Document toolboxDocument toolbox

(v2.1) List and description of Audit Log event types

The events logged in the the application audit log always have one of the event types described below. The event type specifies, what type of event occurred. Each specific event type has a set of information saved within its log record. This set of existing event types can differ in different application versions. Typically new versions contain new event types.

The following table lists all the existing event types and related information about them:

Audit Log type

Basic meaning

Severity *

Since version

Until version

Audit Log type

Basic meaning

Severity *

Since version

Until version

ACTION_LIMIT_ADDED

Added a new limit for a number of actions in a defined time interval.

DEBUG

2.1

 

ACTION_LIMIT_UPDATED

Updated a limit for a number of actions in a defined time interval.

DEBUG

2.1

 

ACTION_LIMIT_DELETED

Deleted a limit for a number of actions in a defined time interval.

DEBUG

2.1

 

ACTION_LIMIT_TRIGGERED

Exceeded a limit for a number of actions in a defined time interval.

WARNING

2.1

 

AD_AUTH_FAILED

User authentication in AD domain failed.

WARNING

1.0

 

AD_AUTH_FAILED_WRONG_PATH

User authentication in AD domain failed, likely because of wrong “User tree“ supplied in the settings.

ERROR

1.0

1.3.2

AD_AUTH_FAILED_WRONG_PATH_OR_GROUP

User authentication in AD domain failed, likely because of wrong “User tree“ or “Allowed group“ supplied in the settings.

ERROR

1.3.3

 

AD_AUTH_SUCCESS

Successful authentication of a user using AD account.

INFO

1.0

 

AD_BAD_GROUP

User successfully authenticated in AD, but is not in allowed group.

WARNING

1.0

2.0

AD_CONNECTION_FAILED

Error in communication with AD.

ERROR

1.0

 

AD_USER_FOUND

User was verified in AD.

INFO

1.0

 

AD_USER_INFO_FAIL

Could not read user information from AD.

WARNING

1.0

 

AD_USER_NOT_FOUND

User not found in AD, or the configured service account for binding to AD does not work.

WARNING

1.0

 

ADFS_ADDED

Configuration for ADFS user authentication added.

NOTICE

1.0

 

ADFS_CONFIG_MISSING

ADFS authentication enabled, but required configuration missing.

ERROR

1.0

 

ADFS_DELETED

Configuration for ADFS user authentication added - never occurs during application runtime.

NOTICE

1.0

 

ADFS_UPDATED

Configuration for ADFS user authentication updated.

NOTICE

1.0

 

ADMIN_ADDED

An administrator account added.

NOTICE

1.0

 

ADMIN_AUTH_FAILED_MFA

Second factor verification failed during an administrator login.

WARNING

1.4

 

ADMIN_AUTH_FAILED_NOT_ALLOWED_IP

An administrator login failed, because it originated from not allowed IP address.

WARNING

1.0

 

ADMIN_AUTH_FAILED_UNKNOWN_USER

An administrator login failed, because such an account does not exist.

WARNING

1.0

 

ADMIN_AUTH_FAILED_WRONG_PASSWORD

An administrator login failed, because the entered password was not valid.

WARNING

1.0

 

ADMIN_AUTH_SESSION_HIJACK

An attempt to hijack administrator’s session detected and blocked (IP and/or User-Agent changed during the session).

WARNING

2.0

 

ADMIN_AUTH_SUCCEEDED_MFA

A correct multi-factor code was entered for administrator authentication.

DEBUG

2.0

 

ADMIN_DELETED

Administrator’s account deleted.

NOTICE

1.0

 

ADMIN_LOGGED_IN

An administrator logged in.

INFO

1.0

 

ADMIN_LOGGED_OUT

An administrator logged out.

INFO

1.0

 

ADMIN_PASSWORD_CHANGED

An administrator’s password changed.

NOTICE

1.0

 

ADMIN_TIMED_OUT

An administrator logged out automatically because of long period of inactivity.

INFO

1.0

 

ADMIN_UPDATED

An administrator’s account updated.

INFO

1.0

 

ANTIVIRUS_HARDFAIL

A file check by an antivirus failed definitively (will not be retried again).

ERROR

1.0

 

ANTIVIRUS_SOFTFAIL

A file check by an antivirus failed and will be retried again.

WARNING

1.0

 

API_TOKEN_ADDED

A token for using the API created.

