14.0 Logging

The Logs section contains the following logs:

  • System log

  • Web server log

  • RADIUS Server log

  • Replication log

  • Superuser commands

  • Background tasks log

NOTE:A tenant administrator will not have access to Web server log, Replication log, Superuser commands and Background tasks log.

The System log contains the following information events:

Code

Name

Class

Severity

Optional Parameters

Example

1

New Request

Operational

1

None

June 10 20:10:11 host CEF:0|AAA|Core|5.0|1|New Request|1|

2

Request failed

Operational

1

None

June 10 20:10:11 host CEF:0|AAA|Core|5.0|1|Request failed|1|

10

Server started

Operational

4

None

June 10 20:10:11 host CEF:0|AAA|Core|5.0|1|Server started|4|

12

Server stopped

Operational

7

None

June 10 20:10:11 host CEF:0|AAA|Core|5.0|2|Server stopped|7|

13

Server unexpectedly stopped

Operational

10

None

June 10 20:10:11 host CEF:0|AAA|Core|5.0|3|Server unexpectedly stopped|10

50

Server Message

Operational

5

Message

June 10 20:10:11 host CEF:0|AAA|Core|5.0|4|Server Message|4|This is my message

100

User logon started

Security

4

Username Ep Ep_addr Sid Unit_id Session_id Event Tenant_name

June 10 20:10:11 host CEF:0|AAA|Core|5.0|4|User logon started|4|username=Mycompany\\demo sid=S-1-5-XXX session_id=123 event=Windows Logon ep=aaadev1.Mycompany.local ep_addr=192.168.91.1 tenant_name=Mycompany

101

User was successfully logged on

Security

7

Username Ep Ep_addr Sid Session_id method_name method_comment method_infoEvent Tenant_name Template_owner

June 10 20:10:11 host CEF:0|AAA|Core|5.0|5|User was successfully logged on|7|username=Mycompany\\demo sid=S-1-5-XXX session_id=123 method_name=card method_comment=white card method_info=YYY password ep=aaadev1.Mycompany.local ep_addr=192.168.91.1 event=Windows Logon template_owner=Mycompany\\demo tenant_name=Mycompany

102

User was failed to authenticate

Security

9

Username Ep Ep_addr Sid Session_id Method_name Tenant_name Template_owner

June 10 20:10:11 host CEF:0|AAA|Core|5.0|6|User was failed to authenticate|9|Username=Mycompany\\demo sid=S-1-5-XXX session_id=123 method_name=card ep=aaadev1.Mycompany.local ep_addr=192.168.91.1 template_owner=Mycompany\\demo tenant_name=Mycompany

103

User was switched to different method

Security

2

Username Ep Ep_addr Sid Session_id New_method_ name Tenant_name

June 10 20:10:11 host CEF:0|AAA|Core|5.0|7|User was switched to different method|2|username=Mycompany\\demo sid=S-1-5-XXX new_method_name=fingerprint session_id=123 ep=aaadev1.Mycompany.local ep_addr=192.168.91.1 tenant_name=Mycompany

104

User logon session was ended

Security

2

Username Ep Ep_addr Sid Session_id Tenant_name

June 10 20:10:11 host CEF:0|AAA|Core|5.0|8|User logon session was ended|2|username=Mycompany\\demo sid=S-1-5-XXX session_id=123 ep=aaadev1.Mycompany.local ep_addr=192.168.91.1tenant_name=Mycompany

105

User logon unwanted

Security

9

Username Ep Ep_addr Method_name Tenant_name

June 10 20:10:11 host CEF:0|AAA|Core|5.0|8|User logon session was ended|9|username=Mycompany\\demo sid=S-1-5-XXX session_id=123 ep=aaadev1.Mycompany.local ep_addr=192.168.91.1 method_name=voice tenant_name=Mycompany

200

User read app data

Security

3

Username Ep Ep_addr Sid Session_id Data_id Record_id Tenant_name

June 10 20:10:11 host CEF:0|AAA|Core|5.0|9|User read app data|3|username=Mycompany\\demo sid=S-1-5-XXX session_id=123 data_id=Windows Logon record_id=password ep=aaadev1.Mycompany.local ep_addr=192.168.91.1 tenant_name=Mycompany

