(v2.3) List and description of Audit Log event types
The events logged in the the application audit log always have one of the event types described below. The event type specifies, what type of event occurred. Each specific event type has a set of information saved within its log record. This set of existing event types can differ in different application versions. Typically new versions contain new event types.
The following table lists all the existing event types and related information about them:
Audit Log type | Basic meaning | Severity * | Since version | Until version |
---|---|---|---|---|
ACTION_LIMIT_ADDED | Added a new limit for a number of actions in a defined time interval. | DEBUG | 2.1 | Â |
ACTION_LIMIT_UPDATED | Updated a limit for a number of actions in a defined time interval. | DEBUG | 2.1 | Â |
ACTION_LIMIT_DELETED | Deleted a limit for a number of actions in a defined time interval. | DEBUG | 2.1 | Â |
ACTION_LIMIT_TRIGGERED | Exceeded a limit for a number of actions in a defined time interval. | WARNING | 2.1 | Â |
AD_AUTH_FAILED | User authentication in AD domain failed. | WARNING | 1.0 | Â |
AD_AUTH_FAILED_WRONG_PATH | User authentication in AD domain failed, likely because of wrong “User tree“ supplied in the settings. | ERROR | 1.0 | 1.3.2 |
AD_AUTH_FAILED_WRONG_PATH_OR_GROUP | User authentication in AD domain failed, likely because of wrong “User tree“ or “Allowed group“ supplied in the settings. | ERROR | 1.3.3 |  |
AD_AUTH_SUCCESS | Successful authentication of a user using AD account. | INFO | 1.0 | Â |
AD_BAD_GROUP | User successfully authenticated in AD, but is not in allowed group. | WARNING | 1.0 | 2.0 |
AD_CONNECTION_FAILED | Error in communication with AD. | ERROR | 1.0 | Â |
AD_USER_FOUND | User was verified in AD. | INFO | 1.0 | Â |
AD_USER_INFO_FAIL | Could not read user information from AD. | WARNING | 1.0 | Â |
AD_USER_NOT_FOUND | User not found in AD, or the configured service account for binding to AD does not work. | WARNING | 1.0 | Â |
ADFS_ADDED | Configuration for ADFS user authentication added. | NOTICE | 1.0 | Â |
ADFS_CONFIG_MISSING | ADFS authentication enabled, but required configuration missing. | ERROR | 1.0 | Â |
ADFS_DELETED | Configuration for ADFS user authentication added - never occurs during application runtime. | NOTICE | 1.0 | Â |
ADFS_UPDATED | Configuration for ADFS user authentication updated. | NOTICE | 1.0 | Â |
ADMIN_ADDED | An administrator account added. | NOTICE | 1.0 | Â |
ADMIN_AUTH_FAILED_MFA | Second factor verification failed during an administrator login. | WARNING | 1.4 | Â |
ADMIN_AUTH_FAILED_NOT_ALLOWED_IP | An administrator login failed, because it originated from not allowed IP address. | WARNING | 1.0 | Â |
ADMIN_AUTH_FAILED_UNKNOWN_USER | An administrator login failed, because such an account does not exist. | WARNING | 1.0 | Â |
ADMIN_AUTH_FAILED_WRONG_PASSWORD | An administrator login failed, because the entered password was not valid. | WARNING | 1.0 | Â |
ADMIN_AUTH_SESSION_HIJACK | An attempt to hijack administrator’s session detected and blocked (IP and/or User-Agent changed during the session). | WARNING | 2.0 |  |
ADMIN_AUTH_SUCCEEDED_MFA | A correct multi-factor code was entered for administrator authentication. | DEBUG | 2.0 | Â |
ADMIN_DELETED | Administrator’s account deleted. | NOTICE | 1.0 |  |
ADMIN_LOGGED_IN | An administrator logged in. | INFO | 1.0 | Â |
