(v1.6) List and description of Audit Log event types

AD_AUTH_FAILED

User authentication in AD domain failed.

WARNING

1.0

AD_AUTH_FAILED_WRONG_PATH

User authentication in AD domain failed, likely because of wrong “User tree“ supplied in the settings.

ERROR

1.0

1.3.2

AD_AUTH_FAILED_WRONG_PATH_OR_GROUP

User authentication in AD domain failed, likely because of wrong “User tree“ or “Allowed group“ supplied in the settings.

ERROR

1.3.3

AD_AUTH_SUCCESS

Successful authentication of a user using AD account.

INFO

1.0

AD_BAD_GROUP

User successfully authenticated in AD, but is not in allowed group.

WARNING

1.0

AD_CONNECTION_FAILED

Error in communication with AD.

ERROR

1.0

AD_USER_FOUND

User was verified in AD.

INFO

1.0

AD_USER_INFO_FAIL

Could not read user information from AD.

WARNING

1.0

AD_USER_NOT_FOUND

User not found in AD, or the configured service account for binding to AD does not work.

WARNING

1.0

ADFS_ADDED

Configuration for ADFS user authentication added.

NOTICE

1.0

ADFS_CONFIG_MISSING

ADFS authentication enabled, but required configuration missing.

ERROR

1.0

ADFS_DELETED

Configuration for ADFS user authentication added - never occurs during application runtime.

NOTICE

1.0

ADFS_UPDATED

Configuration for ADFS user authentication updated.

NOTICE

1.0

ADMIN_ADDED

An administrator account added.

NOTICE

1.0

ADMIN_AUTH_FAILED_MFA

Second factor verification failed during an administrator login.

WARNING

1.4

ADMIN_AUTH_FAILED_NOT_ALLOWED_IP

An administrator login failed, because it originated from not allowed IP address.

WARNING

1.0

ADMIN_AUTH_FAILED_UNKNOWN_USER

An administrator login failed, because such an account does not exist.

WARNING

1.0

ADMIN_AUTH_FAILED_WRONG_PASSWORD

An administrator login failed, because the entered password was not valid.

WARNING

1.0

ADMIN_DELETED

Administrator’s account deleted.

NOTICE

1.0

ADMIN_LOGGED_IN

An administrator logged in.

INFO

1.0

ADMIN_LOGGED_OUT

An administrator logged out.

INFO

1.0

ADMIN_PASSWORD_CHANGED

An administrator’s password changed.

NOTICE

1.0

ADMIN_TIMED_OUT

An administrator logged out automatically because of long period of inactivity.

INFO

1.0

ADMIN_UPDATED

An administrator’s account updated.

INFO

1.0

ANTIVIRUS_HARDFAIL

A file check by an antivirus failed definitively (will not be retried again).

ERROR

1.0

ANTIVIRUS_SOFTFAIL

A file check by an antivirus failed and will be retried again.

WARNING

1.0

API_TOKEN_ADDED

A token for using the API created.

NOTICE

1.3

API_TOKEN_DELETED

A token for using the API deleted.

NOTICE

1.3

APP_MIGRATION_ADDED

An application migration added - never occurs during application runtime.

INFO

1.0

APP_MIGRATION_DELETED

An application migration deleted - never occurs during application runtime.

INFO

1.0

APP_MIGRATION_UPDATED

An application migration updated - never occurs during application runtime.

INFO

1.0

APP_VERSION_CHANGED

Application version changed. Typically occurs during update to a new version.

NOTICE

1.6.0

CAPTCHA_ERROR

An unexpected error occurred during captcha evaluation.

ERROR

1.3

CAPTCHA_FAILED

The Captcha result is fail - request blocked.

NOTICE

1.3

CAPTCHA_PASSED

The Captcha result is pass - request allowed.

INFO

1.3

CONFIG_ADDED

New configuration parameter added - never occurs during application runtime.

INFO

1.0

CONFIG_DELETED

Configuration parameter deleted - never occurs during application runtime.

INFO

1.0

CONFIG_UPDATED

Configuration parameter updated.

NOTICE

1.0

CONTACT_ADDED

Added a new contact to the address book.

INFO

1.4

CONTACT_DELETED

Deleted a contact from the address book.

INFO

1.4

CONTACT_GROUP_ADDED

Added a new group to the address book.

INFO

1.4

CONTACT_GROUP_DELETED

Deleted a group from the address book.

INFO

1.4

CONTACT_GROUP_UPDATED

Updated a group in the address book.

INFO

1.4

CONTACT_UPDATED

Updated a contact in the address book.

INFO

1.4

DATASTORE_ACTIVATED

A data store activated, new data will be saved to it.

