(v1.5) List and description of Audit Log event types
- Pavel Novák
The events logged in the the application audit log always have one of the event types described below. The event type specifies, what type of event occurred. Each specific event type has a set of information saved within its log record. This set of existing event types can differ in different application versions. Typically new versions contain new event types.
The following table lists all the existing event types and related information about them:
Název Audit Log typu | Základní význam | Závažnost * | Od verze | Do verze |
|---|---|---|---|---|
AD_AUTH_FAILED | User authentication in AD domain failed. | WARNING | 1.0 |
|
AD_AUTH_FAILED_WRONG_PATH | User authentication in AD domain failed, likely because of wrong “User tree“ supplied in the settings. | ERROR | 1.0 | 1.3.2 |
AD_AUTH_FAILED_WRONG_PATH_OR_GROUP | User authentication in AD domain failed, likely because of wrong “User tree“ or “Allowed group“ supplied in the settings. | ERROR | 1.3.3 |
|
AD_AUTH_SUCCESS | Successful authentication of a user using AD account. | INFO | 1.0 |
|
AD_BAD_GROUP | User successfully authenticated in AD, but is not in allowed group. | WARNING | 1.0 |
|
AD_CONNECTION_FAILED | Error in communication with AD. | ERROR | 1.0 |
|
AD_USER_FOUND | User was verified in AD. | INFO | 1.0 |
|
AD_USER_INFO_FAIL | Could not read user information from AD. | WARNING | 1.0 |
|
AD_USER_NOT_FOUND | User not found in AD, or the configured service account for binding to AD does not work. | WARNING | 1.0 |
|
ADFS_ADDED | Configuration for ADFS user authentication added. | NOTICE | 1.0 |
|
ADFS_CONFIG_MISSING | ADFS authentication enabled, but required configuration missing. | ERROR | 1.0 |
|
ADFS_DELETED | Configuration for ADFS user authentication added - never occurs during application runtime. | NOTICE | 1.0 |
|
ADFS_UPDATED | Configuration for ADFS user authentication updated. | NOTICE | 1.0 |
|
ADMIN_ADDED | An administrator account added. | NOTICE | 1.0 |
|
ADMIN_AUTH_FAILED_MFA | Second factor verification failed during an administrator login. | WARNING | 1.4 |
|
ADMIN_AUTH_FAILED_NOT_ALLOWED_IP | An administrator login failed, because it originated from not allowed IP address. | WARNING | 1.0 |
|
ADMIN_AUTH_FAILED_UNKNOWN_USER | An administrator login failed, because such an account does not exist. | WARNING | 1.0 |
|
ADMIN_AUTH_FAILED_WRONG_PASSWORD | An administrator login failed, because the entered password was not valid. | WARNING | 1.0 |
|
ADMIN_DELETED | Administrator’s account deleted. | NOTICE | 1.0 |
|
ADMIN_LOGGED_IN | An administrator logged in. | INFO | 1.0 |
|
ADMIN_LOGGED_OUT | An administrator logged out. | INFO | 1.0 |
|
ADMIN_PASSWORD_CHANGED | An administrator’s password changed. | NOTICE | 1.0 |
|
ADMIN_TIMED_OUT | An administrator logged out automatically because of long period of inactivity. | INFO | 1.0 |
|
ADMIN_UPDATED | An administrator’s account updated. | INFO | 1.0 |
|
ANTIVIRUS_HARDFAIL | A file check by an antivirus failed definitively (will not be retried again). | ERROR | 1.0 |
|
ANTIVIRUS_SOFTFAIL | A file check by an antivirus failed and will be retried again. | WARNING | 1.0 |
|
API_TOKEN_ADDED | A token for using the API created. | NOTICE | 1.3 |
|
API_TOKEN_DELETED | A token for using the API deleted. | NOTICE | 1.3 |
|
APP_MIGRATION_ADDED | An application migration added - never occurs during application runtime. | INFO | 1.0 |
|
APP_MIGRATION_DELETED | An application migration deleted - never occurs during application runtime. | INFO | 1.0 |
|
APP_MIGRATION_UPDATED | An application migration updated - never occurs during application runtime. | INFO | 1.0 |
|
APP_VERSION_CHANGED | Application version changed. Typically occurs during update to a new version. | NOTICE | 1.6.0 |
|
CAPTCHA_ERROR | An unexpected error occurred during captcha evaluation. | ERROR | 1.3 |
|
CAPTCHA_FAILED | The Captcha result is fail - request blocked. | NOTICE | 1.3 |
|
CAPTCHA_PASSED | The Captcha result is pass - request allowed. | INFO | 1.3 |
|
CONFIG_ADDED | New configuration parameter added - never occurs during application runtime. | INFO | 1.0 |
|
CONFIG_DELETED | Configuration parameter deleted - never occurs during application runtime. | INFO | 1.0 |
|
CONFIG_UPDATED | Configuration parameter updated. | NOTICE | 1.0 |
|
CONTACT_ADDED | Added a new contact to the address book. | INFO | 1.4 |
|
CONTACT_DELETED | Deleted a contact from the address book. | INFO | 1.4 |
|
CONTACT_GROUP_ADDED | Added a new group to the address book. | INFO | 1.4 |