ADMIN_LOGGED_OUT | An administrator logged out. | INFO | 1.0 | Â |
ADMIN_PASSWORD_CHANGED | An administrator’s password changed. | NOTICE | 1.0 |  |
ADMIN_TIMED_OUT | An administrator logged out automatically because of long period of inactivity. | INFO | 1.0 | Â |
ADMIN_UPDATED | An administrator’s account updated. | INFO | 1.0 |  |
ANTIVIRUS_HARDFAIL | A file check by an antivirus failed definitively (will not be retried again). | ERROR | 1.0 | Â |
ANTIVIRUS_SOFTFAIL | A file check by an antivirus failed and will be retried again. | WARNING | 1.0 | Â |
API_TOKEN_ADDED | A token for using the API created. | NOTICE | 1.3 | Â |
API_TOKEN_AUTH_FAILED_NOT_ALLOWED_IP | An attempt to use an API token from not allowed IP address was blocked. | WARNING | 2.3 | Â |
API_TOKEN_DELETED | A token for using the API deleted. | NOTICE | 1.3 | Â |
API_TOKEN_UPDATED | A token for using the API updated. | NOTICE | 2.3 | Â |
APP_MIGRATION_ADDED | An application migration added - never occurs during application runtime. | INFO | 1.0 | Â |
APP_MIGRATION_DELETED | An application migration deleted - never occurs during application runtime. | INFO | 1.0 | Â |
APP_MIGRATION_UPDATED | An application migration updated - never occurs during application runtime. | INFO | 1.0 | Â |
APP_VERSION_CHANGED | Application version changed. Typically occurs during update to a new version. | NOTICE | 1.6.0 | Â |
CAPTCHA_ERROR | An unexpected error occurred during captcha evaluation. | ERROR | 1.3 | Â |
CAPTCHA_FAILED | The Captcha result is fail - request blocked. | NOTICE | 1.3 | Â |
CAPTCHA_PASSED | The Captcha result is pass - request allowed. | INFO | 1.3 | Â |
CHECK_FILE_INTEGRITY_FAILED | File integrity check failed. Reason can be found in file integrity result attribute. | ERROR | 2.0 | Â |
CHECK_FILE_INTEGRITY_INVALID | File integrity check found a corrupted file. | WARNING | 2.0 | 2.0 |
CONFIG_ADDED | New configuration parameter added - never occurs during application runtime. | INFO | 1.0 | Â |
CONFIG_DELETED | Configuration parameter deleted - never occurs during application runtime. | INFO | 1.0 | Â |
CONFIG_UPDATED | Configuration parameter updated. | NOTICE | 1.0 | Â |
CONTACT_ADDED | Added a new contact to the address book. | INFO | 1.4 | Â |
CONTACT_DELETED | Deleted a contact from the address book. | INFO | 1.4 | Â |
CONTACT_GROUP_ADDED | Added a new group to the address book. | INFO | 1.4 | Â |
CONTACT_GROUP_DELETED | Deleted a group from the address book. | INFO | 1.4 | Â |
CONTACT_GROUP_UPDATED | Updated a group in the address book. | INFO | 1.4 | Â |
CONTACT_UPDATED | Updated a contact in the address book. | INFO | 1.4 | Â |
DATASTORE_ACTIVATED | A data store activated, new data will be saved to it. | NOTICE | 1.4 | Â |
DATASTORE_ADDED | Added a new data store. | NOTICE | 1.4 | Â |
DATASTORE_DEACTIVATED | A data store deactivated, new data will not be saved to it. | NOTICE | 1.4 | Â |
DATASTORE_DELETED | Deleted a data store. | NOTICE | 1.4 | Â |
DATASTORE_UPDATED | Update a data store. | NOTICE | 1.4 | Â |
DETECTION_ENGINE_LICENSED_QUOTA_EXCEEDED | The allowed quota of a detection engine was exceeded. | WARNING | 2.1 | Â |
DETECTION_ENGINE_STATUS_UPDATED | Detection engine status updated. Occurs usually automatically during anti-virus update. | DEBUG | 1.3 | Â |
DETECTION_ENGINE_UNAVAILABLE | The state of the detection engine changed from available to unavailable. | WARNING | 2.0 | Â |
DETECTION_ENGINE_UPDATED | Updated detection engine settings. | NOTICE | 1.0 | Â |
