The Logs section contains the following logs:
System log
Web server log
RADIUS Server log
Replication log
Superuser commands
Background tasks log
NOTE:A tenant administrator will not have access to Web server log, Replication log, Superuser commands and Background tasks log.
The System log contains the following information events:
Code |
Name |
Class |
Severity |
Optional Parameters |
Example |
---|---|---|---|---|---|
1 |
New Request |
Operational |
1 |
None |
June 10 20:10:11 host CEF:0|AAA|Core|5.0|1|New Request|1| |
2 |
Request failed |
Operational |
1 |
None |
June 10 20:10:11 host CEF:0|AAA|Core|5.0|1|Request failed|1| |
10 |
Server started |
Operational |
4 |
None |
June 10 20:10:11 host CEF:0|AAA|Core|5.0|1|Server started|4| |
12 |
Server stopped |
Operational |
7 |
None |
June 10 20:10:11 host CEF:0|AAA|Core|5.0|2|Server stopped|7| |
13 |
Server unexpectedly stopped |
Operational |
10 |
None |
June 10 20:10:11 host CEF:0|AAA|Core|5.0|3|Server unexpectedly stopped|10 |
50 |
Server Message |
Operational |
5 |
Message |
June 10 20:10:11 host CEF:0|AAA|Core|5.0|4|Server Message|4|This is my message |
100 |
User logon started |
Security |
4 |
Username Ep Ep_addr Sid Unit_id Session_id Event Tenant_name |
June 10 20:10:11 host CEF:0|AAA|Core|5.0|4|User logon started|4|username=Mycompany\\demo sid=S-1-5-XXX session_id=123 event=Windows Logon ep=aaadev1.Mycompany.local ep_addr=192.168.91.1 tenant_name=Mycompany |
101 |
User was successfully logged on |
Security |
7 |
Username Ep Ep_addr Sid Session_id method_name method_comment method_infoEvent Tenant_name Template_owner |
June 10 20:10:11 host CEF:0|AAA|Core|5.0|5|User was successfully logged on|7|username=Mycompany\\demo sid=S-1-5-XXX session_id=123 method_name=card method_comment=white card method_info=YYY password ep=aaadev1.Mycompany.local ep_addr=192.168.91.1 event=Windows Logon template_owner=Mycompany\\demo tenant_name=Mycompany |
102 |
User was failed to authenticate |
Security |
9 |
Username Ep Ep_addr Sid Session_id Method_name Tenant_name Template_owner |
June 10 20:10:11 host CEF:0|AAA|Core|5.0|6|User was failed to authenticate|9|Username=Mycompany\\demo sid=S-1-5-XXX session_id=123 method_name=card ep=aaadev1.Mycompany.local ep_addr=192.168.91.1 template_owner=Mycompany\\demo tenant_name=Mycompany |
103 |
User was switched to different method |
Security |
2 |
Username Ep Ep_addr Sid Session_id New_method_ name Tenant_name |
June 10 20:10:11 host CEF:0|AAA|Core|5.0|7|User was switched to different method|2|username=Mycompany\\demo sid=S-1-5-XXX new_method_name=fingerprint session_id=123 ep=aaadev1.Mycompany.local ep_addr=192.168.91.1 tenant_name=Mycompany |
104 |
User logon session was ended |
Security |
2 |
Username Ep Ep_addr Sid Session_id Tenant_name |
June 10 20:10:11 host CEF:0|AAA|Core|5.0|8|User logon session was ended|2|username=Mycompany\\demo sid=S-1-5-XXX session_id=123 ep=aaadev1.Mycompany.local ep_addr=192.168.91.1tenant_name=Mycompany |
105 |
User logon unwanted |
Security |
9 |
Username Ep Ep_addr Method_name Tenant_name |
June 10 20:10:11 host CEF:0|AAA|Core|5.0|8|User logon session was ended|9|username=Mycompany\\demo sid=S-1-5-XXX session_id=123 ep=aaadev1.Mycompany.local ep_addr=192.168.91.1 method_name=voice tenant_name=Mycompany |
200 |
User read app data |
Security |
3 |
Username Ep Ep_addr Sid Session_id Data_id Record_id Tenant_name |
June 10 20:10:11 host CEF:0|AAA|Core|5.0|9|User read app data|3|username=Mycompany\\demo sid=S-1-5-XXX session_id=123 data_id=Windows Logon record_id=password ep=aaadev1.Mycompany.local ep_addr=192.168.91.1 tenant_name=Mycompany |
201 |
User write app data |
Security |
4 |
Username Ep Ep_addr Sid Session_id Data_id Record_id Tenant_name |
June 10 20:10:11 host CEF:0|AAA|Core|5.0|10|User write app data|4|username=Mycompany\\demo sid=S-1-5-XXX session_id=123 data_id=Windows Logon record_id=password ep=aaadev1.Mycompany.local ep_addr=192.168.91.1 tenant_name=Mycompany |
