Thanks for that Lakshmanan. I was looking through my notes and I found a
document that support have given me 2 years ago. It outlined exactly
what AuditPlus was collecting. it included more events than are listed
above. For example:
- 6272 Network Policy Server granted access to a user
- 6273 Network Policy Server denied access to a user
- 6274 Network Policy Server discarded the request for a user
- 6275 Network Policy Server discarded the accounting request for a user
- 6276 Network Policy Server quarantined a user
- 6277 Network Policy Server granted access to a user but put it on probation because the host did not meet the defined health policy
- 6278 Network Policy Server granted full access to a user because the host met the defined health policy
- 6279 Network Policy Server locked the user account due to repeated failed authentication attempts
- 6280 Network Policy Server unlocked the user account