Sorting and Searching Log Events
Use the Authentication Log module to find specific types of event, to find events in a specified date range, or to find events involving specific parties.
Using the Search Tool
Click 
Find to open the Authentication Log search.
You can search using the following filters:
| Property | Description |
|---|---|
|
Start/End Date |
Date range of the search |
|
Affected Party |
Party whose user account was changed. For example, the party whose password was changed, or who logged in to web ordering. |
|
Administrator Party |
The person who made the change (for changes that were made within IPM/G2) |
|
Auth Group |
The authentication group to search within. |
Filtering by Event Type
You can also filter the event log to show any of the following events:
| Event Type | Description |
|---|---|
| All |
Any of the following events |
| Failed login | A user entered the wrong password |
| Successful login | A user logged in successfully |
| External login | A user logged in from an external location |
| Denied login |
A user failed to log in for one of these reasons:
|
| Failed password reset | A user did not successfully reset their password because they failed to correctly enter their current password. |
| Failed external password reset | An extenal user did not successfully reset their password because they failed to correctly enter their credentials. |
| Account creation | A new user account was created |
| Expiry set | A new expiry date was set on a user account |
| Enable set | A user account was enabled |
| One-use set | A user password was set as "one-use" |
| User lockout set | A user account was locked |
| System lockout set | An Authentication Group was locked |
| Account retired | A user account was retired |
Sorting the Authentication Log Table
Sort the table by clicking on a column header. Reverse the sorting order by clicking again on the same column header. This is particularly useful when you cannot search by that column.
Example
To find accounts that were manually disabled, sort by the Event Type column and look for the Enabled Set event. If an account was manually changed, the event will have an associated Administrator Party who made the change.