RSA Authentication Manager Log Messages (16051-16100)
The following table lists AM log messages based on the event category and action ID. It also lists the corresponding action key, description, and log message. The log message has placeholders in the “{number}” format, which represents actual data in the logs and Activity Monitor.
Use this table to understand simple network management protocol (SNMP) trap information captured by a network management system. For more information on the information displayed by the object identifier structure (OID) in the SNMP trap, see RSA Authentication Manager SNMP.
Event Category | Action ID | Action Key | Description | Message |
eventSystem | 16051 | DELETE_SECURITY_DOMAIN | Delete security domain | Administrator “{0}” attempted to delete a security domain |
eventSystem | 16052 | UPDATE_SECURITY_DOMAIN | Update security domain | Administrator “{0}” attempted to update a security domain |
eventSystem | 16053 | READ_SECURITY_DOMAIN | Read security domain | Administrator “{0}” attempted to read a security domain |
eventSystem | 16054 | CREATE_IDENTITY_SOURCE | Create identity source | Administrator “{0}” attempted to create an identity source “{3}” |
eventSystem | 16055 | DELETE_IDENTITY_SOURCE | Delete identity source | Administrator “{0}” attempted to delete an identity source “{3}” |
eventSystem | 16056 | UPDATE_IDENTITY_SOURCE | Update identity source | Administrator “{0}” attempted to update an identity source “{3}” |
eventSystem | 16057 | READ_IDENTITY_SOURCE | Read identity source | Administrator “{0}” attempted to read an identity source |
eventSystem | 16058 | LINK_IDENTITY_SOURCES | Link identity source | Administrator “{0}” attempted to associate an identity source with a realm |
eventSystem | 16059 | UNLINK_IDENTITY_SOURCES | Unlink identity source | Administrator “{0}” attempted to disassociate an identity source from a realm |
eventSystem | 16060 | READ_AUTHENTICATORS | Read authenticators | System attempted to read authenticators |
eventSystem | 16061 | UPDATE_AUTHENTICATORS | Update authenticators | Administrator “{0}” attempted to update authenticators |
eventSystem | 16062 | CREATE_ATTRIBUTE | Create attribute | Administrator “{0}” attempted to create an attribute |
eventSystem | 16063 | READ_ATTRIBUTE | Read attribute | Administrator “{0}” attempted to read an attribute definition |
eventSystem | 16064 | UPDATE_ATTRIBUTE | Update attribute | Administrator “{0}” attempted to update an attribute |
eventSystem | 16065 | DELETE_ATTRIBUTE | Delete attribute | Administrator “{0}” attempted to delete an attribute |
eventSystem | 16066 | CREATE_ATTRIBUTE | Map attribute | Administrator “{0}” attempted to map an attribute |
eventSystem | 16067 | READ_ATTRIBUTE_MAPPING | Read attribute mapping | Administrator “{0}” attempted to read mappings for an attribute definition |
eventSystem | 16068 | DELETE_ATTRIBUTE | Delete attribute mapping | Administrator “{0}” attempted to delete mapping of an attribute |
eventSystem | 16069 | CREATE_ADMIN_ROLE | Create administrative role | Administrator “{0}” attempted to create an administrative role |
eventSystem | 16070 | DELETE_ADMIN_ROLE | Delete administrative role | Administrator “{0}” attempted to delete an administrative role |
eventSystem | 16071 | READ_ADMIN_ROLE | Read administrative role | Administrator “{0}” attempted to read an administrative role |
eventSystem | 16072 | UPDATE_ADMIN_ROLE | Update administrative role | Administrator “{0}” attempted to update an administrative role |
eventSystem | 16073 | LINK_PRINCIPAL_ADMIN | Associate principal with administrative role | Administrator “{0}” attempted to associate a principal with an administrative role |
eventSystem | 16074 | UNLINK_PRINCIPAL_ADMIN | Disassociate principal from administrative role | Administrator “{0}” attempted to disassociate a principal from an administrative role |
eventSystem | 16075 | INITIALIZE_PERMISSIONS | Initialize permissions | System attempted to load permission types from the database |