300 |
Endpoint joined |
Security |
4 |
Ep_name Ep_addr Ep_id Username Tenant_name |
June 10 20:10:11 host CEF:0|AAA|Core|5.0|11|Endpoint joined|4|ep_name=xp_client ep_id=123 username=Mycompany\Admin ep_addr=192.168.91.1 tenant_name=Mycompany |
301 |
No rights to join endpoint |
Security |
7 |
Ep_name Ep_addr Ep_id Username Tenant_name |
June 10 20:10:11 host CEF:0|AAA|Core|5.0|12|No rights to join endpoint|7|ep_name=xp_client ep_id=123 username=Mycompany\Admin ep_addr=192.168.91.1 tenant_name=Mycompany |
302 |
Failed to join endpoint |
Operational |
7 |
Ep_name Ep_addr Ep_id Username Reason Tenant_name |
June 10 20:10:11 host CEF:0|AAA|Core|5.0|13|Failed to join endpoint |7|ep_name=xp_client ep_id=123 username=Mycompany\Admin ep_addr=192.168.91.1 reason=Duplicated tenant_name=Mycompany |
303 |
Endpoint remove |
Security |
4 |
Ep_name Ep_addr Ep_id Username Tenant_name |
June 10 20:10:11 host CEF:0|AAA|Core|5.0|14|Endpoint remove|4|ep_name=xp_client ep_id=123 username=Mycompany\Admin ep_addr=192.168.91.1 |
304 |
No rights to remove endpoint |
Security |
7 |
Ep_name Ep_addr Ep_id Username Tenant_name |
June 10 20:10:11 host CEF:0|AAA|Core|5.0|15|No rights to remove endpoint|7|ep_name=xp_client ep_id=123 username=Mycompany\Admin ep_addr=192.168.91.1 tenant_name=Mycompany |
305 |
Failed to remove endpoint |
Operational |
7 |
Ep_name Ep_addr Ep_id Username Reason Tenant_name |
June 10 20:10:11 host CEF:0|AAA|Core|5.0|16|Failed to remove endpoint |7|ep_name=xp_client ep_id=123 username=Mycompany\Admin ep_addr=192.168.91.1 reason=Duplicated tenant_name=Mycompany |
306 |
Endpoint session started |
Operational |
2 |
Ep_name Ep_addr Ep_id Tenant_name |
June 10 20:10:11 host CEF:0|AAA|Core|5.0|17|Endpoint session started|2|ep_name=xp_client ep_id=123 ep_addr=192.168.91.1 tenant_name=Mycompany |
307 |
Endpoint session ended |
Operational |
2 |
Ep_name Ep_addr Ep_id Tenant_name |
June 10 20:10:11 host CEF:0|AAA|Core|5.0|18|Endpoint session ended|2|ep_name=xp_client ep_id=123 ep_addr=192.168.91.1tenant_name=Mycompany |
308 |
Invalid endpoint secret |
Security |
7 |
Ep_name Ep_addr Ep_id Tenant_name |
June 10 20:10:11 host CEF:0|AAA|Core|5.0|17|Invalid endpoint secret|2|ep_name=xp_client ep_id=123 ep_addr=192.168.91.1 tenant_name=Mycompany |
309 |
Failed to create endpoint session |
Operational |
7 |
Ep_name Ep_addr Ep_id Reason Tenant_name |
June 10 20:10:11 host CEF:0|AAA|Core|5.0|18| Failed to create endpoint session |7|ep_name=xp_client ep_id=123 ep_addr=192.168.91.1 reason=No memory tenant_name=Mycompany |
310 |
Failed to end endpoint session |
Operational |
7 |
Ep_name Ep_addr Ep_id Reason Tenant_name |
June 10 20:10:11 host CEF:0|AAA|Core|5.0|18| Failed to create endpoint session |7|ep_name=xp_client ep_id=123 ep_addr=192.168.91.1 reason=No memory tenant_name=Mycompany |
401 |
New repository was added |
Operational |
4 |
repo_name repo_type session_id tenant_name |
June 10 20:10:11 host CEF:0|AAA|Core|5.0|19|New repository was added |4|repo_name=Mycompany repo_type=LDAP session_id=123 tenant_name=Mycompany |
402 |
Failed to add repository |
Operational |
7 |
repo_name repo_type session_id reason tenant_name |
June 10 20:10:11 host CEF:0|AAA|Core|5.0|20| Failed to add repository|7|repo_name=Mycompany repo_type=LDAP session_id=123 reason=repo already exists tenant_name=Mycompany |
403 |
Repository was removed |
Operational |
4 |
repo_name repo_type session_id tenant_name |
June 10 20:10:11 host CEF:0|AAA|Core|5.0|21|Repository was removed|4|repo_name=Mycompany repo_type=LDAP session_id=123 tenant_name=Mycompany |
404 |
Failed to remove repository |
Operational |
7 |
repo_name repo_type session_id reason tenant_name |
June 10 20:10:11 host CEF:0|AAA|Core|5.0|22|Failed to remove repository|7| repo_name=Mycompany repo_type=LDAP session_id=123 reason=not empty tenant_name=Mycompany |
