Events and logging
PhenixID server has two types of logs, events and server runtime information.
Events are typically well defined known messages meant to provide information on what happens in the system from a reporting perspective. System events are stored in the events.log file and in the reporting database, if enabled.
Event format used is the CEF, Common Event Format.
Configuration manager shows the last 200 events. To get a full view of all events see the events.log file or use the reporting view in the configuration UI.
An event consists of an ID and a user-friendly description.
Event ID's
Available event id's and descriptions are:
EVT_000000 Server initializing
EVT_000001 Server initialized
EVT_000002 Server starting
EVT_000003 Server started
EVT_000004 Server stopping
EVT_000005 Server stopped
EVT_000006 Server initialization failed
EVT_000007 Server start failed
EVT_000008 Server stop failed
EVT_000009 Server configuration reloaded
EVT_000010 Server configuration reloaded failed
EVT_000011 Server configuration updated
EVT_000012 Server node joined cluster
EVT_000013 Server node left cluster
EVT_000014 License expired
EVT_000015 License allowed for continued use
EVT_000030 Session expired
EVT_000031 Service started
EVT_000032 Service stopped
EVT_000033 Module stopped
EVT_000034 Module started
EVT_000035 Scheduled job performed
EVT_000036 Scheduled job failed
EVT_000040 Session NOT found
EVT_000041 Module reconfigured
EVT_000042 Events purged
EVT_000050 Connection established
EVT_000051 Connection failed
EVT_000052 Generic success
EVT_000053 Generic failure
EVT_000054 Password changed
EVT_000055 User logged out
EVT_000056 Configuration data migration started
EVT_000057 Configuration data migration done
EVT_000058 Configuration data migration failed
EVT_000080 Configuration API call
EVT_000098 Generic message
EVT_000099,
EVT_000100 Hardware Tokens imported from PSKC file
EVT_000101 Hardware Tokens imported from CSV file
EVT_000102 Hardware Token assigned to user
EVT_000103 Hardware Token unassigned from user
EVT_000105 Hardware Tokens imported from Yubico CSV file
EVT_000110 Hardware Token deleted from token store
EVT_000200 Certificate valid
EVT_000201 Certificate not yet valid
EVT_000202 Certificate expired
EVT_000203 Certificate about to expire
EVT_000204 Certificate validation failed
EVT_001000 Token authentication failed, token locked
EVT_001001 Token authentication success
EVT_001002 Token authentication failed, wrong OTP
EVT_001003 Allowed access from location
EVT_001004 Disallowed access from location
EVT_001005 Message sent
EVT_001006 User authentication success with username & password
EVT_001007 PIN code validation success
EVT_001008 User authentication failed
EVT_001009 PIN code validation failed
EVT_001010 User authentication failed, user is locked
EVT_001011 User authentication failed, incrementing lock state counter
EVT_001012 User authentication failed, temporary locking user
EVT_001013 Question And Answer authentication failed, no or not enough questions for user
EVT_001014 Question And Answer authentication failed, user failed authentication
EVT_001015 User authentication success with question and answer
EVT_001016 Geo location translated
EVT_001017 Wrong OTP provided
EVT_001018 Provided OTP was correct
EVT_001019 Token enrolled
EVT_001020 OTP delivery success
EVT_001021 OTP delivery failed
EVT_001022 User authentication success with username, password & OTP
EVT_001023 User authentication failed with username & password, safe mode enabled, sending Access Challenge
EVT_001024 OTP delivery failed, no OTP in request
EVT_001025 OTP delivery failed, no recipient address in request
EVT_001026 Message delivery success
EVT_001027 Message delivery failed
EVT_001028 Message delivery failed, no recipient address in request
EVT_001029 Generated OTP was not found
EVT_001030 User authentication failed, permanently locking user
EVT_001031 User authentication failed, incrementing failed login attempts
EVT_001032 Token revoked
EVT_001033 Hardware Token auto enrolled
EVT_001034 User authentication based on header performed successfully
EVT_001035 User authentication, windows integrated, performed successfully
EVT_001036 Successful OTP response
EVT_001037 Failed OTP response
EVT_001038 Prefetch token removed, all OTPs are used
EVT_001040 User manually locked
EVT_001041 User manually unlocked
EVT_001042 Prefetch enrolled
EVT_001043 Prefetch revoked
EVT_001044 Token enrolled and activated
EVT_001045 Token activated
EVT_001046 Token deactivated
EVT_001047 Token Checkin
EVT_001048 User authentication success with username & OTP
EVT_001049 User authentication success with Freja E-id
EVT_001050 User authentication with Freja E-id failed
EVT_001051 User authentication success with SITHS eID
EVT_001052 User authentication with SITHS eID failed
EVT_001053 User authentication success with HYPR
EVT_001054 User authentication with HYPR failed
EVT_001100 Successfully looked up user
EVT_001101 User account created
EVT_001102 User account deleted
EVT_001103 User account activated
EVT_001104 User account disabled
EVT_001105 User account elevated group membership
EVT_003000 Successfully validated X509 certificate
EVT_003001 X509 certificate failed revocation checking
EVT_003002 X509 certificate issuer not trusted
EVT_003003 X509 certificate failed basic validation
EVT_003004 User authentication success with certificate
EVT_003005 User signed with certificate
EVT_003006 User signed with Swedish BankID
EVT_003007 User authentication successfully performed with SSO
EVT_003100 Assignment confirmed by user
EVT_003101 Assignment rejected by user
EVT_003102 User authentication confirmed with One Touch
EVT_003103 User authentication rejected with One Touch
EVT_003104 User authentication error with One Touch
EVT_003105 User authentication success
EVT_003106 Password changed
EVT_003200 Rooted device detected
EVT_003300 Sending Apple APNS push notification
EVT_003301 Sending Google GCM push notification
EVT_003400 Password successfully reset
EVT_003401 Password reset failure
EVT_004000 Successfully authenticated with Swedish BankID
EVT_004001 Swedish BankID Authentication Failed
EVT_004002 IDP meta data loaded
EVT_004003 SP meta data loaded
EVT_004800 Successfully authenticated with Swedish BankID TEST
EVT_004801 Swedish BankID authentication canceled TEST
EVT_004802 Successfully signed with Swedish BankID TEST
EVT_004803 Swedish BankID signature canceled TEST
EVT_004804 Freja e-ID sign transaction approved
EVT_004805 Freja e-ID sign transaction canceled
EVT_004806 Freja e-ID sign request created
EVT_004807 Freja e-ID auth transaction approved
EVT_004808 Freja e-ID auth transaction canceled
EVT_004809 Freja e-ID auth request created
EVT_004900 Successfully authenticated with Swedish BankID
EVT_004901 Swedish BankID authentication canceled
EVT_004902 Successfully signed with Swedish BankID
EVT_004903 Swedish BankID signature canceled
EVT_005000 Application access granted
EVT_005001 Application access rejected
Events can be configured to be sent to an external event receiver such as syslog server etc.
Consult LOG4J2 documentation for more information on this matter.
Server information
server.log contains information used for system diagnostics. Level of detail etc is controlled by the log4j2.xml file. To edit log settings see this article.