NOTICE

1.4

DATASTORE_ADDED

Added a new data store.

NOTICE

1.4

DATASTORE_DEACTIVATED

A data store deactivated, new data will not be saved to it.

NOTICE

1.4

DATASTORE_DELETED

Deleted a data store.

NOTICE

1.4

DATASTORE_UPDATED

Update a data store.

NOTICE

1.4

DETECTION_ENGINE_STATUS_UPDATED

Detection engine status updated. Occurs usually automatically during anti-virus update.

DEBUG

1.3

DETECTION_ENGINE_UPDATED

Updated detection engine settings.

NOTICE

1.0

DIAGNOSTIC_LOGS_SENT

Application logs sent for analysis.

NOTICE

1.4

DIAGNOSTIC_TUNNEL_DISABLED

Remote diagnostics access disabled.

NOTICE

1.4

DIAGNOSTIC_TUNNEL_ENABLED

Remote diagnostics access enabled.

NOTICE

1.4

DOMAIN_ADDED

Added a new domain.

NOTICE

1.0

DOMAIN_DELETED

Deleted a domain.

NOTICE

1.0

DOMAIN_UPDATED

Updated a domain.

NOTICE

1.0

EMAIL_QUEUED

An e-mail message queued to be sent.

INFO

1.0

EMAIL_SEND_FAILED

Failed to send an e-mail message through the configured SMTP server.

INFO

1.4

EMAIL_SENT

An e-mail message successfully sent to the configured outgoing mail server.

INFO

1.0

EMAIL_TEMPLATE_UPDATED

A template for outgoing e-mail messages updated.

NOTICE

1.4

FIDO_CHALLENGE_ADDED

New key for FIDO2 multi-factor authentication (webauthn) added - cancelled, does not occur.

NOTICE

1.4

FIDO_CHALLENGE_DELETED

A key for FIDO2 multi-factor authentication (webauthn) deleted - cancelled, does not occur.

NOTICE

1.4

FIDO_CHALLENGE_UPDATED

A key for FIDO2 multi-factor authentication (webauthn) updated - cancelled, does not occur.

NOTICE

1.4

FILE_ADDED

New file added to a package.

INFO

1.0

FILE_ARCHIVE_ADDED

File archive (zip) added to a package.

INFO

1.0

FILE_ARCHIVE_DELETED

Package’s file archive (zip) deleted.

INFO

1.0

FILE_ARCHIVE_DOWNLOAD_STARTED

Download of a package’s file archive (zip) started.

INFO

1.0

FILE_ARCHIVE_UPDATED

Package’s file archive (zip) updated.

INFO

1.0

FILE_DELETED

Package’s file deleted.

INFO

1.0

FILE_DOWNLOAD_STARTED

Download of a package’s file started.

INFO

1.0

FILE_CHECK_ADDED

A new file check by a detection engine added (queued/scheduled).

INFO

1.0

FILE_CHECK_DELETED

A file check by a detection engine deleted - never occurs during application runtime.

INFO

1.0

FILE_CHECK_DONE

A file check by a detection engine finished successfully.

INFO

1.0

FILE_CHECK_FAILED

A file check by a detection engine failed.

ERROR

1.0

FILE_CHECK_REPORT_ADDED

A report with results added to the file check by a detection engine.

INFO

1.2

FILE_CHECK_REPORT_DELETED

A report with results deleted from the file check by a detection engine - never occurs during application runtime.

INFO

1.2

FILE_CHECK_REPORT_UPDATED

A report with results updated for the file check by a detection engine.

INFO

1.2

FILE_CHECK_TERMINATED_BY_ADMIN

A file check by a detection engine terminated by the administrator prematurely.

WARNING

1.2

FILE_CHECK_TERMINATED_BY_TIMEOUT

A file check by a detection engine terminated prematurely because of maximum time limit expiration.

WARNING

1.2

FILE_CHECK_TERMINATED_BY_USER

A file check by a detection engine terminated prematurely because the user deleted the package.

WARNING

1.5.3

FILE_CHECK_UPDATED

A file check by a detection engine updated - never occurs during application runtime.

INFO

1.0

FILE_IS_CLEAN

After finishing all file checks the file was evaluated as clean.

INFO

1.0

FILE_IS_UNCLEAN

After finishing all file checks the file was evaluated as not clean.

WARNING

1.0

FILE_MIMETYPE_UPDATED

File’s MIME type updated (refined).

INFO

1.3

FILE_RELEASED

File released from the quarantine.

NOTICE

1.4

FILE_UPDATED

File updated.

INFO

1.0

FILE_UPLOAD_CANCELED

File’s upload canceled.