DIAGNOSTIC_LOGS_SENT | Application logs sent for analysis. | NOTICE | 1.4 | Â |
DIAGNOSTIC_TUNNEL_DISABLED | Remote diagnostics access disabled. | NOTICE | 1.4 | Â |
DIAGNOSTIC_TUNNEL_ENABLED | Remote diagnostics access enabled. | NOTICE | 1.4 | Â |
DOMAIN_ADDED | Added a new domain. | NOTICE | 1.0 | Â |
DOMAIN_DELETED | Deleted a domain. | NOTICE | 1.0 | Â |
DOMAIN_UPDATED | Updated a domain. | NOTICE | 1.0 | Â |
EMAIL_QUEUED | An e-mail message queued to be sent. | INFO | 1.0 | Â |
EMAIL_SEND_FAILED | Failed to send an e-mail message through the configured SMTP server. | ERROR | 1.4 | Â |
EMAIL_SENT | An e-mail message successfully sent to the configured outgoing mail server. | INFO | 1.0 | Â |
EMAIL_TEMPLATE_ADDED | New template for outgoing e-mail messages was added. | NOTICE | 2.0 | Â |
EMAIL_TEMPLATE_UPDATED | A template for outgoing e-mail messages updated. | NOTICE | 1.4 | Â |
FIDO_CHALLENGE_ADDED | New key for FIDO2 multi-factor authentication (webauthn) added - cancelled, does not occur. | NOTICE | 1.4 | Â |
FIDO_CHALLENGE_DELETED | A key for FIDO2 multi-factor authentication (webauthn) deleted - cancelled, does not occur. | NOTICE | 1.4 | Â |
FIDO_CHALLENGE_UPDATED | A key for FIDO2 multi-factor authentication (webauthn) updated - cancelled, does not occur. | NOTICE | 1.4 | Â |
FILE_ADDED | New file added to a package. | INFO | 1.0 | Â |
FILE_ARCHIVE_ADDED | File archive (zip) added to a package. | INFO | 1.0 | Â |
FILE_ARCHIVE_DELETED | Package’s file archive (zip) deleted. | INFO | 1.0 |  |
FILE_ARCHIVE_DOWNLOAD_STARTED | Download of a package’s file archive (zip) started. | INFO | 1.0 |  |
FILE_ARCHIVE_UPDATED | Package’s file archive (zip) updated. | INFO | 1.0 |  |
FILE_CONTENT_DELETED | Package’s file shredded (really deleted from disk). | NOTICE | 2.0 |  |
FILE_DECRYPTION_FAILED | File decryption failed. | ERROR | 2.0 | Â |
FILE_DECRYPTION_SUCCEEDED | File decryption succeeded. | INFO | 2.0 | Â |
FILE_DELETED | Package’s file deleted. | INFO | 1.0 |  |
FILE_DOWNLOAD_STARTED | Download of a package’s file started. | INFO | 1.0 |  |
FILE_ENCRYPTION_FAILED | File encryption failed. | ERROR | 2.0 | Â |
FILE_ENCRYPTION_SUCCEEDED | File encryption succeeded. | INFO | 2.0 | Â |
FILE_CHECK_ADDED | A new file check by a detection engine added (queued/scheduled). | INFO | 1.0 | Â |
FILE_CHECK_DELETED | A file check by a detection engine deleted - never occurs during application runtime. | INFO | 1.0 | Â |
FILE_CHECK_DONE | A file check by a detection engine finished successfully. | INFO | 1.0 | Â |
FILE_CHECK_DONE_QUOTA_EXCEEDED | A file check by a detection engine completed, but allowed quota was exceeded. | NOTICE | 2.1 | Â |
FILE_CHECK_FAILED | A file check by a detection engine failed. | ERROR | 1.0 | Â |
FILE_CHECK_REPORT_ADDED | A report with results added to the file check by a detection engine. | INFO | 1.2 | Â |
FILE_CHECK_REPORT_DELETED | A report with results deleted from the file check by a detection engine - never occurs during application runtime. | INFO | 1.2 | Â |
FILE_CHECK_REPORT_UPDATED | A report with results updated for the file check by a detection engine. | INFO | 1.2 | Â |
FILE_CHECK_SKIPPED_QUOTA_EXCEEDED | A file check by a detection engine skipped because allowed quota was exhausted. | WARNING | 2.1 | Â |
FILE_CHECK_TERMINATED_BY_ADMIN | A file check by a detection engine terminated by the administrator prematurely. | WARNING | 1.2 | Â |