|
CONTACT_GROUP_DELETED | Deleted a group from the address book. | INFO | 1.4 |
|
CONTACT_GROUP_UPDATED | Updated a group in the address book. | INFO | 1.4 |
|
CONTACT_UPDATED | Updated a contact in the address book. | INFO | 1.4 |
|
DATASTORE_ACTIVATED | A data store activated, new data will be saved to it. | NOTICE | 1.4 |
|
DATASTORE_ADDED | Added a new data store. | NOTICE | 1.4 |
|
DATASTORE_DEACTIVATED | A data store deactivated, new data will not be saved to it. | NOTICE | 1.4 |
|
DATASTORE_DELETED | Deleted a data store. | NOTICE | 1.4 |
|
DATASTORE_UPDATED | Update a data store. | NOTICE | 1.4 |
|
DETECTION_ENGINE_STATUS_UPDATED | Detection engine status updated. Occurs usually automatically during anti-virus update. | DEBUG | 1.3 |
|
DETECTION_ENGINE_UPDATED | Updated detection engine settings. | NOTICE | 1.0 |
|
DIAGNOSTIC_LOGS_SENT | Application logs sent for analysis. | NOTICE | 1.4 |
|
DIAGNOSTIC_TUNNEL_DISABLED | Remote diagnostics access disabled. | NOTICE | 1.4 |
|
DIAGNOSTIC_TUNNEL_ENABLED | Remote diagnostics access enabled. | NOTICE | 1.4 |
|
DOMAIN_ADDED | Added a new domain. | NOTICE | 1.0 |
|
DOMAIN_DELETED | Deleted a domain. | NOTICE | 1.0 |
|
DOMAIN_UPDATED | Updated a domain. | NOTICE | 1.0 |
|
EMAIL_QUEUED | An e-mail message queued to be sent. | INFO | 1.0 |
|
EMAIL_SEND_FAILED | Failed to send an e-mail message through the configured SMTP server. | INFO | 1.4 |
|
EMAIL_SENT | An e-mail message successfully sent to the configured outgoing mail server. | INFO | 1.0 |
|
EMAIL_TEMPLATE_UPDATED | A template for outgoing e-mail messages updated. | NOTICE | 1.4 |
|
FIDO_CHALLENGE_ADDED | New key for FIDO2 multi-factor authentication (webauthn) added - cancelled, does not occur. | NOTICE | 1.4 |
|
FIDO_CHALLENGE_DELETED | A key for FIDO2 multi-factor authentication (webauthn) deleted - cancelled, does not occur. | NOTICE | 1.4 |
|
FIDO_CHALLENGE_UPDATED | A key for FIDO2 multi-factor authentication (webauthn) updated - cancelled, does not occur. | NOTICE | 1.4 |
|
FILE_ADDED | New file added to a package. | INFO | 1.0 |
|
FILE_ARCHIVE_ADDED | File archive (zip) added to a package. | INFO | 1.0 |
|
FILE_ARCHIVE_DELETED | Package’s file archive (zip) deleted. | INFO | 1.0 |
|
FILE_ARCHIVE_DOWNLOAD_STARTED | Download of a package’s file archive (zip) started. | INFO | 1.0 |
|
FILE_ARCHIVE_UPDATED | Package’s file archive (zip) updated. | INFO | 1.0 |
|
FILE_DELETED | Package’s file deleted. | INFO | 1.0 |
|
FILE_DOWNLOAD_STARTED | Download of a package’s file started. | INFO | 1.0 |
|
FILE_CHECK_ADDED | A new file check by a detection engine added (queued/scheduled). | INFO | 1.0 |
|
FILE_CHECK_DELETED | A file check by a detection engine deleted - never occurs during application runtime. | INFO | 1.0 |
|
FILE_CHECK_DONE | A file check by a detection engine finished successfully. | INFO | 1.0 |
|
FILE_CHECK_FAILED | A file check by a detection engine failed. | ERROR | 1.0 |
|
FILE_CHECK_REPORT_ADDED | A report with results added to the file check by a detection engine. | INFO | 1.2 |
|
FILE_CHECK_REPORT_DELETED | A report with results deleted from the file check by a detection engine - never occurs during application runtime. | INFO | 1.2 |
|
FILE_CHECK_REPORT_UPDATED | A report with results updated for the file check by a detection engine. | INFO | 1.2 |
|
FILE_CHECK_TERMINATED_BY_ADMIN | A file check by a detection engine terminated by the administrator prematurely. | WARNING | 1.2 |
|
FILE_CHECK_TERMINATED_BY_TIMEOUT | A file check by a detection engine terminated prematurely because of maximum time limit expiration. | WARNING | 1.2 |
|
FILE_CHECK_TERMINATED_BY_USER | A file check by a detection engine terminated prematurely because the user deleted the package. | WARNING | 1.5.3 |
|
FILE_CHECK_UPDATED | A file check by a detection engine updated - never occurs during application runtime. | INFO | 1.0 |
|
FILE_IS_CLEAN | After finishing all file checks the file was evaluated as clean. | INFO | 1.0 |
|
FILE_IS_UNCLEAN | After finishing all file checks the file was evaluated as not clean. | WARNING | 1.0 |
|
FILE_MIMETYPE_UPDATED | File’s MIME type updated (refined). | INFO | 1.3 |
|
FILE_RELEASED | File released from the quarantine. | NOTICE | 1.4 |
|
FILE_UPDATED | File updated. | INFO | 1.0 |
|
FILE_UPLOAD_CANCELED | File’s upload canceled. | NOTICE | 1.0 |
|
FILE_UPLOAD_FAILED | File’s upload failed. | WARNING | 1.0 |
|
LICENSE_INVALID | Invalid application license. The reason might be expiration, exceeded user limit, FQDN, etc. |