NOTICE

1.3

 

API_TOKEN_DELETED

A token for using the API deleted.

NOTICE

1.3

 

APP_MIGRATION_ADDED

An application migration added - never occurs during application runtime.

INFO

1.0

 

APP_MIGRATION_DELETED

An application migration deleted - never occurs during application runtime.

INFO

1.0

 

APP_MIGRATION_UPDATED

An application migration updated - never occurs during application runtime.

INFO

1.0

 

APP_VERSION_CHANGED

Application version changed. Typically occurs during update to a new version.

NOTICE

1.6.0

 

CAPTCHA_ERROR

An unexpected error occurred during captcha evaluation.

ERROR

1.3

 

CAPTCHA_FAILED

The Captcha result is fail - request blocked.

NOTICE

1.3

 

CAPTCHA_PASSED

The Captcha result is pass - request allowed.

INFO

1.3

 

CHECK_FILE_INTEGRITY_FAILED

File integrity check failed. Reason can be found in file integrity result attribute.

ERROR

2.0

 

CHECK_FILE_INTEGRITY_INVALID

File integrity check found a corrupted file.

WARNING

2.0

2.0

CONFIG_ADDED

New configuration parameter added - never occurs during application runtime.

INFO

1.0

 

CONFIG_DELETED

Configuration parameter deleted - never occurs during application runtime.

INFO

1.0

 

CONFIG_UPDATED

Configuration parameter updated.

NOTICE

1.0

 

CONTACT_ADDED

Added a new contact to the address book.

INFO

1.4

 

CONTACT_DELETED

Deleted a contact from the address book.

INFO

1.4

 

CONTACT_GROUP_ADDED

Added a new group to the address book.

INFO

1.4

 

CONTACT_GROUP_DELETED

Deleted a group from the address book.

INFO

1.4

 

CONTACT_GROUP_UPDATED

Updated a group in the address book.

INFO

1.4

 

CONTACT_UPDATED

Updated a contact in the address book.

INFO

1.4

 

DATASTORE_ACTIVATED

A data store activated, new data will be saved to it.

NOTICE

1.4

 

DATASTORE_ADDED

Added a new data store.

NOTICE

1.4

 

DATASTORE_DEACTIVATED

A data store deactivated, new data will not be saved to it.

NOTICE

1.4

 

DATASTORE_DELETED

Deleted a data store.

NOTICE

1.4

 

DATASTORE_UPDATED

Update a data store.

NOTICE

1.4

 

DETECTION_ENGINE_LICENSED_QUOTA_EXCEEDED

The allowed quota of a detection engine was exceeded.

WARNING

2.1

 

DETECTION_ENGINE_STATUS_UPDATED

Detection engine status updated. Occurs usually automatically during anti-virus update.

DEBUG

1.3

 

DETECTION_ENGINE_UNAVAILABLE

The state of the detection engine changed from available to unavailable.

WARNING

2.0

 

DETECTION_ENGINE_UPDATED

Updated detection engine settings.

NOTICE

1.0

 

DIAGNOSTIC_LOGS_SENT

Application logs sent for analysis.

NOTICE

1.4

 

DIAGNOSTIC_TUNNEL_DISABLED

Remote diagnostics access disabled.

NOTICE

1.4

 

DIAGNOSTIC_TUNNEL_ENABLED

Remote diagnostics access enabled.

NOTICE

1.4

 

DOMAIN_ADDED

Added a new domain.

NOTICE

1.0

 

DOMAIN_DELETED

Deleted a domain.

NOTICE

1.0

 

DOMAIN_UPDATED

Updated a domain.

NOTICE

1.0

 

EMAIL_QUEUED

An e-mail message queued to be sent.

INFO

1.0

 

EMAIL_SEND_FAILED

Failed to send an e-mail message through the configured SMTP server.

ERROR

1.4

 

EMAIL_SENT

An e-mail message successfully sent to the configured outgoing mail server.

INFO

1.0

 

EMAIL_TEMPLATE_ADDED

New template for outgoing e-mail messages was added.

NOTICE

2.0

 

EMAIL_TEMPLATE_UPDATED

A template for outgoing e-mail messages updated.

NOTICE

1.4

 

FIDO_CHALLENGE_ADDED

New key for FIDO2 multi-factor authentication (webauthn) added - cancelled, does not occur.