FILE_CHECK_TERMINATED_BY_TIMEOUT | A file check by a detection engine terminated prematurely because of maximum time limit expiration. | WARNING | 1.2 | Â |
FILE_CHECK_TERMINATED_BY_USER | A file check by a detection engine terminated prematurely because the user deleted the package. | WARNING | 1.5.3 | Â |
FILE_CHECK_UPDATED | A file check by a detection engine updated - never occurs during application runtime. | INFO | 1.0 | Â |
FILE_IS_CLEAN | After finishing all file checks the file was evaluated as clean. | INFO | 1.0 | Â |
FILE_IS_UNCLEAN | After finishing all file checks the file was evaluated as not clean. | WARNING | 1.0 | Â |
FILE_MIMETYPE_UPDATED | File’s MIME type updated (refined). | INFO | 1.3 |  |
FILE_QUARANTINED | File was quarantined. | NOTICE | 2.0 | Â |
FILE_RECHECK_PLANNED | A repeated check of the file using detection engines was scheduled. | NOTICE | 2.0 | Â |
FILE_RELEASED | File released from the quarantine. | NOTICE | 1.4 | Â |
FILE_RENAMED | File in a package renamed. | INFO | 2.2 | Â |
FILE_UNDELETED | Deleted file was recovered (undeleted). | INFO | 2.0 | Â |
FILE_UPDATED | File updated. | INFO | 1.0 | Â |
FILE_UPLOAD_CANCELED | File’s upload canceled. | NOTICE | 1.0 |  |
FILE_UPLOAD_FAILED | File’s upload failed. | WARNING | 1.0 |  |
HIBP_QUERY_FAILED | The query to the compromised passwords database “have i been pwned?“ failed. | WARNING | 2.0 |  |
KEY_ENCRYPTION_KEY_ADD_TO_PACKAGE_FAILED | Assigning a KEK to the package failed. | ERROR | 2.0 | Â |
KEY_ENCRYPTION_KEY_ADD_TO_PACKAGE_SUCCEEDED | A KEK assigned to the package. | NOTICE | 2.0 | Â |
KEY_ENCRYPTION_KEY_ADDED | Added a new key encryption key (KEK). | NOTICE | 2.0 | Â |
KEY_ENCRYPTION_KEY_DELETED | A Key encryption key (KEK) deleted. | NOTICE | 2.0 | Â |
KEY_ENCRYPTION_KEY_REMOVE_FROM_PACKAGE_FAILED | Removing of a KEK assigned to the package failed. | ERROR | 2.0 | Â |
KEY_ENCRYPTION_KEY_REMOVE_FROM_PACKAGE_SUCCEEDED | A KEK assigned to the package removed. | NOTICE | 2.0 | Â |
KEY_ENCRYPTION_KEY_UPDATED | A key encryption key (KEK) updated. | NOTICE | 2.0 | Â |
LICENSE_INVALID | Invalid application license. The reason might be expiration, exceeded user limit, FQDN, etc. | ERROR | 1.6.0 | Â |
LICENSE_UPDATE_FAILED | Update of the license failed. | WARNING | 1.3 | Â |
LICENSE_UPDATED | License updated. | INFO | 1.2 | Â |
LICENSE_VALID | The application license is now valid. | NOTICE | 1.6.0 | Â |
LONG_RUNNING_TASK_ADDED | A new long running background task was created (for example encryption or integrity check). | INFO | 2.0 | Â |
LONG_RUNNING_TASK_CANCELED | A long running background task was manually prematurely canceled. | NOTICE | 2.0 | Â |
LONG_RUNNING_TASK_DELETED | A long running background task record deleted from the database. | DEBUG | 2.0 | Â |
LONG_RUNNING_TASK_FAILED | A long running background task failed. | ERROR | 2.0 | Â |
LONG_RUNNING_TASK_SUCCEEDED | A long running background task finished successfuly. | INFO | 2.0 | Â |
LONG_RUNNING_TASK_UPDATED | A long running background task record updated. | DEBUG | 2.0 | Â |
MULTI_FACTOR_KEY_ACTIVATED | A new TOTP type key for multi-factor authentication activated. | NOTICE | 2.0 | Â |
MULTI_FACTOR_KEY_ACTIVATION_CANCELED | Activation of a new TOTP type key for multi-factor authentication canceled. | INFO | 2.0 | Â |
MULTI_FACTOR_KEY_ADDED | A new TOTP (ie. Google auth) or FIDO2 (webauthn) type key for multi-factor authentication added. | NOTICE | 1.4 | Â |
