If you log on to the Alibaba Cloud Management Console by using an Alibaba Cloud account, a logon event (ConsoleSignin) is generated. This topic describes sample logon events and the fields in the sample logon events.
Example 1: Logon event in which MFA is disabled
In the following sample event, the Alibaba Cloud account 151266687691****
is used to log on to the Alibaba Cloud Management Console at 08:00:00 (UTC+8) on
January 1, 2021, and multi-factor authentication (MFA) is disabled.
{
"eventId": "2546c4b7-6b56-403e-97d3-500d8d29****",
"eventVersion": 1,
"eventSource": "http://account.aliyun.com/login/login_aliyun.htm",
"sourceIpAddress": "192.168.XX.XX",
"userAgent": "Mozilla/5.0 (iPhone; CPU iPhone OS 15_0 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Mobile/19A5307g Ariver/1.1.0 AliApp(AP/10.2.28.6000) Nebula WK RVKType(1) AlipayDefined(nt:WIFI,ws:390|780|3.0) AlipayClient/10.2.28.6000 Language/zh-Hans Region/CN NebulaX/1.0.0",
"eventType": "ConsoleSignin",
"userIdentity": {
"accountId": "151266687691****",
"principalId": "151266687691****",
"type": "root-account",
"userName": "root"
},
"serviceName": "AasCustomer",
"additionalEventData": {
"loginAccount": "Alice",
"isMFAChecked": "false"
},
"extend": "2",
"requestId": "2546c4b7-6b56-403e-97d3-500d8d2****",
"eventTime": "2021-01-01T00:00:00Z",
"isGlobal": true,
"acsRegion": "cn-hangzhou",
"eventName": "ConsoleSignin"
}
The sample event contains the following key fields:
eventName
: the name of the event. The value in the sample event isConsoleSignin
, which indicates a console logon event.userIdentity.accountId
: the ID of the Alibaba Cloud account that is used by the requester.userIdentity.type
: the identity type of the requester. The value in the sample event isroot-account
, which indicates an Alibaba Cloud account.eventTime
: the time when the event is generated. The time is in UTC. The value in the sample event is2021-01-01T00:00:00Z
, which indicates that the event occurred at 08:00:00 on January 1, 2021. The time is in UTC+8.additionalEventData.isMFAChecked
: indicates whether MFA is enabled. The value in the sample event isfalse
, which indicates that MFA is disabled.
Example 2: Logon event in which MFA is enabled
In the following sample event, the Alibaba Cloud account 151266687691****
is used to log on to the Alibaba Cloud Management Console at 08:00:00 (UTC+8) on
January 1, 2021, and MFA is enabled.
{
"eventId": "2546c4b7-6b56-403e-97d3-500d8d29****",
"eventVersion": 1,
"eventSource": "http://account.aliyun.com/account_init/skip2Login.htm",
"sourceIpAddress": "192.168.XX.XX",
"userAgent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107 Safari/537.36",
"eventType": "ConsoleSignin",
"userIdentity": {
"accountId": "151266687691****",
"principalId": "151266687691****",
"type": "root-account",
"userName": "root"
},
"serviceName": "AasCustomer",
"additionalEventData": {
"loginAccount": "Alice",
"isMFAChecked": "true"
},
"extend": "2",
"requestId": "2546c4b7-6b56-403e-97d3-500d8d29****",
"eventTime": "2021-01-01T00:00:00Z",
"isGlobal": true,
"acsRegion": "cn-hangzhou",
"eventName": "ConsoleSignin"
}
The sample event contains the following key fields:
eventName
: the name of the event. The value in the sample event isConsoleSignin
, which indicates a console logon event.userIdentity.accountId
: the ID of the Alibaba Cloud account that is used by the requester.userIdentity.type
: the identity type of the requester. The value in the sample event isroot-account
, which indicates an Alibaba Cloud account.additionalEventData.isMFAChecked
: indicates whether MFA is enabled. The value in the sample event istrue
, which indicates that MFA is enabled.eventTime
: the time when the event is generated. The time is in UTC. The value in the sample event is2021-01-01T00:00:00Z
, which indicates that the event occurred at 08:00:00 on January 1, 2021. The time is in UTC+8.
Example 3: Failed logon event
In the following sample event, the Alibaba Cloud account 151266687691****
failed to log on to the Alibaba Cloud Management Console at 08:00:00 (UTC+8) on January
1, 2021.
{
"eventId": "6da1622f55a9c5d7a0c4f462fd81****",
"eventVersion": 1,
"errorMessage": "Invalid password",
"eventSource": "https://passport.aliyun.com/mini_login.htm?lang=zh_CN&appName=aliyun&appEntrance=new_aliyun_v2&styleType=vertical&bizParams=¬LoadSsoView=true¬KeepLogin=true&isMobile=false®Url=https%3A%2F%2Faccount.aliyun.com%2Fregister%2Fqr_register.htm%3Foauth_callback%3Dhttps%253A%252F%252Factiontrail.console.aliyun.com%252Fcn-hangzhou%252Fevent-list&returnUrl=https%3A%2F%2Faccount.aliyun.com%2Flogin%2Flogin_aliyun.htm%3Foauth_callback%3Dhttps%253A%252F%252Factiontrail.console.aliyun.com%252Fcn-hangzhou%252Fevent-list&cssUrl=https%3A%2F%2Fg.alicdn.com%2Fdawn%2Faliyun-account-styles%2F0.0.1%2Flogin-embedder.css&pageversion=v1&rnd=0.16498232922940215",
"errorCode": "login_illegal_password",
"sourceIpAddress": "192.168.XX.XX",
"userAgent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36",
"eventRW": "Write",
"eventType": "ApiCall",
"userIdentity": {
"accountId": "151266687691****",
"principalId": "151266687691****",
"type": "root-account",
"userName": "root"
},
"serviceName": "AasCustomer",
"extend": "false",
"requestId": "6da1622f55a9c5d7a0c4f462fd81****",
"eventTime": "2021-01-01T00:00:00Z",
"isGlobal": true,
"acsRegion": "cn-hangzhou",
"eventName": "ConsoleSignin"
}
The sample event contains the following key fields:
eventName
: the name of the event. The value in the sample event isConsoleSignin
, which indicates a console logon event.userIdentity.accountId
: the ID of the Alibaba Cloud account that is used by the requester.userIdentity.type
: the identity type of the requester. The value in the sample event isroot-account
, which indicates an Alibaba Cloud account.eventTime
: the time when the event is generated. The time is in UTC. The value in the sample event is2021-01-01T00:00:00Z
, which indicates that the event occurred at 08:00:00 on January 1, 2021. The time is in UTC+8.errorCode
: the error code. The value in the sample event islogin_illegal_password
, which indicates that the password is invalid.errorMessage
: the error message. The value in the sample event isInvalid password
, which indicates that the logon failure is caused by an invalid password.