NOTICE

1.4

 

FIDO_CHALLENGE_DELETED

A key for FIDO2 multi-factor authentication (webauthn) deleted - cancelled, does not occur.

NOTICE

1.4

 

FIDO_CHALLENGE_UPDATED

A key for FIDO2 multi-factor authentication (webauthn) updated - cancelled, does not occur.

NOTICE

1.4

 

FILE_ADDED

New file added to a package.

INFO

1.0

 

FILE_ARCHIVE_ADDED

File archive (zip) added to a package.

INFO

1.0

 

FILE_ARCHIVE_DELETED

Package’s file archive (zip) deleted.

INFO

1.0

 

FILE_ARCHIVE_DOWNLOAD_STARTED

Download of a package’s file archive (zip) started.

INFO

1.0

 

FILE_ARCHIVE_UPDATED

Package’s file archive (zip) updated.

INFO

1.0

 

FILE_CONTENT_DELETED

Package’s file shredded (really deleted from disk).

NOTICE

2.0

 

FILE_DECRYPTION_FAILED

File decryption failed.

ERROR

2.0

 

FILE_DECRYPTION_SUCCEEDED

File decryption succeeded.

INFO

2.0

 

FILE_DELETED

Package’s file deleted.

INFO

1.0

 

FILE_DOWNLOAD_STARTED

Download of a package’s file started.

INFO

1.0

 

FILE_ENCRYPTION_FAILED

File encryption failed.

ERROR

2.0

 

FILE_ENCRYPTION_SUCCEEDED

File encryption succeeded.

INFO

2.0

 

FILE_CHECK_ADDED

A new file check by a detection engine added (queued/scheduled).

INFO

1.0

 

FILE_CHECK_DELETED

A file check by a detection engine deleted - never occurs during application runtime.

INFO

1.0

 

FILE_CHECK_DONE

A file check by a detection engine finished successfully.

INFO

1.0

 

FILE_CHECK_DONE_QUOTA_EXCEEDED

A file check by a detection engine completed, but allowed quota was exceeded.

NOTICE

2.1

 

FILE_CHECK_FAILED

A file check by a detection engine failed.

ERROR

1.0

 

FILE_CHECK_REPORT_ADDED

A report with results added to the file check by a detection engine.

INFO

1.2

 

FILE_CHECK_REPORT_DELETED

A report with results deleted from the file check by a detection engine - never occurs during application runtime.

INFO

1.2

 

FILE_CHECK_REPORT_UPDATED

A report with results updated for the file check by a detection engine.

INFO

1.2

 

FILE_CHECK_SKIPPED_QUOTA_EXCEEDED

A file check by a detection engine skipped because allowed quota was exhausted.

WARNING

2.1

 

FILE_CHECK_TERMINATED_BY_ADMIN

A file check by a detection engine terminated by the administrator prematurely.

WARNING

1.2

 

FILE_CHECK_TERMINATED_BY_TIMEOUT

A file check by a detection engine terminated prematurely because of maximum time limit expiration.

WARNING

1.2

 

FILE_CHECK_TERMINATED_BY_USER

A file check by a detection engine terminated prematurely because the user deleted the package.

WARNING

1.5.3

 

FILE_CHECK_UPDATED

A file check by a detection engine updated - never occurs during application runtime.

INFO

1.0

 

FILE_IS_CLEAN

After finishing all file checks the file was evaluated as clean.

INFO

1.0

 

FILE_IS_UNCLEAN

After finishing all file checks the file was evaluated as not clean.

WARNING

1.0

 

FILE_MIMETYPE_UPDATED

File’s MIME type updated (refined).

INFO

1.3

 

FILE_QUARANTINED

File was quarantined.

NOTICE

2.0

 

FILE_RECHECK_PLANNED

A repeated check of the file using detection engines was scheduled.

NOTICE

2.0

 

FILE_RELEASED

File released from the quarantine.

NOTICE

1.4

 

FILE_RENAMED

File in a package renamed.

INFO

2.2

 

FILE_UNDELETED

Deleted file was recovered (undeleted).

INFO

2.0

 

FILE_UPDATED

File updated.

INFO

1.0

 

FILE_UPLOAD_CANCELED

File’s upload canceled.

NOTICE

1.0

 

FILE_UPLOAD_FAILED

File’s upload failed.

WARNING

1.0

 

HIBP_QUERY_FAILED

The query to the compromised passwords database “have i been pwned?“ failed.