MULTI_FACTOR_KEY_DELETED | A TOTP (ie. Google auth) or FIDO2 (webauthn) type key for multi-factor authentication deleted. | NOTICE | 1.4 | Â |
MULTI_FACTOR_KEY_UPDATED | A TOTP (ie. Google auth) or FIDO2 (webauthn) type key for multi-factor authentication updated. | NOTICE | 1.4 | Â |
OIDC_AUTH_INVALID_METADATA | Invalid metadata in OpenID Connect authentication. | WARNING | 2.3 | Â |
OIDC_AUTH_TOKEN_REQUEST_FAILED | Failed getting an authentication token in OpenID Connect. | WARNING | 2.3 | Â |
OIDC_PROVIDER_ADDED | Added an identity provider (login) of the type OpenID Connect. | NOTICE | 2.3 | Â |
OIDC_PROVIDER_DELETED | Deleted an identity provider (login) of the type OpenID Connect. | NOTICE | 2.3 | Â |
OIDC_PROVIDER_UPDATED | Updated an identity provider (login) of the type OpenID Connect. | NOTICE | 2.3 | Â |
OLD_AUDITLOGS_DELETED | Deleted old audit logs according to the audit log retention setting. | INFO | 2.2 | Â |
PACKAGE_ACCESS_TYPE_CHANGED | Changed a package’s access type. (private ↔︎ internal ↔︎ public) | NOTICE | 2.1 |  |
PACKAGE_ADDED | A new package added. | INFO | 1.0 | Â |
PACKAGE_APPROVER_ADDED | Added a preferred approver for a package. | INFO | 2.2 | Â |
PACKAGE_APPROVER_DELETED | Deleted a preferred approver for a package. | INFO | 2.2 | Â |
PACKAGE_APPROVER_UPDATED | Updated a preferred approver for a package. | INFO | 2.2 | Â |
PACKAGE_ARCHIVED | A package moved to archive. | INFO | 1.0 | Â |
PACKAGE_CONTENT_DELETE_FAILED | Deletion of a package’s content (files) from date store failed. | ERROR | 1.0 |  |
PACKAGE_CONTENT_DELETED | A package’s content (files) deleted. | INFO | 1.0 |  |
PACKAGE_DECRYPTION_FAILED | Package decryption failed. | ERROR | 2.0 | Â |
PACKAGE_DECRYPTION_SKIPPED | Package decryption skipped (detection engine checks are probably running). | INFO | 2.3 | Â |
PACKAGE_DECRYPTION_SUCCEEDED | Package decryption succeeded. | INFO | 2.0 | Â |
PACKAGE_DELETED | Package deleted - never occurs during application runtime. | INFO | 1.0 | Â |
PACKAGE_DOWNLOAD_ENTERED_INVALID_PASSWORD | Entered invalid password for package access. | WARNING | 1.0 | Â |
PACKAGE_DOWNLOAD_ENTERED_VALID_PASSWORD | Entered valid password for package access. | INFO | 1.0 | Â |
PACKAGE_DOWNLOAD_PACKAGE_EXPIRED | Attempt to access an expired package. | NOTICE | 1.6.0 | Â |
PACKAGE_DOWNLOAD_PACKAGE_NOT_FOUND | Attempt to access a non-existent package. | WARNING | 1.6.0 | Â |
PACKAGE_DOWNLOAD_UNAUTHORIZED_ACCESS | Unauthorized attempt to access the package anonymously. | INFO | 1.6.0 | Â |
PACKAGE_DOWNLOAD_USER_UNAUTHORIZED_ACCESS | Unauthorized attempt to access the package as a logged in user. | INFO | 2.1 | Â |
PACKAGE_ENCRYPTION_FAILED | Package encryption failed. | ERROR | 2.0 | Â |
PACKAGE_ENCRYPTION_SKIPPED | Package encryption skipped (detection engine checks are probably running). | INFO | 2.0.6 | Â |
PACKAGE_ENCRYPTION_SUCCEEDED | Package encryption succeeded. | INFO | 2.0 | Â |
PACKAGE_EXPIRATION_CHANGED | Package’s expiration time between its states (workflow) updated according to administrator’s new setting. | NOTICE | 2.0 |  |
PACKAGE_EXTRACTED | A package restored from archive. | NOTICE | 1.4 | Â |
PACKAGE_FORWARD_FAILED | Forwarding of the package failed, an error occured. | ERROR | 2.0 | Â |
PACKAGE_FORWARDED | The new package created by forwarding an existing package was successfully sent. | INFO | 1.4 | Â |