NOTICE

1.0

FILE_UPLOAD_FAILED

File’s upload failed.

WARNING

1.0

LICENSE_INVALID

Invalid application license. The reason might be expiration, exceeded user limit, FQDN, etc.

ERROR

1.6.0

LICENSE_UPDATE_FAILED

Update of the license failed.

WARNING

1.3

LICENSE_UPDATED

License updated.

INFO

1.2

LICENSE_VALID

The application license is now valid.

NOTICE

1.6.0

MULTI_FACTOR_KEY_ADDED

New TOTP (ie. Google auth) or FIDO2 (webauthn) type key for multi-factor authentication added.

NOTICE

1.4

MULTI_FACTOR_KEY_DELETED

A TOTP (ie. Google auth) or FIDO2 (webauthn) type key for multi-factor authentication deleted.

NOTICE

1.4

MULTI_FACTOR_KEY_UPDATED

A TOTP (ie. Google auth) or FIDO2 (webauthn) type key for multi-factor authentication updated.

NOTICE

1.4

PACKAGE_ADDED

A new package added.

INFO

1.0

PACKAGE_ARCHIVED

A package moved to archive.

INFO

1.0

PACKAGE_CONTENT_DELETE_FAILED

Deletion of a package’s content (files) from date store failed.

ERROR

1.0

PACKAGE_CONTENT_DELETED

A package’s content (files) deleted.

INFO

1.0

PACKAGE_DELETED

Package deleted - never occurs during application runtime.

INFO

1.0

PACKAGE_DOWNLOAD_ENTERED_INVALID_PASSWORD

Entered invalid password for package access.

WARNING

1.0

PACKAGE_DOWNLOAD_ENTERED_VALID_PASSWORD

Entered valid password for package access.

INFO

1.0

PACKAGE_DOWNLOAD_PACKAGE_EXPIRED

Attempt to access an expired package.

NOTICE

1.6.0

PACKAGE_DOWNLOAD_PACKAGE_NOT_FOUND

Attempt to access a non-existent package.

WARNING

1.6.0

PACKAGE_DOWNLOAD_UNAUTHORIZED_ACCESS

Unauthorized attempt to access the package.

WARNING
INFO

1.6.0
1.6.1

 1.6.0

PACKAGE_EXTRACTED

A package restored from archive.

NOTICE

1.4

PACKAGE_FORWARDED

A new package created by forwarding an existing package.

INFO

1.4

PACKAGE_FORWARDED_AS

An existing package was forwarded creating a new package.

INFO

1.4

PACKAGE_IS_CLEAN

A package is clean.

INFO

1.0

PACKAGE_MADE_PUBLIC

A package was published (set as public).

NOTICE

1.3

PACKAGE_QUARANTINED

A package was evaluated as not clean and was quarantined.

WARNING

1.0

PACKAGE_RECIPIENT_ADDED

A recipient was added to a package - never occurs during application runtime.

INFO

1.0

PACKAGE_RELEASED

A package was released from the quarantine.

NOTICE

1.0

PACKAGE_RESTORED

A deleted package was restored.

NOTICE

1.0

PACKAGE_SCAN_CANCELED_BY_ADMIN

Package content checks by detection engines terminated prematurely by the administrator.

WARNING

1.2

PACKAGE_SCAN_CANCELED_BY_TIMEOUT

Package content checks by detection engines terminated prematurely because of time limit expiration.

WARNING

1.2

PACKAGE_SCAN_CANCELED_BY_USER

Package content checks by detection engines terminated prematurely because the user deleted the package.

WARNING

1.5.3

PACKAGE_SET_PERSISTENT

Package set as persistent (will not expire automatically).

NOTICE

1.5

PACKAGE_SET_TEMPORARY

Package persistence unset (will expire automatically again).

NOTICE

1.5

PACKAGE_UPDATED

Package updated.

INFO

1.0

PACKAGE_UPLOAD_CANCELED

Package upload canceled.

NOTICE

1.0

PASSWORD_RESET_TOKEN_ADDED

A new token for user’s password reset created.

NOTICE

1.0

PASSWORD_RESET_TOKEN_EXPIRED_DELETED

A token for user’s password reset expired.

NOTICE

1.0

PASSWORD_RESET_TOKEN_USED

A token for user’s password reset was used.

NOTICE

1.0

QUEUED_EMAIL_ADDED

An e-mail message queued - never occurs during application runtime.

INFO

1.0

QUEUED_EMAIL_DELETED

An e-mail message deleted from the queue - never occurs during application runtime.

INFO

1.0

QUEUED_EMAIL_UPDATED

An e-mail message in the queue updated - never occurs during application runtime.

INFO

1.0

RECIPIENT_ADDED

A package recipient added.

