Events and logging

PhenixID server has two types of logs events and server runtime information.

Events are typically well defined known messages meant to provide information on what happens in the system from a reporting perspective. System events are store in the events.log file and in the reporting database if enabled.

Event format used is the CEF, Common Event Format.  

Configuration manager shows the last 200 events. To get full view of all events see events.log file or use the reporting view in the configuration UI.

An event consists of an ID and a user friendly description.

Event ID's

Avalible event id's and descriptions are:    

  •    EVT_000000, Server initializing
  •    EVT_000001, Server initialized
  •    EVT_000002, Server starting
  •    EVT_000003, Server started
  •    EVT_000004, Server stopping
  •    EVT_000005, Server stopped
  •    EVT_000006, Server initialization failed
  •    EVT_000007, Server start failed
  •    EVT_000008, Server stop failed
  •    EVT_000009, Server configuration reloaded
  •    EVT_000010, Server configuration reloaded failed
  •    EVT_000011, Server configuration updated
  •    EVT_000012, Server node joined cluster
  •    EVT_000013, Server node left cluster
  •    EVT_000014, License expired
  •    EVT_000030, Session expired
  •    EVT_000031, Service started
  •    EVT_000032, Service stopped
  •    EVT_000033, Module stopped
  •    EVT_000034, Module started
  •    EVT_000035, Scheduled job performed
  •    EVT_000036, Scheduled job failed
  •    EVT_000040, Session NOT found
  •    EVT_000041, Module reconfigured
  •    EVT_000042, Events purged
  •    EVT_000050, Connection established
  •    EVT_000051, Connection failed
  •    EVT_000052, Generic success
  •    EVT_000053, Generic failiure
  •    EVT_000054, Password changed
  •    EVT_000055, User logged out
  •    EVT_000056, Configuration data migration started
  •    EVT_000057, Configuration data migration done
  •    EVT_000058, Configuration data migration falied
  •    EVT_000100, Hardware Tokens imported from PSKC file
  •    EVT_000101, Hardware Tokens imported from CSV file
  •    EVT_000102, Hardware Token assigned to user
  •    EVT_000103, Hardware Token unassigned from user
  •    EVT_000105, Hardware Tokens imported from Yubico CSV file
  •    EVT_000110, Hardware Token deleted from token store
  •    EVT_000200, Certificate valid
  •    EVT_000201, Certificate not yet valid
  •    EVT_000202, Certificate expired
  •    EVT_000203, Certificate about to expire
  •    EVT_001000, Token authentication failed, token locked
  •    EVT_001001, Token authentication success
  •    EVT_001002, Token authentication failed, wrong OTP
  •    EVT_001003, Allowed access from location
  •    EVT_001004, Disallowed access from location
  •    EVT_001005, Message sent
  •    EVT_001006, User authentication success with username & password
  •    EVT_001007, PIN code validation success
  •    EVT_001008, User authentication failed
  •    EVT_001009, PIN code validation failed
  •    EVT_001010, User authentication failed, user is locked
  •    EVT_001011, User authentication failed, incrementing lock state counter
  •    EVT_001012, User authentication failed, temporary locking user
  •    EVT_001013, Question And Answer authentication failed, no or not enough questions for user
  •    EVT_001014, Question And Answer authentication failed, user failed authentication
  •    EVT_001015, User authentication success with question and answer
  •    EVT_001016, Geo location translated
  •    EVT_001017, Wrong OTP provided
  •    EVT_001018, Provided OTP was correct
  •    EVT_001019, Token enrolled
  •    EVT_001020, OTP delivery success
  •    EVT_001021, OTP delivery failed
  •    EVT_001022, User authentication success with username, password & OTP
  •    EVT_001023, User authentication failed with username & password, safe mode enabled, sending Access Challenge
  •    EVT_001024, OTP delivery failed, no OTP in request
  •    EVT_001025, OTP delivery failed, no recipient address in request
  •    EVT_001026, Message delivery success
  •    EVT_001027, Message delivery failed
  •    EVT_001028, Message delivery failed, no recipient address in request
  •    EVT_001029, Generated OTP was not found
  •    EVT_001030, User authentication failed, permanently locking user
  •    EVT_001031, User authentication failed, incrementing failed login attempts
  •    EVT_001032, Token revoked
  •    EVT_001033, Hardware Token auto enrolled
  •    EVT_001034, User authentication based on header performed successfully
  •    EVT_001035, User authentication, windows integrated, performed successfully
  •    EVT_001036, Successful OTP response
  •    EVT_001037, Failed OTP response
  •    EVT_001038, Prefetch token removed, all OTPs are used
  •    EVT_001100, Successfully looked up user
  •    EVT_003000, Successfully validated X509 certificate
  •    EVT_003001, X509 certificate failed revocation checking
  •    EVT_003002, X509 certificate issuer not trusted
  •    EVT_003003, X509 certificate failed basic validation
  •    EVT_003004, User authentication success with certificate
  •    EVT_003100, Assignment confirmed by user
  •    EVT_003101, Assignment rejected by user
  •    EVT_003102, User authentication confirmed with One Touch
  •    EVT_003103, User authentication rejected with One Touch
  •    EVT_003104, User authentication error with One Touch
  •    EVT_004000, Successfully authenticated with Swedish BankID
  •    EVT_004001, Swedish BankID Authentication Failed
  •    EVT_004002, IDP meta data loaded
  •    EVT_004003, SP meta data loaded

 

Events can be configured to be sent to external event receiver such as syslog server etc.

Server information

server.log contains information used for system diagnostics. Level of detail etc is controlled by the log4j.xml file. To edit log settings see this article.