Might be of interest to some of you: I export my logs to Sumologic. To help with reporting I created a lookup table (CSV file) so I could translate log event type codes to something user friendly. I should automate this with a script but for now the table is maintained manually, and I just recently updated it.
I also submitted a feature request to Auth0 asking them to provide & maintain something equivalent.
Thanks for sharing this @markd!
Hello there ic my version formatted as a PHP array :
private $log_codes = [
"api_limit" => [
"event" => "Rate Limit on the Authentication or Management APIs",
"description" => "The maximum number of requests to the Authentication or Management APIs in given time has reached."
], "cls" => [
"event" => "Code/Link Sent",
"description" => "Passwordless login code/link has been sent"
], "cs" => [
"event" => "Code Sent",
"description" => "Passwordless login code has been sent"
], "depnote" => [
"event" => "Deprecation Notice",
], "f" => [
"event" => "Failed Login",
], "fapi" => [
"event" => "Operation on API failed",
], "fc" => [
"event" => "Failed by Connector",
], "fce" => [
"event" => "Failed Change Email",
"description" => "Failed to change user email"
], "fco" => [
"event" => "Failed by CORS",
"description" => "Origin is not in the Allowed Origins list for the specified application"
], "fcoa" => [
"event" => "Failed cross-origin authentication",
], "fcp" => [
"event" => "Failed Change Password",
], "fcph" => [
"event" => "Failed Post Change Password Hook",
], "fcpn" => [
"event" => "Failed Change Phone Number",
], "fcpr" => [
"event" => "Failed Change Password Request",
], "fcpro" => [
"event" => "Failed Connector Provisioning",
"description" => "Failed to provision a AD/LDAP connector"
], "fcu" => [
"event" => "Failed Change Username",
"description" => "Failed to change username"
], "fd" => [
"event" => "Failed Delegation",
"description" => "Failed to generate delegation token"
], "fdeac" => [
"event" => "Failed Device Activation",
"description" => "Failed to activate device."
], "fdeaz" => [
"event" => "Failed Device Authorization Request",
"description" => "Device authorization request failed."
], "fdecc" => [
"event" => "User Canceled Device Confirmation",
"description" => "User did not confirm device."
], "fdu" => [
"event" => "Failed User Deletion",
], "feacft" => [
"event" => "Failed Exchange",
"description" => "Failed to exchange authorization code for Access Token"
], "feccft" => [
"event" => "Failed Exchange",
"description" => "Failed exchange of Access Token for a Client Credentials Grant"
], "fede" => [
"event" => "Failed Exchange",
"description" => "Failed to exchange Device Code for Access Token"
], "fens" => [
"event" => "Failed Exchange",
"description" => "Failed exchange for Native Social Login"
], "feoobft" => [
"event" => "Failed Exchange",
"description" => "Failed exchange of Password and OOB Challenge for Access Token"
], "feotpft" => [
"event" => "Failed Exchange",
"description" => "Failed exchange of Password and OTP Challenge for Access Token"
], "fepft" => [
"event" => "Failed Exchange",
"description" => "Failed exchange of Password for Access Token"
], "fepotpft" => [
"event" => "Failed Exchange",
"description" => "Failed exchange of Passwordless OTP for Access Token"
], "fercft" => [
"event" => "Failed Exchange",
"description" => "Failed Exchange of Password and MFA Recovery code for Access Token"
], "fertft" => [
"event" => "Failed Exchange",
"description" => "Failed Exchange of Refresh Token for Access Token. This could occur if the refresh token is revoked or expired."
], "ferrt" => [
"event" => "Failed Exchange",
"description" => "Failed Exchange of Rotating Refresh Token. This could occur when reuse is detected."