WARNING

2.0

 

KEY_ENCRYPTION_KEY_ADD_TO_PACKAGE_FAILED

Assigning a KEK to the package failed.

ERROR

2.0

 

KEY_ENCRYPTION_KEY_ADD_TO_PACKAGE_SUCCEEDED

A KEK assigned to the package.

NOTICE

2.0

 

KEY_ENCRYPTION_KEY_ADDED

Added a new key encryption key (KEK).

NOTICE

2.0

 

KEY_ENCRYPTION_KEY_DELETED

A Key encryption key (KEK) deleted.

NOTICE

2.0

 

KEY_ENCRYPTION_KEY_REMOVE_FROM_PACKAGE_FAILED

Removing of a KEK assigned to the package failed.

ERROR

2.0

 

KEY_ENCRYPTION_KEY_REMOVE_FROM_PACKAGE_SUCCEEDED

A KEK assigned to the package removed.

NOTICE

2.0

 

KEY_ENCRYPTION_KEY_UPDATED

A key encryption key (KEK) updated.

NOTICE

2.0

 

LICENSE_INVALID

Invalid application license. The reason might be expiration, exceeded user limit, FQDN, etc.

ERROR

1.6.0

 

LICENSE_UPDATE_FAILED

Update of the license failed.

WARNING

1.3

 

LICENSE_UPDATED

License updated.

INFO

1.2

 

LICENSE_VALID

The application license is now valid.

NOTICE

1.6.0

 

LONG_RUNNING_TASK_ADDED

A new long running background task was created (for example encryption or integrity check).

INFO

2.0

 

LONG_RUNNING_TASK_CANCELED

A long running background task was manually prematurely canceled.

NOTICE

2.0

 

LONG_RUNNING_TASK_DELETED

A long running background task record deleted from the database.

DEBUG

2.0

 

LONG_RUNNING_TASK_FAILED

A long running background task failed.

ERROR

2.0

 

LONG_RUNNING_TASK_SUCCEEDED

A long running background task finished successfuly.

INFO

2.0

 

LONG_RUNNING_TASK_UPDATED

A long running background task record updated.

DEBUG

2.0

 

MULTI_FACTOR_KEY_ACTIVATED

A new TOTP type key for multi-factor authentication activated.

NOTICE

2.0

 

MULTI_FACTOR_KEY_ACTIVATION_CANCELED

Activation of a new TOTP type key for multi-factor authentication canceled.

INFO

2.0

 

MULTI_FACTOR_KEY_ADDED

A new TOTP (ie. Google auth) or FIDO2 (webauthn) type key for multi-factor authentication added.

NOTICE

1.4

 

MULTI_FACTOR_KEY_DELETED

A TOTP (ie. Google auth) or FIDO2 (webauthn) type key for multi-factor authentication deleted.

NOTICE

1.4

 

MULTI_FACTOR_KEY_UPDATED

A TOTP (ie. Google auth) or FIDO2 (webauthn) type key for multi-factor authentication updated.

NOTICE

1.4

 

PACKAGE_ACCESS_TYPE_CHANGED

Changed a package’s access type. (private ↔︎ internal ↔︎ public)

NOTICE

2.1

 

PACKAGE_ADDED

A new package added.

INFO

1.0

 

PACKAGE_APPROVER_ADDED

Added a preferred approver for a package.

INFO

2.2

 

PACKAGE_APPROVER_DELETED

Deleted a preferred approver for a package.

INFO

2.2

 

PACKAGE_APPROVER_UPDATED

Updated a preferred approver for a package.

INFO

2.2

 

PACKAGE_ARCHIVED

A package moved to archive.

INFO

1.0

 

PACKAGE_CONTENT_DELETE_FAILED

Deletion of a package’s content (files) from date store failed.

ERROR

1.0

 

PACKAGE_CONTENT_DELETED

A package’s content (files) deleted.

INFO

1.0

 

PACKAGE_DECRYPTION_FAILED

Package decryption failed.

ERROR

2.0

 

PACKAGE_DECRYPTION_SUCCEEDED

Package decryption succeeded.

INFO

2.0

 

PACKAGE_DELETED

Package deleted - never occurs during application runtime.

INFO

1.0

 

PACKAGE_DOWNLOAD_ENTERED_INVALID_PASSWORD

Entered invalid password for package access.