405 |
Repository configuration was changed |
Operational |
4 |
repo_name repo_type session_id reason tenant_name |
June 10 20:10:11 host CEF:0|AAA|Core|5.0|23|Repository configuration was changed|4| repo_name=Mycompany repo_type=LDAP session_id=123 tenant_name=Mycompany |
501 |
Local user was created |
Operational |
4 |
user_name session_id tenant_name |
June 10 20:10:11 host CEF:0|AAA|Core|5.0|24|Local user was created|4|user_name=admin session_id=123 tenant_name=Mycompany |
502 |
Local user was removed |
Operational |
5 |
user_name session_id tenant_name |
June 10 20:10:11 host CEF:0|AAA|Core|5.0|25|Local user was removed|5|user_name=admin session_id=123 tenant_name=Mycompany |
503 |
Failed to create local user |
Operational |
4 |
user_name session_id reason tenant_name |
June 10 20:10:11 host CEF:0|AAA|Core|5.0|26|ailed to create local user|4|user_name=admin session_id=123 reason=already exists tenant_name=Mycompany |
504 |
No rights to remove local user |
Security |
7 |
user_name session_id tenant_name |
June 10 20:10:11 host CEF:0|AAA|Core|5.0|26|ailed to create local user|4|user_name=admin session_id=123 reason=already exists tenant_name=Mycompany |
505 |
Failed to remove local user |
Operational |
5 |
user_name session_id reason tenant_name |
June 10 20:10:11 host CEF:0|AAA|Core|5.0|28|Failed to remove local user|5|user_name=admin session_id=123 reason=can't remove currently logged on user tenant_name=Mycompany |
506 |
No rights to create local user |
Security |
7 |
user_name session_id tenant_name |
June 10 20:10:11 host CEF:0|AAA|Core|5.0|29|Failed to create local user|7|user_name=admin session_id=123 tenant_name=Mycompany |
601 |
User was created |
Operational |
4 |
user_name session_id repo_name tenant_name |
June 10 20:10:11 host CEF:0|AAA|Core|5.0|30|User was created|4|username=Someone session_id=123 repo_name=Mycompany tenant_name=Mycompany |
602 |
No rights to create user |
Security |
7 |
user_name session_id repo_name tenant_name |
June 10 20:10:11 host CEF:0|AAA|Core|5.0|31|No rights to create user|7|username=Someone session_id=123 repo_name=Mycompany tenant_name=Mycompany |
603 |
Failed to create user |
Operational |
4 |
user_name session_id repo_name reason tenant_name |
June 10 20:10:11 host CEF:0|AAA|Core|5.0|32|Failed to create user|4|user_name=someone session_id=123 repo_name=123 reason=already exists tenant_name=Mycompany |
604 |
User was removed |
Operational |
5 |
user_name session_id repo_name tenant_name |
June 10 20:10:11 host CEF:0|AAA|Core|5.0|33|User was removed|5|username=Someone session_id=123 repo_name=Mycompany tenant_name=Mycompany |
605 |
No rights to remove user |
Security |
7 |
user_name session_id repo_name tenant_name |
June 10 20:10:11 host CEF:0|AAA|Core|5.0|34No rights to remove user|7|username=Someone session_id=123 repo_name=Mycompany tenant_name=Mycompany |
606 |
Failed to remove user |
Operational |
5 |
user_name session_id repo_name reason tenant_name |
June 10 20:10:11 host CEF:0|AAA|Core|5.0|35|Failed to remove user|5|user_name=someone session_id=123 repo_name=123 reason=not found tenant_name=Mycompany |
701 |
Template was assigned to the user |
Security |
7 |
user_name session_id ap_name comment tenant_name |
June 10 20:10:11 host CEF:0|AAA|Core|5.0|36|Template was assigned to the user|7|user_name=Mycompany\some session_id=123 ap_name=Card comment=white card tenant_name=Mycompany |
702 |
Template was enrolled for the user |
Security |
7 |
user_name session_id ap_name comment tenant_name |
June 10 20:10:11 host CEF:0|AAA|Core|5.0|37|Template was enrolled for the user|7|user_name=Mycompany\some session_id=123 ap_name=hand 3D comment=left hand tenant_name=Mycompany |
703 |
User enroll the assigned template |
Security |
7 |
user_name session_id ap_name comment tenant_name |