], "fi" => [
"event" => "Failed invite accept",
"description" => "Failed to accept a user invitation. This could happen if the user accepts an invitation using a different email address than provided in the "
], "invitation" => [
"event" => ", or due to a system failure while provisioning the invitation",
], "flo" => [
"event" => "Failed Logout",
"description" => "User logout failed"
], "fn" => [
"event" => "Failed Sending Notification",
"description" => "Failed to send email notification"
], "fp" => [
"event" => "Failed Login (Incorrect Password",
], "fs" => [
"event" => "Failed Signup",
], "fsa" => [
"event" => "Failed Silent Auth",
], "fu" => [
"event" => "Failed Login (Invalid Email/Username",
], "fui" => [
"event" => "Failed users import",
"description" => "Failed to import users"
], "fv" => [
"event" => "Failed Verification Email",
"description" => "Failed to send verification email"
], "fvr" => [
"event" => "Failed Verification Email Request",
"description" => "Failed to process verification email request"
], "gd_auth_failed" => [
"event" => "MFA Auth failed",
"description" => "Multi-factor authentication failed. This could happen due to a wrong code entered for SMS/Voice/Email/TOTP factors, or a system failure."
], "gd_auth_rejected" => [
"event" => "MFA Auth rejected",
"description" => "A user rejected a Multi-factor authentication request via push-notification."
], "gd_auth_succeed" => [
"event" => "MFA Auth success",
"description" => "Multi-factor authentication success."
], "gd_enrollment_complete" => [
"event" => "MFA enrollment complete",
"description" => "A first time MFA user has successfully enrolled using one of the factors."
], "gd_otp_rate_limit_exceed" => [
"event" => "Too many failures",
"description" => "A user, during enrollment or authentication, enters an incorrect code more than the maximum allowed number of times. Ex=> A user enrolling in SMS enters the 6-digit code wrong more than 10 times in a row."
], "gd_recovery_failed" => [
"event" => "Recovery failed",
"description" => "A user enters a wrong recovery code when attempting to authenticate."
], "gd_recovery_rate_limit_exceed" => [
"event" => "Too many failures",
"description" => "A user enters a wrong recovery code too many times."
], "gd_recovery_succeed" => [
"event" => "Recovery success",
"description" => "A user successfully authenticates with a recovery code."
], "gd_send_email" => [
"event" => "Email Sent",
"description" => "Email for MFA successfully sent."
], "gd_send_pn" => [
"event" => "Push notification sent",
"description" => "Push notification for MFA sent successfully sent."
], "gd_send_pn_failure" => [
"event" => "Push notification sent",
"description" => "Push notification for MFA failed."
], "gd_send_sms" => [
"event" => "SMS sent",
"description" => "SMS for MFA successfully sent."
], "gd_send_sms_failure" => [
"event" => "SMS sent failures",
"description" => "Attempt to send SMS for MFA failed."
], "gd_send_voice" => [
"event" => "Voice call made",
"description" => "Voice call for MFA successfully made."
], "gd_send_voice_failure" => [
"event" => "Voice call failure",
"description" => "Attempt to make Voice call for MFA failed."
], "gd_start_auth" => [
"event" => "Second factor started",
"description" => "Second factor authentication event started for MFA."
], "gd_start_enroll" => [
"event" => "Enroll started",
"description" => "Multi-factor authentication enroll has started."
], "gd_start_enroll_failed" => [
"event" => "Enrollment failed",
"description" => "Push to start enrollement failed."
], "gd_tenant_update" => [
"event" => "Guardian tenant update",
], "gd_unenroll" => [
"event" => "Unenroll device account",
"description" => "Device used for second factor authentication has been unenrolled."
], "gd_update_device_account" => [
"event" => "Update device account",
"description" => "Device used for second factor authentication has been updated."
], "gd_webauthn_challenge_failed" => [
"event" => "Enrollment challenge issued",
"description" => "User failed to verify Webauthn factor."
], "gd_webauthn_enrollment_failed" => [
"event" => "Enroll failed",
"description" => "WebAuthn factor enrollment failed."
], "limit_delegation" => [
"event" => "Too Many Calls to /delegation",
"description" => "Rate limit exceeded to /delegation endpoint"
], "limit_mu" => [
"event" => "Blocked IP Address",
"description" => "An IP address is blocked because it attempted too many failed logins without a successful login. Or an IP address is blocked because it attempted too many sign-ups, whether successful or failed. For more information, see Attack Protection"
], "limit_wc" => [
"event" => "Blocked Account",
"description" => "An IP address is blocked because it reached the maximum failed login attempts into a single account."