PACKAGE_FORWARDED_AS | An existing package was forwarded creating a new package. | INFO | 1.4 | Â |
PACKAGE_IS_CLEAN | A package is clean. | INFO | 1.0 | Â |
PACKAGE_MADE_PUBLIC | A package was published (set as public). | NOTICE | 1.3 | 2.0 |
PACKAGE_METADATA_DELETED | Deleted metadata for a shredded package from the database. | INFO | 2.2 | Â |
PACKAGE_PREPARED_FOR_FORWARD | A new package created by forwarding an existing package. | INFO | 2.0 | Â |
PACKAGE_QUARANTINED | A package was evaluated as not clean and was quarantined. | WARNING | 1.0 | Â |
PACKAGE_RECHECK_PLANNED | Requested new recheck of a package by the detection engines. | NOTICE | 2.0 | Â |
PACKAGE_RECIPIENT_ADDED | A recipient was added to a package - never occurs during application runtime. | INFO | 1.0 | Â |
PACKAGE_RELEASED | A package was released from the quarantine. | NOTICE | 1.0 | Â |
PACKAGE_RESET_LIMIT_ACCESS_COUNTER | A package access counter was reset to zero (for limiting number of accesses). | INFO | 2.1 | Â |
PACKAGE_RESTORED | A deleted package was restored. | NOTICE | 1.0 | Â |
PACKAGE_REQUEST_ENTERED_INVALID_PASSWORD | Invalid password entered when attempting to access a password protected package request. | WARNING | 2.0 | Â |
PACKAGE_REQUEST_ENTERED_VALID_PASSWORD | Valid password entered to access a password protected package request. | INFO | 2.0 | Â |
PACKAGE_SCAN_CANCELED_BY_ADMIN | Package content checks by detection engines terminated prematurely by the administrator. | WARNING | 1.2 | Â |
PACKAGE_SCAN_CANCELED_BY_TIMEOUT | Package content checks by detection engines terminated prematurely because of time limit expiration. | WARNING | 1.2 | Â |
PACKAGE_SCAN_CANCELED_BY_USER | Package content checks by detection engines terminated prematurely because the user deleted the package. | WARNING | 1.5.3 | Â |
PACKAGE_SCAN_ENDS_WITH_ERROR | Package content checks by detection engines ended with errors. | ERROR | 2.0 | Â |
PACKAGE_SET_PERSISTENT | Package set as persistent (will not expire automatically). | NOTICE | 1.5 | Â |
PACKAGE_SET_TEMPORARY | Package persistence unset (will expire automatically again). | NOTICE | 1.5 | Â |
PACKAGE_UPDATED | Package updated. | INFO | 1.0 | Â |
PACKAGE_UPLOAD_CANCELED | Package upload canceled. | NOTICE | 1.0 | Â |
PACKAGE_USER_FLAG_ADDED | Added a flag for a user’s package. | DEBUG | 2.2 |  |
PACKAGE_USER_FLAG_DELETED | Deleted a flag for a user’s package. | DEBUG | 2.2 |  |
PACKAGE_USER_FLAG_UPDATED | Updated a flag for a user’s package. | DEBUG | 2.2 |  |
PASSWORD_RESET_TOKEN_ADDED | A new token for user’s password reset created. | NOTICE | 1.0 |  |
PASSWORD_RESET_TOKEN_EXPIRED_DELETED | A token for user’s password reset expired. | NOTICE | 1.0 |  |
PASSWORD_RESET_TOKEN_USED | A token for user’s password reset was used. | NOTICE | 1.0 |  |
QUEUED_EMAIL_ADDED | An e-mail message queued - never occurs during application runtime. | INFO | 1.0 | Â |
QUEUED_EMAIL_DELETED | An e-mail message deleted from the queue - never occurs during application runtime. | INFO | 1.0 | Â |
QUEUED_EMAIL_UPDATED | An e-mail message in the queue updated - never occurs during application runtime. | INFO | 1.0 | Â |
RECIPIENT_ADDED | A package recipient added. | INFO | 1.0 | Â |
RECIPIENT_DELETED | A package recipient deleted. | INFO | 1.0 | Â |
RECIPIENT_UPDATED | A package recipient updated - never occurs during application runtime. | INFO | 1.0 | Â |
REMOTE_USER_DIRECTORY_ADDED | A configuration for authentication in AD/LDAP added. | NOTICE | 1.0 | Â |
