E062 70B4 616B 43E3 562A FE3A 6293 62C2
"Two roads diverged in a wood, and I, I took the one less traveled by,
and that has made all the difference."
- Robert Frost
Greg Barber
Oct 4, 2016, 11:45:04 AM10/4/16
to simple...@googlegroups.com
That's what I needed to know. Thanks!
--
You received this message because you are subscribed to a topic in the Google Groups "SimpleSAMLphp" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/simplesamlphp/TtR04auxLOQ/unsubscribe.
To unsubscribe from this group and all its topics, send an email to simplesamlphp+unsubscribe@googlegroups.com.
To post to this group, send email to simple...@googlegroups.com.
Visit this group at https://groups.google.com/group/simplesamlphp.
For more options, visit https://groups.google.com/d/optout.
Reply all
Reply to author
Forward
0 new messages