WARNING

1.0

 

PACKAGE_DOWNLOAD_ENTERED_VALID_PASSWORD

Entered valid password for package access.

INFO

1.0

 

PACKAGE_DOWNLOAD_PACKAGE_EXPIRED

Attempt to access an expired package.

NOTICE

1.6.0

 

PACKAGE_DOWNLOAD_PACKAGE_NOT_FOUND

Attempt to access a non-existent package.

WARNING

1.6.0

 

PACKAGE_DOWNLOAD_UNAUTHORIZED_ACCESS

Unauthorized attempt to access the package anonymously.

INFO

1.6.0

 

PACKAGE_DOWNLOAD_USER_UNAUTHORIZED_ACCESS

Unauthorized attempt to access the package as a logged in user.

INFO

2.1

 

PACKAGE_ENCRYPTION_FAILED

Package encryption failed.

ERROR

2.0

 

PACKAGE_ENCRYPTION_SKIPPED

Package encryption skipped (detection engine checks are probably running).

INFO

2.0.6

 

PACKAGE_ENCRYPTION_SUCCEEDED

Package encryption succeeded.

INFO

2.0

 

PACKAGE_EXPIRATION_CHANGED

Package’s expiration time between its states (workflow) updated according to administrator’s new setting.

NOTICE

2.0

 

PACKAGE_EXTRACTED

A package restored from archive.

NOTICE

1.4

 

PACKAGE_FORWARD_FAILED

Forwarding of the package failed, an error occured.

ERROR

2.0

 

PACKAGE_FORWARDED

The new package created by forwarding an existing package was successfully sent.

INFO

1.4

 

PACKAGE_FORWARDED_AS

An existing package was forwarded creating a new package.

INFO

1.4

 

PACKAGE_IS_CLEAN

A package is clean.

INFO

1.0

 

PACKAGE_MADE_PUBLIC

A package was published (set as public).

NOTICE

1.3

2.0

PACKAGE_METADATA_DELETED

Deleted metadata for a shredded package from the database.

INFO

2.2

 

PACKAGE_PREPARED_FOR_FORWARD

A new package created by forwarding an existing package.

INFO

2.0

 

PACKAGE_QUARANTINED

A package was evaluated as not clean and was quarantined.

WARNING

1.0

 

PACKAGE_RECHECK_PLANNED

Requested new recheck of a package by the detection engines.

NOTICE

2.0

 

PACKAGE_RECIPIENT_ADDED

A recipient was added to a package - never occurs during application runtime.

INFO

1.0

 

PACKAGE_RELEASED

A package was released from the quarantine.

NOTICE

1.0

 

PACKAGE_RESET_LIMIT_ACCESS_COUNTER

A package access counter was reset to zero (for limiting number of accesses).

INFO

2.1

 

PACKAGE_RESTORED

A deleted package was restored.

NOTICE

1.0

 

PACKAGE_REQUEST_ENTERED_INVALID_PASSWORD

Invalid password entered when attempting to access a password protected package request.

WARNING

2.0

 

PACKAGE_REQUEST_ENTERED_VALID_PASSWORD

Valid password entered to access a password protected package request.

INFO

2.0

 

PACKAGE_SCAN_CANCELED_BY_ADMIN

Package content checks by detection engines terminated prematurely by the administrator.

WARNING

1.2

 

PACKAGE_SCAN_CANCELED_BY_TIMEOUT

Package content checks by detection engines terminated prematurely because of time limit expiration.

WARNING

1.2

 

PACKAGE_SCAN_CANCELED_BY_USER

Package content checks by detection engines terminated prematurely because the user deleted the package.

WARNING

1.5.3

 

PACKAGE_SCAN_ENDS_WITH_ERROR

Package content checks by detection engines ended with errors.

ERROR

2.0

 

PACKAGE_SET_PERSISTENT

Package set as persistent (will not expire automatically).

NOTICE

1.5

 

PACKAGE_SET_TEMPORARY

Package persistence unset (will expire automatically again).

NOTICE

1.5

 

PACKAGE_UPDATED

Package updated.

INFO

1.0

 

PACKAGE_UPLOAD_CANCELED

Package upload canceled.

NOTICE

1.0

 

PACKAGE_USER_FLAG_ADDED

Added a flag for a user’s package.