REMOTE_USER_DIRECTORY_DELETED | A configuration for authentication in AD/LDAP deleted - never occurs during application runtime. | NOTICE | 1.0 | Â |
REMOTE_USER_DIRECTORY_UPDATED | A configuration for authentication in AD/LDAP updated. | NOTICE | 1.0 | Â |
REPORT_DOWNLOAD_FAILED | Failed to download the detailed report from sandbox check. | WARNING | 1.5.4 | Â |
REPORT_WRITE_FAILED | Failed to save a detailed report from a sandboxing check to the disk. | ERROR | 2.2 | Â |
SCHEDULER_JOB_RESCHEDULED | A scheduler job rescheduled. | INFO | 1.0 | Â |
SCHEDULER_JOB_SCHEDULED | A scheduler job scheduled. | INFO | 1.0 | Â |
SCHEDULER_JOB_UNSCHEDULED | A scheduler job unscheduled. | INFO | 1.0 | Â |
SEND_PACKAGE_APPROVED | The package waiting for approval was approved by an auditor and sent. | INFO | 2.0.7 | Â |
SEND_PACKAGE_DISAPPROVED | The package waiting for approval was rejected by an auditor and was not sent. | NOTICE | 2.0.7 | Â |
SESSION_ADDED | Created a new logged in user’s session. | DEBUG | 2.1 |  |
SESSION_UPDATED | Updated a logged in user’s session - never occurs during application runtime yet. | DEBUG | 2.1 |  |
SESSION_DELETED | Deleted a logged in user’s session. | DEBUG | 2.1 |  |
TEMPORAL_USERS_DELETED | Temporary user accounts expired and were deleted. | NOTICE | 2.0 | Â |
TEST_LOG | A test log entry. | DEBUG | 1.0 | Â |
TRIAL_LICENSE_ACQUIRED | A trial license acquired. | NOTICE | 1.3 | Â |
USER_ADDED | A new user added. | NOTICE | 1.0 | Â |
USER_APPROVER_ADDED | Added a preferred approver for a user. | INFO | 2.2 | Â |
USER_APPROVER_DELETED | Deleted a preferred approver for a user. | INFO | 2.2 | Â |
USER_APPROVER_UPDATED | Updated a preferred approver for a user. | INFO | 2.2 | Â |
USER_AUTH_FAILED_ACCOUNT_LOCKED | User’s login failed, account is locked. | WARNING | 1.4 |  |
USER_AUTH_FAILED_EMAIL_MISSING | User’s login failed, missing mandatory attribute: e-mail. (in AD/ADFS) | WARNING | 1.0 |  |
USER_AUTH_FAILED_GUID_MISMATCH | User’s login failed, GUID mismatch. (in AD/ADFS) |  | 1.0 | 1.1 |
USER_AUTH_FAILED_INVALID_ADFS_TOKEN | User’s login failed, invalid ADFS token. | WARNING | 1.0 |  |
USER_AUTH_FAILED_INVALID_OIDC_TOKEN | User’s login failed, invalid OpenID Connect token. | WARNING | 2.3 |  |
USER_AUTH_FAILED_MFA | User’s login failed because of multi-factor authentication failure. | WARNING | 1.4 |  |
USER_AUTH_FAILED_MISSING_GUID | User’s login failed, GUID missing. (in AD/ADFS) | WARNING | 1.0 |  |
USER_AUTH_FAILED_NOT_ALLOWED_IP | User’s login failed, attempt from not allowed IP address. | WARNING | 2.1 |  |
USER_AUTH_FAILED_TOO_MANY_USERS | User’s login failed, too many existing users, as allowed by license. | ERROR | 1.2 |  |
USER_AUTH_FAILED_UNKNOWN_LOCAL_USER | User’s login failed, such account does not exist. | WARNING | 1.0 |  |
USER_AUTH_FAILED_WRONG_PASSWORD | User’s login failed, invalid pasword. | WARNING | 1.0 |  |
USER_AUTH_GUID_MISMATCH | User’s login failed, GUID mismatch. (in AD/ADFS) | WARNING | 1.1 |  |
USER_AUTH_SESSION_HIJACK | An attempt to hijack user’s session detected and blocked (IP and/or User-Agent changed during the session). | WARNING | 2.0 |  |
USER_AUTH_SUCCEEDED_MFA | A correct multi-factor code was entered for user authentication. | DEBUG | 2.0 | Â |
USER_AUTO_ADDED_FROM_AD | Automatically added a new user during first successful login authenticated in AD. | NOTICE | 1.0 | Â |
