Events and logging

PhenixID server has two types of logs, events and server runtime information.

Events are typically well defined known messages meant to provide information on what happens in the system from a reporting perspective. System events are stored in the events.log file and in the reporting database, if enabled.

Event format used is the CEF, Common Event Format.  

Configuration manager shows the last 200 events. To get a full view of all events see the events.log file or use the reporting view in the configuration UI.

An event consists of an ID and a user-friendly description.

Event ID's

Available event id's and descriptions are:    

EVT_000000 Server initializing,
EVT_000001 Server initialized,
EVT_000002 Server starting,
EVT_000003 Server started,
EVT_000004 Server stopping,
EVT_000005 Server stopped,
EVT_000006 Server initialization failed,
EVT_000007 Server start failed,
EVT_000008 Server stop failed,
EVT_000009 Server configuration reloaded,
EVT_000010 Server configuration reloaded failed,
EVT_000011 Server configuration updated,
EVT_000012 Server node joined cluster,
EVT_000013 Server node left cluster,
EVT_000014 License expired,
EVT_000015 License allowed for continued use,
EVT_000030 Session expired,
EVT_000031 Service started,
EVT_000032 Service stopped,
EVT_000033 Module stopped,
EVT_000034 Module started,
EVT_000035 Scheduled job performed,
EVT_000036 Scheduled job failed,
EVT_000040 Session NOT found,
EVT_000041 Module reconfigured,
EVT_000042 Events purged,
EVT_000050 Connection established,
EVT_000051 Connection failed,
EVT_000052 Generic success,
EVT_000053 Generic failure,
EVT_000054 Password changed,
EVT_000055 User logged out,
EVT_000056 Configuration data migration started,
EVT_000057 Configuration data migration done,
EVT_000058 Configuration data migration failed,
EVT_000080 Configuration API call,
EVT_000098 Generic message,
EVT_000099,
EVT_000100 Hardware Tokens imported from PSKC file,
EVT_000101 Hardware Tokens imported from CSV file,
EVT_000102 Hardware Token assigned to user,
EVT_000103 Hardware Token unassigned from user,
EVT_000105 Hardware Tokens imported from Yubico CSV file,
EVT_000110 Hardware Token deleted from token store,
EVT_000199,
EVT_000200 Certificate valid,
EVT_000201 Certificate not yet valid,
EVT_000202 Certificate expired,
EVT_000203 Certificate about to expire,
EVT_000204 Certificate validation failed,
EVT_000999,
EVT_001000 Token authentication failed, token locked,
EVT_001001 Token authentication success,
EVT_001002 Token authentication failed, wrong OTP,
EVT_001003 Allowed access from location,
EVT_001004 Disallowed access from location,
EVT_001005 Message sent,
EVT_001006 User authentication success with username & password,
EVT_001007 PIN code validation success,
EVT_001008 User authentication failed,
EVT_001009 PIN code validation failed,
EVT_001010 User authentication failed, user is locked,
EVT_001011 User authentication failed, incrementing lock state counter,
EVT_001012 User authentication failed, temporary locking user,
EVT_001013 Question And Answer authentication failed, no or not enough questions for user,
EVT_001014 Question And Answer authentication failed, user failed authentication,
EVT_001015 User authentication success with question and answer,
EVT_001016 Geo location translated,
EVT_001017 Wrong OTP provided,
EVT_001018 Provided OTP was correct,
EVT_001019 Token enrolled,
EVT_001020 OTP delivery success,
EVT_001021 OTP delivery failed,
EVT_001022 User authentication success with username, password & OTP,
EVT_001023 User authentication failed with username & password, safe mode enabled, sending Access Challenge,
EVT_001024 OTP delivery failed, no OTP in request,
EVT_001025 OTP delivery failed, no recipient address in request,
EVT_001026 Message delivery success,
EVT_001027 Message delivery failed,
EVT_001028 Message delivery failed, no recipient address in request,
EVT_001029 Generated OTP was not found,
EVT_001030 User authentication failed, permanently locking user,