June 10 20:10:11 host CEF:0|AAA|Core|5.0|38|User enroll the assigned template|7|user_name=Mycompany\some session_id=123 ap_name=hand 3D comment=left hand tenant_name=Mycompany |
704 |
Template e was linked |
Security |
8 |
user_name target_user_name session_id ap_name comment tenant_name |
June 10 20:10:11 host CEF:0|AAA|Core|5.0|39|Template was linked|8|user_name=Mycompany\some target_user_name=Mycompany\boss session_id=123 ap_name=hand 3D comment=left hand tenant_name=Mycompany |
705 |
Failed to assign template to the user |
Security |
7 |
user_name session_id ap_name comment reason tenant_name |
June 10 20:10:11 host CEF:0|AAA|Core|5.0|40|Failed to assign template to the user|7|user_name=Mycompany\some session_id=123 ap_name=Card comment=white card reason=no license tenant_name=Mycompany |
706 |
Failed to enroll template for the user |
Security |
7 |
user_name session_id ap_name comment reason tenant_name |
June 10 20:10:11 host CEF:0|AAA|Core|5.0|41|Failed to enroll template for the user|7|user_name=Mycompany\some session_id=123 ap_name=hand 3D comment=left hand reason=ap error tenant_name=Mycompany |
707 |
User can't enroll the assigned template |
Security |
7 |
user_name session_id ap_name comment reason tenant_name |
June 10 20:10:11 host CEF:0|AAA|Core|5.0|41|User can't enroll the assigned template|7|user_name=Mycompany\some session_id=123 ap_name=hand 3D comment=left hand reason=AP not installed on client side tenant_name=Mycompany |
709 |
Failed to link template |
Security |
8 |
user_name target_user_name session_id ap_name comment reason tenant_name |
June 10 20:10:11 host CEF:0|AAA|Core|5.0|42|Failed to link template|8|user_name=Mycompany\some target_user_name=Mycompany\boss session_id=123 ap_name=hand 3D comment=left hand reason=target user can't be found tenant_name=Mycompany |
709 |
Template link was removed |
Security |
6 |
user_name target_user_name session_id ap_name comment tenant_name |
June 10 20:10:11 host CEF:0|AAA|Core|5.0|43|Template link was removed|6|user_name=Mycompany\some target_user_name=Mycompany\boss session_id=123 ap_name=hand 3D comment=left hand tenant_name=Mycompany |
710 |
Failed to remove template link |
Security |
6 |
user_name target_user_name session_id ap_name comment reason tenant_name |
June 10 20:10:11 host CEF:0|AAA|Core|5.0|44|Failed to remove template link|6|user_name=Mycompany\some target_user_name=Mycompany\boss session_id=123 ap_name=hand 3D comment=left hand reason=too small carma tenant_name=Mycompany |
711 |
Template was removed |
Security |
6 |
user_name ap_name comment session_id tenant_name |
June 10 20:10:11 host CEF:0|AAA|Core|5.0|45|Template was removed|6|user_name=Mycompany\some session_id=123 ap_name=hand 3D comment=left hand tenant_name=Mycompany |
712 |
Failed to remove template |
Security |
6 |
user_name ap_name comment session_id reason tenant_name |
June 10 20:10:11 host CEF:0|AAA|Core|5.0|46|Failed to remove template|6|user_name=Mycompany\some session_id=123 ap_name=hand 3D comment=left hand reason=only owner can remove template tenant_name=Mycompany |
713 |
Template was changed |
Security |
7 |
user_name ap_name comment session_id tenant_name |
June 10 20:10:11 host CEF:0|AAA|Core|5.0|47|Template was changed|7|user_name=Mycompany\some session_id=123 ap_name=hand 3D comment=left hand tenant_name=Mycompany |
714 |
Failed to change template |
Security |
6 |
user_name ap_name comment session_id reason tenant_name |
June 10 20:10:11 host CEF:0|AAA|Core|5.0|48|Failed to change template|6|user_name=Mycompany\some session_id=123 ap_name=hand 3D comment=left hand reason=only owner can change template tenant_name=Mycompany |
715 |
Template was changed during logon |
Security |
5 |
user_name ap_name comment session_id tenant_name |
June 10 20:10:11 host CEF:0|AAA|Core|5.0|49|Template was changed during logon|7|user_name=Mycompany\some session_id=123 ap_name=TOTP comment=ASA (iPhone) tenant_name=Mycompany |