USER_AUTO_ADDED_FROM_ADFS | Automatically added a new user during first successful login authenticated in ADFS. | NOTICE | 1.0 | Â |
USER_AUTO_ADDED_FROM_OIDC | Automatically added a new user during first successful login authenticated in OpenID Connect. | NOTICE | 2.3 | Â |
USER_AUTO_UPDATED_FROM_AD | User updated during login from AD. | INFO | 1.0 | Â |
USER_AUTO_UPDATED_FROM_ADFS | User updated during login from ADFS. | INFO | 1.0 | Â |
USER_AUTO_UPDATED_FROM_OIDC | User updated during login from OpenID Connect. | INFO | 2.3 | Â |
USER_DELETED | User deleted. | NOTICE | 1.0 | Â |
USER_EMAIL_ADDED | Added an email or an email alias for a user. | INFO | 2.2 | Â |
USER_EMAIL_DELETED | Deleted an email or an email alias for a user. | INFO | 2.2 | Â |
USER_EMAIL_UPDATED | Updated an email or an email alias for a user. | INFO | 2.2 | Â |
USER_ENTERED_VALID_LOGIN_PASSWORD_FOR_DOWNLOAD | User entered his correct login password, so he can download the package content. | NOTICE | 1.5 | Â |
USER_LOGGED_IN | User logged in successfully. | INFO | 1.0 | Â |
USER_LOGGED_OUT | User logged out. | INFO | 1.0 | Â |
USER_PASSWORD_CHANGED | User’s password changed. | NOTICE | 1.0 |  |
USER_PERMISSIONS_CHANGED | User’s permissions changed. | NOTICE | 1.4 |  |
USER_REGISTRATION_FROM_AD | New local user created after authentication in AD. | NOTICE | 1.0 | Â |
USER_TIMED_OUT | User automatically logged out after prolonged period of inactivity. | INFO | 1.0 | Â |
USER_UPDATED | User updated. | INFO | 1.0 | Â |
USERS_DISABLED_FOR_INACTIVITY | Performed automatic inactive user account deactivation. | NOTICE | 2.0 | Â |
USERS_DELETED_FOR_INACTIVITY | Performed automatic inactive user account deletion. | NOTICE | 2.0 | Â |
WORKER_COMMAND_SCHEDULED | New task for worker scheduled. | INFO | 1.0 | Â |
* The severity specified for each of the types has the following meaning:
Severity | Description | Example |
---|---|---|
DEBUG | not interesting in normal cases, can fill up the log | automatic regular antivirus signature update in the background |
INFO | common audit log messages from regular operation, of no particular interest, except when searching for specific things | file/package upload, file download, user login |
NOTICE | common audit log messages from regular operation, which may be of interest and do not occur automatically | changes in configuration by admin, release from quarantine by admin, new user creation |
WARNING | events, that should not occur during normal operation and mean something unusual has happened, but does not necessarily mean problem with the application | incorrect password entered, file upload failed, package quarantined |
ERROR | events, that mean an error/problem occurred, that should be checked and fixed | file check failed (for example not working antivirus engine) |
Note: Severity for all event types was first introduced with version 1.4 of the application.
All audit log records always contain the following common information:
source = {WEB | WEB_PUBLIC | WEB_USER | WEB_ADMIN | WORKER | SCHEDULER | UNKNOWN | TEST}
ipAddress = ip address of the client performing the action through the web interface (for WEB_* sources)
sourceId = loggedInUser.getId() (if user or admin is logged in)
sourceText = loggedInUser.getUsername() (if user or admin is logged in)
attribute.sourceSAMAccountName = loggedInUser.getSamAccountName() (if user is logged in)
The records contain additional information specific to each event type.