201

User write app data

Security

4

Username Ep Ep_addr Sid Session_id Data_id Record_id Tenant_name

June 10 20:10:11 host CEF:0|AAA|Core|5.0|10|User write app data|4|username=Mycompany\\demo sid=S-1-5-XXX session_id=123 data_id=Windows Logon record_id=password ep=aaadev1.Mycompany.local ep_addr=192.168.91.1 tenant_name=Mycompany

300

Endpoint joined

Security

4

Ep_name Ep_addr Ep_id Username Tenant_name

June 10 20:10:11 host CEF:0|AAA|Core|5.0|11|Endpoint joined|4|ep_name=xp_client ep_id=123 username=Mycompany\Admin ep_addr=192.168.91.1 tenant_name=Mycompany

301

No rights to join endpoint

Security

7

Ep_name Ep_addr Ep_id Username Tenant_name

June 10 20:10:11 host CEF:0|AAA|Core|5.0|12|No rights to join endpoint|7|ep_name=xp_client ep_id=123 username=Mycompany\Admin ep_addr=192.168.91.1 tenant_name=Mycompany

302

Failed to join endpoint

Operational

7

Ep_name Ep_addr Ep_id Username Reason Tenant_name

June 10 20:10:11 host CEF:0|AAA|Core|5.0|13|Failed to join endpoint |7|ep_name=xp_client ep_id=123 username=Mycompany\Admin ep_addr=192.168.91.1 reason=Duplicated tenant_name=Mycompany

303

Endpoint remove

Security

4

Ep_name Ep_addr Ep_id Username Tenant_name

June 10 20:10:11 host CEF:0|AAA|Core|5.0|14|Endpoint remove|4|ep_name=xp_client ep_id=123 username=Mycompany\Admin ep_addr=192.168.91.1

304

No rights to remove endpoint

Security

7

Ep_name Ep_addr Ep_id Username Tenant_name

June 10 20:10:11 host CEF:0|AAA|Core|5.0|15|No rights to remove endpoint|7|ep_name=xp_client ep_id=123 username=Mycompany\Admin ep_addr=192.168.91.1 tenant_name=Mycompany

305

Failed to remove endpoint

Operational

7

Ep_name Ep_addr Ep_id Username Reason Tenant_name

June 10 20:10:11 host CEF:0|AAA|Core|5.0|16|Failed to remove endpoint |7|ep_name=xp_client ep_id=123 username=Mycompany\Admin ep_addr=192.168.91.1 reason=Duplicated tenant_name=Mycompany

306

Endpoint session started

Operational

2

Ep_name Ep_addr Ep_id Tenant_name

June 10 20:10:11 host CEF:0|AAA|Core|5.0|17|Endpoint session started|2|ep_name=xp_client ep_id=123 ep_addr=192.168.91.1 tenant_name=Mycompany

307

Endpoint session ended

Operational

2

Ep_name Ep_addr Ep_id Tenant_name

June 10 20:10:11 host CEF:0|AAA|Core|5.0|18|Endpoint session ended|2|ep_name=xp_client ep_id=123 ep_addr=192.168.91.1tenant_name=Mycompany

308

Invalid endpoint secret

Security

7

Ep_name Ep_addr Ep_id Tenant_name

June 10 20:10:11 host CEF:0|AAA|Core|5.0|17|Invalid endpoint secret|2|ep_name=xp_client ep_id=123 ep_addr=192.168.91.1 tenant_name=Mycompany

309

Failed to create endpoint session

Operational

7

Ep_name Ep_addr Ep_id Reason Tenant_name

June 10 20:10:11 host CEF:0|AAA|Core|5.0|18| Failed to create endpoint session |7|ep_name=xp_client ep_id=123 ep_addr=192.168.91.1 reason=No memory tenant_name=Mycompany

310

Failed to end endpoint session

Operational

7

Ep_name Ep_addr Ep_id Reason Tenant_name

June 10 20:10:11 host CEF:0|AAA|Core|5.0|18| Failed to create endpoint session |7|ep_name=xp_client ep_id=123 ep_addr=192.168.91.1 reason=No memory tenant_name=Mycompany

401

New repository was added

Operational

4

repo_name repo_type session_id tenant_name

June 10 20:10:11 host CEF:0|AAA|Core|5.0|19|New repository was added |4|repo_name=Mycompany repo_type=LDAP session_id=123 tenant_name=Mycompany