EVT_001031 User authentication failed, incrementing failed login attempts,
EVT_001032 Token revoked,
EVT_001033 Hardware Token auto enrolled,
EVT_001034 User authentication based on header performed successfully,
EVT_001035 User authentication, windows integrated, performed successfully,
EVT_001036 Successful OTP response,
EVT_001037 Failed OTP response,
EVT_001038 Prefetch token removed, all OTPs are used,
EVT_001040 User manually locked,
EVT_001041 User manually unlocked,
EVT_001042 Prefetch enrolled,
EVT_001043 Prefetch revoked,
EVT_001044 Token enrolled and activated,
EVT_001045 Token activated,
EVT_001046 Token deactivated,
EVT_001047 Token Checkin,
EVT_001048 User authentication success with username & OTP,
EVT_001049 User authentication success with Freja E-id,
EVT_001050 User authentication with Freja E-id failed,
EVT_001051 User authentication success with SITHS eID,
EVT_001052 User authentication with SITHS eID failed,
EVT_001053 User authentication success with HYPR,
EVT_001054 User authentication with HYPR failed,
EVT_001055 FIDO authentication success,
EVT_001056 FIDO authentication failed,
EVT_001100 Successfully looked up user,
EVT_001101 User account created,
EVT_001102 User account deleted,
EVT_001103 User account activated,
EVT_001104 User account disabled,
EVT_001105 User account elevated group membership,
EVT_003000 Successfully validated X509 certificate,
EVT_003001 X509 certificate failed revocation checking,
EVT_003002 X509 certificate issuer not trusted,
EVT_003003 X509 certificate failed basic validation,
EVT_003004 User authentication success with certificate,
EVT_003005 User signed with certificate,
EVT_003006 User signed with Swedish BankID,
EVT_003007 User authentication successfully performed with SSO,
EVT_003100 Assignment confirmed by user,
EVT_003101 Assignment rejected by user,
EVT_003102 User authentication confirmed with One Touch,
EVT_003103 User authentication rejected with One Touch,
EVT_003104 User authentication error with One Touch,
EVT_003105 User authentication success,
EVT_003106 Password changed,
EVT_003200 Rooted device detected,
EVT_003300 Sending Apple APNS push notification,
EVT_003301 Sending Google GCM push notification,
EVT_003400 Password successfully reset,
EVT_003401 Password reset failure,
EVT_004000 Successfully authenticated with Swedish BankID,
EVT_004001 Swedish BankID Authentication Failed,
EVT_004002 IDP meta data loaded,
EVT_004003 SP meta data loaded,
EVT_004800 Successfully authenticated with Swedish BankID TEST,
EVT_004801 Swedish BankID authentication canceled TEST,
EVT_004802 Successfully signed with Swedish BankID TEST,
EVT_004803 Swedish BankID signature canceled TEST,
EVT_004804 Freja e-ID sign transaction approved,
EVT_004805 Freja e-ID sign transaction canceled,
EVT_004806 Freja e-ID sign request created,
EVT_004807 Freja e-ID auth transaction approved,
EVT_004808 Freja e-ID auth transaction canceled,
EVT_004809 Freja e-ID auth request created,
EVT_004810 Failed authentication with Nias,
EVT_004811 User authentication success with Nias,
EVT_004812 Swedish BankID API TEST,
EVT_004900 Successfully authenticated with Swedish BankID,
EVT_004901 Swedish BankID authentication canceled,
EVT_004902 Successfully signed with Swedish BankID,
EVT_004903 Swedish BankID signature canceled,
EVT_004904 Swedish BankID authentication started,
EVT_004905 Swedish BankID signing started,
EVT_004906 Swedish BankID canceled,
EVT_004907 Swedish BankID user canceled,
EVT_004908 Swedish BankID completed,
EVT_005000 Application access granted,
EVT_005001 Application access rejected,

 

Events can be configured to be sent to an external event receiver such as syslog server etc. 

Consult LOG4J2 documentation for more information on this matter.

Server information

server.log contains information used for system diagnostics. The level of detail etc is controlled by the log4j2.xml file. To edit log settings look in the solutions manual for more information.