], "limit_sul" => [
"event" => "Blocked Account",
"description" => "A user is temporarily prevented from logging in because they reached the maximum logins per time period from the same IP address. For more information, see Attack Protection."
], "mfar" => [
"event" => "MFA Required",
"description" => "A user has been prompted for multi-factor authentication (MFA). When using Adaptive MFA, Auth0 includes details about the risk assessment."
], "mgmt_api_read" => [
"event" => "Management API read Operation",
"description" => "API GET operation returning secrets completed successfully"
], "oidc_backchannel_logout_failed" => [
"event" => "Failed OIDC Back-Channel Logout request",
"description" => "Failed OIDC Back-Channel Logout request"
], "oidc_backchannel_logout_succeeded" => [
"event" => "Successful OIDC Back-Channel Logout request",
"description" => "Successful OIDC Back-Channel Logout request"
], "pla" => [
"event" => "Pre-login assessment",
"description" => "This log is generated before a login and helps in monitoring the behavior of bot detection without having to enable it."
], "pwd_leak" => [
"event" => "Breached password",
"description" => "Someone behind the IP address ip attempted to login with a leaked password."
], "resource_cleanup" => [
"event" => "Refresh token excess warning",
"description" => "Emitted when resources exceeding defined limits were removed."
], "s" => [
"event" => "Success Login",
"description" => "Successful login event."
], "sapi" => [
"event" => "Success API Operation",
"description" => "Successful management API write event."
], "sce" => [
"event" => "Success Change Email",
], "scoa" => [
"event" => "Success cross-origin authentication",
], "scp" => [
"event" => "Success Change Password",
], "scpn" => [
"event" => "Success Change Phone Number",
], "scpr" => [
"event" => "Success Change Password Request",
], "scu" => [
"event" => "Success Change Username",
], "sd" => [
"event" => "Success Delegation",
], "sdu" => [
"event" => "Success User Deletion",
"description" => "User successfully deleted"
], "seacft" => [
"event" => "Success Exchange",
"description" => "Successful exchange of authorization code for Access Token"
], "seccft" => [
"event" => "Success Exchange",
"description" => "Successful exchange of Access Token for a Client Credentials Grant"
], "sede" => [
"event" => "Success Exchange",
"description" => "Successful exchange of device code for Access Token"
], "sens" => [
"event" => "Success Exchange",
"description" => "Native Social Login"
], "seoobft" => [
"event" => "Success Exchange",
"description" => "Successful exchange of Password and OOB Challenge for Access Token"
], "seotpft" => [
"event" => "Success Exchange",
"description" => "Successful exchange of Password and OTP Challenge for Access Token"
], "sepft" => [
"event" => "Success Exchange",
"description" => "Successful exchange of Password for Access Token"
], "sercft" => [
"event" => "Success Exchange",
"description" => "Successful exchange of Password and MFA Recovery code for Access Token"
], "sertft" => [
"event" => "Success Exchange",
"description" => "Successful exchange of Refresh Token for Access Token"
], "si" => [
"event" => "Successful invite accept",
"description" => "Successfully accepted a user invitation"
], "signup_pwd_leak" => [
"event" => "Breached password",
"description" => "Someone behind the IP address ip attempted to signup with a leaked password."
], "srrt" => [
"event" => "Success Revocation",
"description" => "Successfully revoked a Refresh Token"
], "slo" => [
"event" => "Success Logout",
"description" => "User successfully logged out"
], "ss" => [
"event" => "Success Signup",
], "ssa" => [
"event" => "Success Silent Auth",
], "sui" => [
"event" => "Success users import",
"description" => "Successfully imported users"
], "sv" => [
"event" => "Success Verification Email",
"description" => "Successfully consumed email verification link"
], "svr" => [
"event" => "Success Verification Email Request",
"description" => "Successfully called verification email endpoint. Verification email in queue to send."
], "ublkdu" => [
"event" => "User login block released",
"description" => "User block setup by anomaly detection has been released"
], "w" => [
"event" => "Warnings During Login",
"description" => "Filters for logs of type warning during login"
]
];
Thanks for sharing @laurent.payet!