DEBUG

2.2

 

PACKAGE_USER_FLAG_DELETED

Deleted a flag for a user’s package.

DEBUG

2.2

 

PACKAGE_USER_FLAG_UPDATED

Updated a flag for a user’s package.

DEBUG

2.2

 

PASSWORD_RESET_TOKEN_ADDED

A new token for user’s password reset created.

NOTICE

1.0

 

PASSWORD_RESET_TOKEN_EXPIRED_DELETED

A token for user’s password reset expired.

NOTICE

1.0

 

PASSWORD_RESET_TOKEN_USED

A token for user’s password reset was used.

NOTICE

1.0

 

QUEUED_EMAIL_ADDED

An e-mail message queued - never occurs during application runtime.

INFO

1.0

 

QUEUED_EMAIL_DELETED

An e-mail message deleted from the queue - never occurs during application runtime.

INFO

1.0

 

QUEUED_EMAIL_UPDATED

An e-mail message in the queue updated - never occurs during application runtime.

INFO

1.0

 

RECIPIENT_ADDED

A package recipient added.

INFO

1.0

 

RECIPIENT_DELETED

A package recipient deleted.

INFO

1.0

 

RECIPIENT_UPDATED

A package recipient updated - never occurs during application runtime.

INFO

1.0

 

REMOTE_USER_DIRECTORY_ADDED

A configuration for authentication in AD/LDAP added.

NOTICE

1.0

 

REMOTE_USER_DIRECTORY_DELETED

A configuration for authentication in AD/LDAP deleted - never occurs during application runtime.

NOTICE

1.0

 

REMOTE_USER_DIRECTORY_UPDATED

A configuration for authentication in AD/LDAP updated.

NOTICE

1.0

 

REPORT_DOWNLOAD_FAILED

Failed to download the detailed report from sandbox check.

WARNING

1.5.4

 

REPORT_WRITE_FAILED

Failed to save a detailed report from a sandboxing check to the disk.

ERROR

2.2

 

SCHEDULER_JOB_RESCHEDULED

A scheduler job rescheduled.

INFO

1.0

 

SCHEDULER_JOB_SCHEDULED

A scheduler job scheduled.

INFO

1.0

 

SCHEDULER_JOB_UNSCHEDULED

A scheduler job unscheduled.

INFO

1.0

 

SEND_PACKAGE_APPROVED

The package waiting for approval was approved by an auditor and sent.

INFO

2.0.7

 

SEND_PACKAGE_DISAPPROVED

The package waiting for approval was rejected by an auditor and was not sent.

NOTICE

2.0.7

 

SESSION_ADDED

Created a new logged in user’s session.

DEBUG

2.1

 

SESSION_UPDATED

Updated a logged in user’s session - never occurs during application runtime yet.

DEBUG

2.1

 

SESSION_DELETED

Deleted a logged in user’s session.

DEBUG

2.1

 

TEMPORAL_USERS_DELETED

Temporary user accounts expired and were deleted.

NOTICE

2.0

 

TEST_LOG

A test log entry.

DEBUG

1.0

 

TRIAL_LICENSE_ACQUIRED

A trial license acquired.

NOTICE

1.3

 

USER_ADDED

A new user added.

NOTICE

1.0

 

USER_APPROVER_ADDED

Added a preferred approver for a user.

INFO

2.2

 

USER_APPROVER_DELETED

Deleted a preferred approver for a user.

INFO

2.2

 

USER_APPROVER_UPDATED

Updated a preferred approver for a user.

INFO

2.2

 

USER_AUTH_FAILED_ACCOUNT_LOCKED

User’s login failed, account is locked.

WARNING

1.4

 

USER_AUTH_FAILED_EMAIL_MISSING

User’s login failed, missing mandatory attribute: e-mail. (in AD/ADFS)

WARNING

1.0

 

USER_AUTH_FAILED_GUID_MISMATCH

User’s login failed, GUID mismatch. (in AD/ADFS)

 

1.0

1.1

USER_AUTH_FAILED_INVALID_ADFS_TOKEN

User’s login failed, invalid ADFS token.

WARNING

1.0

 

USER_AUTH_FAILED_MFA

User’s login failed because of multi-factor authentication failure.

WARNING

1.4

 

USER_AUTH_FAILED_MISSING_GUID

User’s login failed, GUID missing. (in AD/ADFS)

WARNING

1.0

 

USER_AUTH_FAILED_NOT_ALLOWED_IP

User’s login failed, attempt from not allowed IP address.

