Events and logging

PhenixID server has two types of logs, events and server runtime information.

Events are typically well defined known messages meant to provide information on what happens in the system from a reporting perspective. System events are stored in the events.log file and in the reporting database, if enabled.

Event format used is the CEF, Common Event Format.  

Configuration manager shows the last 200 events. To get a full view of all events see the events.log file or use the reporting view in the configuration UI.

An event consists of an ID and a user-friendly description.

Event ID's

Available event id's and descriptions are:    

EVT_000000 Server initializing

EVT_000001 Server initialized

EVT_000002 Server starting

EVT_000003 Server started

EVT_000004 Server stopping

EVT_000005 Server stopped

EVT_000006 Server initialization failed

EVT_000007 Server start failed

EVT_000008 Server stop failed

EVT_000009 Server configuration reloaded

EVT_000010 Server configuration reloaded failed

EVT_000011 Server configuration updated

EVT_000012 Server node joined cluster

EVT_000013 Server node left cluster

EVT_000014 License expired

EVT_000015 License allowed for continued use

EVT_000030 Session expired

EVT_000031 Service started

EVT_000032 Service stopped

EVT_000033 Module stopped

EVT_000034 Module started

EVT_000035 Scheduled job performed

EVT_000036 Scheduled job failed

EVT_000040 Session NOT found

EVT_000041 Module reconfigured

EVT_000042 Events purged

EVT_000050 Connection established

EVT_000051 Connection failed

EVT_000052 Generic success

EVT_000053 Generic failure

EVT_000054 Password changed

EVT_000055 User logged out

EVT_000056 Configuration data migration started

EVT_000057 Configuration data migration done

EVT_000058 Configuration data migration failed

EVT_000080 Configuration API call

EVT_000099,

EVT_000100 Hardware Tokens imported from PSKC file

EVT_000101 Hardware Tokens imported from CSV file

EVT_000102 Hardware Token assigned to user

EVT_000103 Hardware Token unassigned from user

EVT_000105 Hardware Tokens imported from Yubico CSV file

EVT_000110 Hardware Token deleted from token store

EVT_000199,

EVT_000200 Certificate valid

EVT_000201 Certificate not yet valid

EVT_000202 Certificate expired

EVT_000203 Certificate about to expire

EVT_000204 Certificate validation failed

EVT_000999,

EVT_001000 Token authentication failed, token locked

EVT_001001 Token authentication success

EVT_001002 Token authentication failed, wrong OTP

EVT_001003 Allowed access from location

EVT_001004 Disallowed access from location

EVT_001005 Message sent

EVT_001006 User authentication success with username & password

EVT_001007 PIN code validation success

EVT_001008 User authentication failed

EVT_001009 PIN code validation failed

EVT_001010 User authentication failed, user is locked

EVT_001011 User authentication failed, incrementing lock state counter

EVT_001012 User authentication failed, temporary locking user

EVT_001013 Question And Answer authentication failed, no or not enough questions for user

EVT_001014 Question And Answer authentication failed, user failed authentication

EVT_001015 User authentication success with question and answer

EVT_001016 Geo location translated

EVT_001017 Wrong OTP provided

EVT_001018 Provided OTP was correct

EVT_001019 Token enrolled

EVT_001020 OTP delivery success

EVT_001021 OTP delivery failed

EVT_001022 User authentication success with username, password & OTP

EVT_001023 User authentication failed with username & password, safe mode enabled, sending Access Challenge

EVT_001024 OTP delivery failed, no OTP in request

EVT_001025 OTP delivery failed, no recipient address in request

EVT_001026 Message delivery success

EVT_001027 Message delivery failed

EVT_001028 Message delivery failed, no recipient address in request

EVT_001029 Generated OTP was not found

EVT_001030 User authentication failed, permanently locking user

EVT_001031 User authentication failed, incrementing failed login attempts

EVT_001032 Token revoked

EVT_001033 Hardware Token auto enrolled

EVT_001034 User authentication based on header performed successfully

EVT_001035 User authentication, windows integrated, performed successfully

EVT_001036 Successful OTP response

EVT_001037 Failed OTP response

EVT_001038 Prefetch token removed, all OTPs are used

EVT_001040 User manually locked

EVT_001041 User manually unlocked

EVT_001042 Prefetch enrolled

EVT_001043 Prefetch revoked

EVT_001044 Token enrolled and activated

EVT_001045 Token activated

EVT_001046 Token deactivated

EVT_001047 Token Checkin

EVT_001100 Successfully looked up user

EVT_001101 User account created

EVT_001102 User account deleted

EVT_001103 User account activated

EVT_001104 User account disabled

EVT_001105 User account elevated group membership

EVT_003000 Successfully validated X509 certificate

EVT_003001 X509 certificate failed revocation checking

EVT_003002 X509 certificate issuer not trusted

EVT_003003 X509 certificate failed basic validation

EVT_003004 User authentication success with certificate

EVT_003005 User signed with certificate

EVT_003006 User signed with Swedish BankID

EVT_003100 Assignment confirmed by user

EVT_003101 Assignment rejected by user

EVT_003102 User authentication confirmed with One Touch

EVT_003103 User authentication rejected with One Touch

EVT_003104 User authentication error with One Touch

EVT_003105 User authentication success

EVT_003106 Password changed

EVT_003200 Rooted device detected

EVT_003300 Sending Apple APNS push notification

EVT_003301 Sending Google GCM push notification

EVT_004000 Successfully authenticated with Swedish BankID

EVT_004001 Swedish BankID Authentication Failed

EVT_004002 IDP meta data loaded

EVT_004003 SP meta data loaded

EVT_004800 Successfully authenticated with Swedish BankID TEST

EVT_004801 Swedish BankID authentication cancelled TEST

EVT_004802 Successfully signed with Swedish BankID TEST

EVT_004803 Swedish BankID signature cancelled TEST

EVT_004900 Successfully authenticated with Swedish BankID

EVT_004901 Swedish BankID authentication cancelled

EVT_004902 Successfully signed with Swedish BankID

EVT_004903 Swedish BankID signature cancelled

EVT_005000 Application access granted

EVT_005001 Application access rejected

 

Events can be configured to be sent to an external event receiver such as syslog server etc. 

Consult LOG4J2 documentation for more information on this matter.

Server information

server.log contains information used for system diagnostics. Level of detail etc is controlled by the log4j2.xml file. To edit log settings see this article.