Restituisci
-
Titolo
Audit database - understanding the data -
Descrizione
After exporting the audit database what do the columns mean?
-
Risoluzione
Event / Catergory ID / CatID / ID
Event CatId Category ID Audit cache file deleted 1 System 4 Recovery of the emergency access questions collected by a user 1 System 3 Checking timeslice 1 System 2 Authenticating using cache 1 System 1 Contactless badge self enrolment 2 Authentication 4120 Roaming: User terminates his session 2 Authentication 4119 Roaming: Create user's session 2 Authentication 4118 Token moved to black list 2 Authentication 4117 Certificate enrollment 2 Authentication 4115 Revocation 2 Authentication 4116 User closed session 2 Authentication 8205 Authentication failed 2 Authentication 4114 Authentication successfull 2 Authentication 4113 Authentication outside authorized timeslice 2 Authentication 4112 Invalid user id in smart card 2 Authentication 35 Temporary Password Access deletion 2 Authentication 46 External domain user authentication 2 Authentication 45 User authentication 2 Authentication 44 Automatic generation of primary password during token authentication 2 Authentication 43 Unblock PIN with emergency access 2 Authentication 39 Password Reset with emergency access in disconnected mode 2 Authentication 38 Password Reset with emergency access in connected mode 2 Authentication 37 Questions and answers collect for emergency access 2 Authentication 36 Unblocking secret refused 2 Authentication 34 Unable to change PIN 2 Authentication 33 Unable to unblock smart card 2 Authentication 32 User connecting with application mask 2 Authentication 12 User queried OTP 2 Authentication 11 User not authorized for this application 2 Authentication 10 Wrong user 2 Authentication 9 Unable to sign authentication data 2 Authentication 8 User can unlock workstation 2 Authentication 7 Creation of authentication key 2 Authentication 6 Impossible to get authentication key 2 Authentication 5 Checking directory credentials 2 Authentication 4 Authentication by OTP successful 2 Authentication 3 Invalid OTP 2 Authentication 2 Directory password change 2 Authentication 1 Authentication method refused 2 Authentication 4111 Primary account locked 2 Authentication 4110 Impossible to retreive user security profile 2 Authentication 4109 User not allowed on this accesspoint 2 Authentication 4108 Re-authentication using a different user 2 Authentication 4107 Re-authentication without authentication 2 Authentication 4106 Incorrect registration signature 2 Authentication 4105 Registration not found 2 Authentication 4104 Auto registration 2 Authentication 4103 Auto registration not found 2 Authentication 4102 Incorrect user ID 2 Authentication 4101 Incorrect signature 2 Authentication 4100 Incorrect accesspoint session ID 2 Authentication 4099 Unregistered authentication attempts 2 Authentication 4098 Unsupported authentication method used 2 Authentication 4097 Smart card unblocked 2 Authentication 31 Smart card is being unblocked 2 Authentication 30 Blocked smart card presented 2 Authentication 29 Smart card blocked 2 Authentication 28 Invalid PIN 2 Authentication 27 PIN changed 2 Authentication 26 New PIN refused 2 Authentication 25 Expired PIN 2 Authentication 24 Invalid PIN state 2 Authentication 23 Temporarily replaced token reactivated 2 Authentication 22 Temporarily replaced token presented 2 Authentication 21 To giveback token presented 2 Authentication 20 Old token presented 2 Authentication 19 Expired token presented 2 Authentication 18 Blacklisted token presented 2 Authentication 17 Disabled token presented 2 Authentication 16 Personal config modification 3 SSO 8 Account deletion 3 SSO 7 Account modification 3 SSO 6 SSO account modified by administrator 3 SSO 5 Account access denied 3 SSO 4 SSOKey table modified 3 SSO 3 Use of primary password for SSO 3 SSO 2 Use of account password for SSO 3 SSO 1 Modify account delegation 3 SSO 4100 Remove account delegation 3 SSO 4099 Delegate account 3 SSO 4098 Open session 3 SSO 4097 Token 4 Admin 15 Configuration 4 Admin 14 Access point profile 4 Admin 13 User profile 4 Admin 12 Biometric data 4 Admin 11 Application profile 4 Admin 10 application's parameter 4 Admin 9 application administration profile 4 Admin 8 Access point - user access 4 Admin 7 User - application access 4 Admin 6 Application - user access 4 Admin 5 Application - access point access 4 Admin 4 Organization 4 Admin 3 Access point 4 Admin 2 Application 4 Admin 1 Technical reference 4 Admin 25 SSO storage 4 Admin 24 Parameter 4 Admin 23 Account's parameter 4 Admin 22 Account 4 Admin 21 Software module 4 Admin 20 Time slice 4 Admin 19 Personal access 4 Admin 18 PGP 4 Admin 17 PFCP 4 Admin 16 Batch of cards 4 Admin 41 Representative 4 Admin 40 Administrator challenge retrieve for disconnected PIN Reset with emergency access 4 Admin 39 Administrator challenge retrieve for disconnected Password Reset with emergency access 4 Admin 38 User 4 Admin 37 Group 4 Admin 36 WG Auth 4 Admin 35 Role 4 Admin 34 Administration profile 4 Admin 33 token class configuration 4 Admin 32 Cluster 4 Admin 62 User Password Forced 4 Admin 61 Audit Filter 4 Admin 60 Temporary Password Access 4 Admin 59 Revocation: OCSP response 4 Admin 58 Revocation: CRL update 4 Admin 57 Audit database purged 4 Admin 56 File Encryption Key update requested 4 Admin 55 File Encryption Key information change requested 4 Admin 54 File Encryption Key information changed 4 Admin 53 File Encryption Key updated 4 Admin 52 File Encryption Key created 4 Admin 51 File Encryption Key 4 Admin 50 Certificate 4 Admin 49 PKA Authority 4 Admin 48 File Encryption Key updated by user 5 File Encryption 3 File encryption Key information changed by user 5 File Encryption 2 File Encryption Key created by user 5 File Encryption 1 Time
The time is stored in Unix Time / Epoch (The number of seconds since 01/01/1970 at 0h00 GMT+0)
There's a online converter below with example SQL statements.
http://www.epochconverter.com/
Result Code
The ResultCode corresponds to standard QESSO error codes but the data is in HEX format.In ResultCode:
- 0 means no error at all
- a positive number (such as 33562688) is a warning code
- any negative number is an errorYou can use the Windows 'calc' (with scientific display) to convert a negative number is its hexadecimal value. For instance, -2113921011 is show as FFFFFFFF8200200D by calc (meaning 0x8200200D in "errors and events", or 'Authentication method not authorized').You can also ask SQL Server to show the ResultCode column in hexadecimal :select cast(ResultCode as varbinary(20)) as ErrorCode, * from dbo.Audit(where ErrorCode is the name that SQL Server will use for the column where ResultCode is shown in hex)
The QESSO errors can be exported from C:\Program Files\Quest Software\QESSO Client\ESSOErrors.exe