WARNING

2.1

 

USER_AUTH_FAILED_TOO_MANY_USERS

User’s login failed, too many existing users, as allowed by license.

ERROR

1.2

 

USER_AUTH_FAILED_UNKNOWN_LOCAL_USER

User’s login failed, such account does not exist.

WARNING

1.0

 

USER_AUTH_FAILED_WRONG_PASSWORD

User’s login failed, invalid pasword.

WARNING

1.0

 

USER_AUTH_GUID_MISMATCH

User’s login failed, GUID mismatch. (in AD/ADFS)

WARNING

1.1

 

USER_AUTH_SESSION_HIJACK

An attempt to hijack user’s session detected and blocked (IP and/or User-Agent changed during the session).

WARNING

2.0

 

USER_AUTH_SUCCEEDED_MFA

A correct multi-factor code was entered for user authentication.

DEBUG

2.0

 

USER_AUTO_ADDED_FROM_AD

Automatically added a new user during first successful login authenticated in AD.

NOTICE

1.0

 

USER_AUTO_ADDED_FROM_ADFS

Automatically added a new user during first successful login authenticated in ADFS.

NOTICE

1.0

 

USER_AUTO_UPDATED_FROM_AD

User updated during login from AD.

INFO

1.0

 

USER_AUTO_UPDATED_FROM_ADFS

User updated during login from ADFS.

INFO

1.0

 

USER_DELETED

User deleted.

NOTICE

1.0

 

USER_EMAIL_ADDED

Added an email or an email alias for a user.

INFO

2.2

 

USER_EMAIL_DELETED

Deleted an email or an email alias for a user.

INFO

2.2

 

USER_EMAIL_UPDATED

Updated an email or an email alias for a user.

INFO

2.2

 

USER_ENTERED_VALID_LOGIN_PASSWORD_FOR_DOWNLOAD

User entered his correct login password, so he can download the package content.

NOTICE

1.5

 

USER_LOGGED_IN

User logged in successfully.

INFO

1.0

 

USER_LOGGED_OUT

User logged out.

INFO

1.0

 

USER_PASSWORD_CHANGED

User’s password changed.

NOTICE

1.0

 

USER_PERMISSIONS_CHANGED

User’s permissions changed.

NOTICE

1.4

 

USER_REGISTRATION_FROM_AD

New local user created after authentication in AD.

NOTICE

1.0

 

USER_TIMED_OUT

User automatically logged out after prolonged period of inactivity.

INFO

1.0

 

USER_UPDATED

User updated.

INFO

1.0

 

USERS_DISABLED_FOR_INACTIVITY

Performed automatic inactive user account deactivation.

NOTICE

2.0

 

USERS_DELETED_FOR_INACTIVITY

Performed automatic inactive user account deletion.

NOTICE

2.0

 

WORKER_COMMAND_SCHEDULED

New task for worker scheduled.

INFO

1.0

 

* The severity specified for each of the types has the following meaning:

Severity

Description

Example

Severity

Description

Example

DEBUG

not interesting in normal cases, can fill up the log

automatic regular antivirus signature update in the background

INFO

common audit log messages from regular operation, of no particular interest, except when searching for specific things

file/package upload, file download, user login

NOTICE

common audit log messages from regular operation, which may be of interest and do not occur automatically

changes in configuration by admin, release from quarantine by admin, new user creation

WARNING

events, that should not occur during normal operation and mean something unusual has happened, but does not necessarily mean problem with the application

incorrect password entered, file upload failed, package quarantined

ERROR

events, that mean an error/problem occurred, that should be checked and fixed

file check failed (for example not working antivirus engine)

Note: Severity for all event types was first introduced with version 1.4 of the application.

All audit log records always contain the following common information:

  • source = {WEB | WEB_PUBLIC | WEB_USER | WEB_ADMIN | WORKER | SCHEDULER | UNKNOWN | TEST}

  • ipAddress = ip address of the client performing the action through the web interface (for WEB_* sources)

  • sourceId = loggedInUser.getId() (if user or admin is logged in)

  • sourceText = loggedInUser.getUsername() (if user or admin is logged in)

  • attribute.sourceSAMAccountName = loggedInUser.getSamAccountName() (if user is logged in)

The records contain additional information specific to each event type.