402

Failed to add repository

Operational

7

repo_name repo_type session_id reason tenant_name

June 10 20:10:11 host CEF:0|AAA|Core|5.0|20| Failed to add repository|7|repo_name=Mycompany repo_type=LDAP session_id=123 reason=repo already exists tenant_name=Mycompany

403

Repository was removed

Operational

4

repo_name repo_type session_id tenant_name

June 10 20:10:11 host CEF:0|AAA|Core|5.0|21|Repository was removed|4|repo_name=Mycompany repo_type=LDAP session_id=123 tenant_name=Mycompany

404

Failed to remove repository

Operational

7

repo_name repo_type session_id reason tenant_name

June 10 20:10:11 host CEF:0|AAA|Core|5.0|22|Failed to remove repository|7| repo_name=Mycompany repo_type=LDAP session_id=123 reason=not empty tenant_name=Mycompany

405

Repository configuration was changed

Operational

4

repo_name repo_type session_id reason tenant_name

June 10 20:10:11 host CEF:0|AAA|Core|5.0|23|Repository configuration was changed|4| repo_name=Mycompany repo_type=LDAP session_id=123 tenant_name=Mycompany

501

Local user was created

Operational

4

user_name session_id tenant_name

June 10 20:10:11 host CEF:0|AAA|Core|5.0|24|Local user was created|4|user_name=admin session_id=123 tenant_name=Mycompany

502

Local user was removed

Operational

5

user_name session_id tenant_name

June 10 20:10:11 host CEF:0|AAA|Core|5.0|25|Local user was removed|5|user_name=admin session_id=123 tenant_name=Mycompany

503

Failed to create local user

Operational

4

user_name session_id reason tenant_name

June 10 20:10:11 host CEF:0|AAA|Core|5.0|26|ailed to create local user|4|user_name=admin session_id=123 reason=already exists tenant_name=Mycompany

504

No rights to remove local user

Security

7

user_name session_id tenant_name

June 10 20:10:11 host CEF:0|AAA|Core|5.0|26|ailed to create local user|4|user_name=admin session_id=123 reason=already exists tenant_name=Mycompany

505

Failed to remove local user

Operational

5

user_name session_id reason tenant_name

June 10 20:10:11 host CEF:0|AAA|Core|5.0|28|Failed to remove local user|5|user_name=admin session_id=123 reason=can't remove currently logged on user tenant_name=Mycompany

506

No rights to create local user

Security

7

user_name session_id tenant_name

June 10 20:10:11 host CEF:0|AAA|Core|5.0|29|Failed to create local user|7|user_name=admin session_id=123 tenant_name=Mycompany

601

User was created

Operational

4

user_name session_id repo_name tenant_name

June 10 20:10:11 host CEF:0|AAA|Core|5.0|30|User was created|4|username=Someone session_id=123 repo_name=Mycompany tenant_name=Mycompany

602

No rights to create user

Security

7

user_name session_id repo_name tenant_name

June 10 20:10:11 host CEF:0|AAA|Core|5.0|31|No rights to create user|7|username=Someone session_id=123 repo_name=Mycompany tenant_name=Mycompany

603

Failed to create user

Operational

4

user_name session_id repo_name reason tenant_name

June 10 20:10:11 host CEF:0|AAA|Core|5.0|32|Failed to create user|4|user_name=someone session_id=123 repo_name=123 reason=already exists tenant_name=Mycompany

604

User was removed

Operational

5

user_name session_id repo_name tenant_name

June 10 20:10:11 host CEF:0|AAA|Core|5.0|33|User was removed|5|username=Someone session_id=123 repo_name=Mycompany tenant_name=Mycompany

605

No rights to remove user

Security

7

user_name session_id repo_name tenant_name

June 10 20:10:11 host CEF:0|AAA|Core|5.0|34No rights to remove user|7|username=Someone session_id=123 repo_name=Mycompany tenant_name=Mycompany

606

Failed to remove user

Operational

5

user_name session_id repo_name reason tenant_name

June 10 20:10:11 host CEF:0|AAA|Core|5.0|35|Failed to remove user|5|user_name=someone session_id=123 repo_name=123 reason=not found tenant_name=Mycompany