INFO

1.0

RECIPIENT_DELETED

A package recipient deleted.

INFO

1.0

RECIPIENT_UPDATED

A package recipient updated - never occurs during application runtime.

INFO

1.0

REMOTE_USER_DIRECTORY_ADDED

A configuration for authentication in AD/LDAP added.

NOTICE

1.0

REMOTE_USER_DIRECTORY_DELETED

A configuration for authentication in AD/LDAP deleted - never occurs during application runtime.

NOTICE

1.0

REMOTE_USER_DIRECTORY_UPDATED

A configuration for authentication in AD/LDAP updated.

NOTICE

1.0

REPORT_DOWNLOAD_FAILED

Failed to download the detailed report from sandbox check.

WARNING

1.5.4

SCHEDULER_JOB_RESCHEDULED

A scheduler job rescheduled.

INFO

1.0

SCHEDULER_JOB_SCHEDULED

A scheduler job scheduled.

INFO

1.0

SCHEDULER_JOB_UNSCHEDULED

A scheduler job unscheduled.

INFO

1.0

TEST_LOG

A test log entry.

DEBUG

1.0

TRIAL_LICENSE_ACQUIRED

A trial license acquired.

NOTICE

1.3

USER_ADDED

A new user added.

NOTICE

1.0

USER_AUTH_FAILED_ACCOUNT_LOCKED

User’s login failed, account is locked.

WARNING

1.4

USER_AUTH_FAILED_EMAIL_MISSING

User’s login failed, missing mandatory attribute: e-mail. (in AD/ADFS)

WARNING

1.0

USER_AUTH_FAILED_GUID_MISMATCH

User’s login failed, GUID mismatch. (in AD/ADFS)

1.0

1.1

USER_AUTH_FAILED_INVALID_ADFS_TOKEN

User’s login failed, invalid ADFS token.

WARNING

1.0

USER_AUTH_FAILED_MFA

User’s login failed because of multi-factor authentication failure.

WARNING

1.4

USER_AUTH_FAILED_MISSING_GUID

User’s login failed, GUID missing. (in AD/ADFS)

WARNING

1.0

USER_AUTH_FAILED_TOO_MANY_USERS

User’s login failed, too many existing users, as allowed by license.

ERROR

1.2

USER_AUTH_FAILED_UNKNOWN_LOCAL_USER

User’s login failed, such account does not exist.

WARNING

1.0

USER_AUTH_FAILED_WRONG_PASSWORD

User’s login failed, invalid pasword.

WARNING

1.0

USER_AUTH_GUID_MISMATCH

User’s login failed, GUID mismatch. (in AD/ADFS)

WARNING

1.1

USER_AUTO_ADDED_FROM_AD

Automatically added a new user during first successful login authenticated in AD.

NOTICE

1.0

USER_AUTO_ADDED_FROM_ADFS

Automatically added a new user during first successful login authenticated in ADFS.

NOTICE

1.0

USER_AUTO_UPDATED_FROM_AD

User updated during login from AD.

INFO

1.0

USER_AUTO_UPDATED_FROM_ADFS

User updated during login from ADFS.

INFO

1.0

USER_DELETED

User deleted.

NOTICE

1.0

USER_ENTERED_VALID_LOGIN_PASSWORD_FOR_DOWNLOAD

User entered his correct login password, so he can download the package content.

NOTICE

1.5

USER_LOGGED_IN

User logged in successfully.

INFO

1.0

USER_LOGGED_OUT

User logged out.

INFO

1.0

USER_PASSWORD_CHANGED

User’s password changed.

NOTICE

1.0

USER_PERMISSIONS_CHANGED

User’s permissions changed.

NOTICE

1.4

USER_REGISTRATION_FROM_AD

New local user created after authentication in AD.

NOTICE

1.0

USER_TIMED_OUT

User automatically logged out after prolonged period of inactivity.

INFO

1.0

USER_UPDATED

User updated.

INFO

1.0

WORKER_COMMAND_SCHEDULED

New task for worker scheduled.

INFO

1.0

DEBUG

not interesting in normal cases, can fill up the log

automatic regular antivirus signature update in the background

INFO

common audit log messages from regular operation, of no particular interest, except when searching for specific things

file/package upload, file download, user login

NOTICE

common audit log messages from regular operation, which may be of interest and do not occur automatically

changes in configuration by admin, release from quarantine by admin, new user creation

WARNING

events, that should not occur during normal operation and mean something unusual has happened, but does not necessarily mean problem with the application

incorrect password entered, file upload failed, package quarantined

ERROR

events, that mean an error/problem occurred, that should be checked and fixed

file check failed (for example not working antivirus engine)