801 |
Policy was changed |
Security |
7 |
session_id scope comp_name policy_name old_value new_value |
June 10 20:10:11 host CEF:0|AAA|Core|5.0|50|Policy was changed|7|session_id=123 scope=global comp_name=password poliices policy_name=minimal password length old_value=4 new_value=8 |
802 |
No rights to change policy |
Security |
8 |
session_id scope comp_name policy_name |
June 10 20:10:11 host CEF:0|AAA|Core|5.0|51|No rights to change policy|8|session_id=123 scope=global comp_name=password poliices policy_name=minimal password |
803 |
Failed to change policy |
Operational |
7 |
session_id scope comp_name policy_name reason |
June 10 20:10:11 host CEF:0|AAA|Core|5.0|52|Failed to change policy|7|session_id=123 scope=global comp_name=password poliices policy_name=minimal password reason=policy not found |
901 |
New license was added |
Operational |
3 |
session_id license_id users_count enabled_features expire_date |
June 10 20:10:11 host CEF:0|AAA|Core|5.0|53|New license was added|3|session_id=123 license_id=111 users_count=101 enabled_features=client,rte,nps expire_date=31/12/2014 |
902 |
Failed to add license |
Operational |
8 |
session_id license_id users_count enabled_features expire_date reason |
June 10 20:10:11 host CEF:0|AAA|Core|5.0|54|Failed to add license|8|session_id=123 license_id=111 users_count=101 enabled_features=client,rte,nps expire_date=31/12/2013 reason=already expired |
1001 |
Global setting was changed |
Security |
9 |
session_id setting_name |
June 10 20:10:11 host CEF:0|AAA|Core|5.0|55|Global setting was changed|9|session_id=123 setting_name=syslog_server |
1002 |
No rights to change global setting |
Security |
9 |
session_id setting_name |
June 10 20:10:11 host CEF:0|AAA|Core|5.0|56|No rights to change global setting|9|session_id=123 setting_name=syslog_server |
1003 |
Failed to change global setting |
Operational |
9 |
session_id setting_name reason |
June 10 20:10:11 host CEF:0|AAA|Core|5.0|57|Failed to change global setting|9|session_id=123 setting_name=syslog_server reason=server is unavailable |
1101 |
Password was changed |
Security |
5 |
user_name ep ep_addr tenant_name |
June 10 20:10:11 host CEF:0|AAA|Core|5.0|15|Password was changed|5|ep=xp_client user_name=Mycompany\Admin ep_addr=192.168.91.1 tenant_name=Mycompany |
1102 |
Password was reset |
Security |
8 |
user_name ep ep_addr tenant_name |
June 10 20:10:11 host CEF:0|AAA|Core|5.0|15|Password was reset|8|ep=xp_client user_name=Mycompany\Admin ep_addr=192.168.91.1 tenant_name=Mycompany |
You can change a time zone in the top-right section that displays your local time zone. The changes are applied for only the logs displayed and are not applied for the exported logs. Advanced Authentication resets the time zone when you switch from the Logs section or close the Administrative Portal.
You can export the log files. To export logs, perform the following steps:
In the Logs page, click Export.
Specify a Start date and End date to determine the required logging period.
Click Export. A File Name block appears.
Click on a name of the logs package ( aucore-logs_<logging_period>.tar ) to download it.
To configure logs forwarding to a third-party syslog server, see CEF log forwarding.
NOTE:A tenant administrator will not have the option to export logs.
There is a hard coded log rotation based on the file size. The maximum size of a log file is 20 MB. Advanced Authentication stores last ten log files of each type.
You can clear all the logs on the server that you are currently logged on. To clear the logs, perform the following steps:
In the Logs page, click Clear.
A message appears to confirm that you want to continue clearing the logs.
NOTE:It is a good practice to export the logs to save as backup before you delete them.
Click OK to clear the logs.