701

Template was assigned to the user

Security

7

user_name session_id ap_name comment tenant_name

June 10 20:10:11 host CEF:0|AAA|Core|5.0|36|Template was assigned to the user|7|user_name=Mycompany\some session_id=123 ap_name=Card comment=white card tenant_name=Mycompany

702

Template was enrolled for the user

Security

7

user_name session_id ap_name comment tenant_name

June 10 20:10:11 host CEF:0|AAA|Core|5.0|37|Template was enrolled for the user|7|user_name=Mycompany\some session_id=123 ap_name=hand 3D comment=left hand tenant_name=Mycompany

703

User enroll the assigned template

Security

7

user_name session_id ap_name comment tenant_name

June 10 20:10:11 host CEF:0|AAA|Core|5.0|38|User enroll the assigned template|7|user_name=Mycompany\some session_id=123 ap_name=hand 3D comment=left hand tenant_name=Mycompany

704

Template e was linked

Security

8

user_name target_user_name session_id ap_name comment tenant_name

June 10 20:10:11 host CEF:0|AAA|Core|5.0|39|Template was linked|8|user_name=Mycompany\some target_user_name=Mycompany\boss session_id=123 ap_name=hand 3D comment=left hand tenant_name=Mycompany

705

Failed to assign template to the user

Security

7

user_name session_id ap_name comment reason tenant_name

June 10 20:10:11 host CEF:0|AAA|Core|5.0|40|Failed to assign template to the user|7|user_name=Mycompany\some session_id=123 ap_name=Card comment=white card reason=no license tenant_name=Mycompany

706

Failed to enroll template for the user

Security

7

user_name session_id ap_name comment reason tenant_name

June 10 20:10:11 host CEF:0|AAA|Core|5.0|41|Failed to enroll template for the user|7|user_name=Mycompany\some session_id=123 ap_name=hand 3D comment=left hand reason=ap error tenant_name=Mycompany

707

User can't enroll the assigned template

Security

7

user_name session_id ap_name comment reason tenant_name

June 10 20:10:11 host CEF:0|AAA|Core|5.0|41|User can't enroll the assigned template|7|user_name=Mycompany\some session_id=123 ap_name=hand 3D comment=left hand reason=AP not installed on client side tenant_name=Mycompany

709

Failed to link template

Security

8

user_name target_user_name session_id ap_name comment reason tenant_name

June 10 20:10:11 host CEF:0|AAA|Core|5.0|42|Failed to link template|8|user_name=Mycompany\some target_user_name=Mycompany\boss session_id=123 ap_name=hand 3D comment=left hand reason=target user can't be found tenant_name=Mycompany

709

Template link was removed

Security

6

user_name target_user_name session_id ap_name comment tenant_name

June 10 20:10:11 host CEF:0|AAA|Core|5.0|43|Template link was removed|6|user_name=Mycompany\some target_user_name=Mycompany\boss session_id=123 ap_name=hand 3D comment=left hand tenant_name=Mycompany

710

Failed to remove template link

Security

6

user_name target_user_name session_id ap_name comment reason tenant_name

June 10 20:10:11 host CEF:0|AAA|Core|5.0|44|Failed to remove template link|6|user_name=Mycompany\some target_user_name=Mycompany\boss session_id=123 ap_name=hand 3D comment=left hand reason=too small carma tenant_name=Mycompany

711

Template was removed

Security

6

user_name ap_name comment session_id tenant_name

June 10 20:10:11 host CEF:0|AAA|Core|5.0|45|Template was removed|6|user_name=Mycompany\some session_id=123 ap_name=hand 3D comment=left hand tenant_name=Mycompany

712

Failed to remove template

Security

6

user_name ap_name comment session_id reason tenant_name

June 10 20:10:11 host CEF:0|AAA|Core|5.0|46|Failed to remove template|6|user_name=Mycompany\some session_id=123 ap_name=hand 3D comment=left hand reason=only owner can remove template tenant_name=Mycompany

713

Template was changed

Security

7

user_name ap_name comment session_id tenant_name

June 10 20:10:11 host CEF:0|AAA|Core|5.0|47|Template was changed|7|user_name=Mycompany\some session_id=123 ap_name=hand 3D comment=left hand tenant_name=Mycompany