eventSystem | 16076 | AUTHN_BROKER_INIT | Initialize authentication broker | System attempted to initialize the authentication broker |
eventSystem | 16077 | CREATE_PWD_POLICY | Create password policy | Administrator “{0}” attempted to create a password policy |
eventSystem | 16078 | DELETE_PWD_POLICY | Delete password policy | Administrator “{0}” attempted to delete password policy “{4}” |
eventSystem | 16079 | UPDATE_PWD_POLICY | Update password policy | Administrator “{0}” attempted to update password policy “{4}” |
eventSystem | 16080 | READ_PWD_POLICY | Read password policy | Administrator “{0}” attempted to read password policy “{4}” |
eventSystem | 16081 | CREATE_LOCKOUT_POLICY | Create lockout policy | Administrator “{0}” attempted to create a lockout policy |
eventSystem | 16082 | DELETE_LOCKOUT_POLICY | Delete lockout policy | Administrator “{0}” attempted to delete lockout policy “{4}” |
eventSystem | 16083 | UPDATE_LOCKOUT_POLICY | Update lockout policy | Administrator “{0}” attempted to update lockout policy “{4}” |
eventSystem | 16084 | READ_LOCKOUT_POLICY | Read lockout policy | Administrator “{0}” attempted to read lockout policy “{4}” |
eventSystem | 16085 | CREATE_AUTH_POLICY | Create authentication policy | Administrator “{0}” attempted to create an authentication policy |
eventSystem | 16086 | DELETE_AUTH_POLICY | Delete authentication policy | Administrator “{0}” attempted to delete authentication policy “{4}” |
eventSystem | 16087 | UPDATE_AUTH_POLICY | Update authentication policy | Administrator “{0}” attempted to update authentication policy “{4}” |
eventSystem | 16088 | READ_AUTH_POLICY | Read authentication policy | Administrator “{0}” attempted to read authentication policy “{4}” |
eventSystem | 16089 | DENIAL_OF_SERVICE | Denial-of-service attack detected | Denial-of-service attack detected. Server received “{4}” failed authentications from user “{3}” |
eventSystem | 16090 | READ_PWD_DIC | Read password dictionary | System attempted to read the password dictionary |
eventSystem | 16091 | DELETE_PWD_DIC | Delete password dictionary | System attempted to delete the password dictionary |
eventSystem | 16092 | UNLINK_SECURITY_DOMAIN | Unlink policies from security domain | Administrator “{0}” attempted to unlink policies from security domain “{3}” |
eventSystem | 16093 | UNLINK_SECURITY_DOMAIN | Unlink policies from security domain | Administrator “{0}” attempted to unlink the authentication policy from security domain “{3}” |
eventSystem | 16094 | UNLINK_SECURITY_DOMAIN | Unlink policies from security domain | Administrator “{0}” attempted to unlink the password policy from security domain “{3}” |
eventSystem | 16095 | UNLINK_SECURITY_DOMAIN | Unlink policies from security domain | Administrator “{0}” attempted to unlink the lockout policy from security domain “{3}” |
eventSystem | 16096 | CREATE_GROUP | Create group | Administrator “{0}” attempted to create a group |
eventSystem | 16097 | UPDATE_GROUP | Update group | Administrator “{0}” attempted to update a group |
eventSystem | 16098 | UNREGISTER_GROUP | Unregister group | Administrator “{0}” attempted to unregister a group |
eventSystem | 16099 | READ_GROUP | Read group | Administrator “{0}” attempted to read a group |
eventSystem | 16100 | DELETE_GROUP | Delete group | Administrator “{0}” attempted to delete group “{4}” ; stored in an identity source |
Related Articles
Authentication Manager Log Messages (26151-26185) Number of Views Authentication Manager Log Messages (26151-26185) Number of Views Authentication Manager Log Messages (20181-20244) Number of Views Authentication Manager Log Messages (16161-16214) Number of Views Authentication Manager Log Messages (30001-30054) Number of Views
Trending Articles
RSA MFA Agent 2.3.6 for Microsoft Windows Installation and Administration Guide RSA Authentication Manager 8.7 SP2 Setup and Configuration Guide Troubleshooting RSA MFA Agent for Microsoft Windows How to manipulate imported RSA SecurID Software Token(s) on an iPhone or iPad device RSA Authentication Manager 8.9 Release Notes (January 2026)