714

Failed to change template

Security

6

user_name ap_name comment session_id reason tenant_name

June 10 20:10:11 host CEF:0|AAA|Core|5.0|48|Failed to change template|6|user_name=Mycompany\some session_id=123 ap_name=hand 3D comment=left hand reason=only owner can change template tenant_name=Mycompany

715

Template was changed during logon

Security

5

user_name ap_name comment session_id tenant_name

June 10 20:10:11 host CEF:0|AAA|Core|5.0|49|Template was changed during logon|7|user_name=Mycompany\some session_id=123 ap_name=TOTP comment=ASA (iPhone) tenant_name=Mycompany

801

Policy was changed

Security

7

session_id scope comp_name policy_name old_value new_value

June 10 20:10:11 host CEF:0|AAA|Core|5.0|50|Policy was changed|7|session_id=123 scope=global comp_name=password poliices policy_name=minimal password length old_value=4 new_value=8

802

No rights to change policy

Security

8

session_id scope comp_name policy_name

June 10 20:10:11 host CEF:0|AAA|Core|5.0|51|No rights to change policy|8|session_id=123 scope=global comp_name=password poliices policy_name=minimal password

803

Failed to change policy

Operational

7

session_id scope comp_name policy_name reason

June 10 20:10:11 host CEF:0|AAA|Core|5.0|52|Failed to change policy|7|session_id=123 scope=global comp_name=password poliices policy_name=minimal password

reason=policy not found

901

New license was added

Operational

3

session_id license_id users_count enabled_features expire_date

June 10 20:10:11 host CEF:0|AAA|Core|5.0|53|New license was added|3|session_id=123 license_id=111 users_count=101 enabled_features=client,rte,nps expire_date=31/12/2014

902

Failed to add license

Operational

8

session_id license_id users_count enabled_features expire_date reason

June 10 20:10:11 host CEF:0|AAA|Core|5.0|54|Failed to add license|8|session_id=123 license_id=111 users_count=101 enabled_features=client,rte,nps expire_date=31/12/2013 reason=already expired

1001

Global setting was changed

Security

9

session_id setting_name

June 10 20:10:11 host CEF:0|AAA|Core|5.0|55|Global setting was changed|9|session_id=123 setting_name=syslog_server

1002

No rights to change global setting

Security

9

session_id setting_name

June 10 20:10:11 host CEF:0|AAA|Core|5.0|56|No rights to change global setting|9|session_id=123 setting_name=syslog_server

1003

Failed to change global setting

Operational

9

session_id setting_name reason

June 10 20:10:11 host CEF:0|AAA|Core|5.0|57|Failed to change global setting|9|session_id=123 setting_name=syslog_server reason=server is unavailable

1101

Password was changed

Security

5

user_name ep ep_addr tenant_name

June 10 20:10:11 host CEF:0|AAA|Core|5.0|15|Password was changed|5|ep=xp_client user_name=Mycompany\Admin ep_addr=192.168.91.1 tenant_name=Mycompany

1102

Password was reset

Security

8

user_name ep ep_addr tenant_name

June 10 20:10:11 host CEF:0|AAA|Core|5.0|15|Password was reset|8|ep=xp_client user_name=Mycompany\Admin ep_addr=192.168.91.1 tenant_name=Mycompany

You can change a time zone in the top-right section that displays your local time zone. The changes are applied for only the logs displayed and are not applied for the exported logs. Advanced Authentication resets the time zone when you switch from the Logs section or close the Administrative Portal.

You can export the log files. To export logs, perform the following steps:

  1. In the Logs page, click Export.

  2. Specify a Start date and End date to determine the required logging period.

  3. Click Export. A File Name block appears.

  4. Click on a name of the logs package ( aucore-logs_<logging_period>.tar ) to download it.

To configure logs forwarding to a third-party syslog server, see CEF log forwarding.

NOTE:A tenant administrator will not have the option to export logs.

There is a hard coded log rotation based on the file size. The maximum size of a log file is 20 MB. Advanced Authentication stores last ten log files of each type.

You can clear all the logs on the server that you are currently logged on. To clear the logs, perform the following steps:

  1. In the Logs page, click Clear.

    A message appears to confirm that you want to continue clearing the logs.

    NOTE:It is a good practice to export the logs to save as backup before you delete them.

  2. Click OK to clear the logs.