Event Viewer Events

Kamel Elias  - Versasec Support
Kamel Elias - Versasec Support
  • Updated

Introduction

This article will describe the Windows events that are sent to the local Windows Event Viewer. This can be used to centrally capture operations and events carried out when an operator uses vSEC:CMS from the Admin or Agent applications. These event can then be sent to a syslog system, for example using a Splunk agent, for further analysis and reporting.

Additionally, Windows events for vSEC:CMS RSDM and vSEC:CMS Virtual Smart Card can be captured if you use these components on clients for issuing and managing Virtual Smart Cards.

Enable Events Capture

By default this feature is not available. Navigate to Options - Connections and click the Add button. Select External Trace and Ok. You should see something similar to below where the server where vSEC:CMS is installed is shown. Enable Send events checkbox. You may need to install event provider if it is not available on the server/client where you want events to be sent to. This button will then be enabled/available so you should click on the button in that case. Click Ok to save and close the configuration.

Untitled.png

If you have additional clients where vSEC:CMS Admin or Agent consoles are running and you want to capture the events/operations carried out on them, then on these clients navigate to Options - Connections - External Trace and select the machine and click Add this computer. The events will then be sent to the local Windows Event Viewer.

Windows Events Captured for vSEC:CMS

The following events will be captured and written to the local Windows Event Viewer where the vSEC:CMS Console is running.

Level

Source

Event ID

Windows Logs

Message (as displayed in event viewer)

Description

 Information 

 vSEC.CMS

256

(HEX: 0x100)

Application

Application started

The time and details when the vSEC:CMS Console was started.

 Information

 vSEC.CMS

257

(HEX: 0x101)

Application

Application ended

The time and details when the vSEC:CMS Console was closed.

 Information

 vSEC.CMS

258

(HEX: 0x102)

Application

New Operator created

The time and details when a new Operator account is created.

 Information

 vSEC.CMS

259

(HEX: 0x103)

Application

Operator deleted

The time and details when an Operator account is deleted.

 Information

 vSEC.CMS

260

(HEX: 0x104)

Application

Operator PIN changed

The time and details when an Operator’s PIN is changed.

 Information

 vSEC.CMS

261

(HEX: 0x105)

Application

Operator PIN unblocked

The time and details when an Operator’s PIN is unblocked.

 Information

 vSEC.CMS

262

(HEX: 0x106)

Application

Operator PIN blocked

The time and details when an Operator’s PIN is blocked.

 Information

 vSEC.CMS

263

(HEX: 0x107)

Application

Operator login

The time and details when an Operator logged into the vSEC:CMS Console.

 Information

 vSEC.CMS

264

(HEX: 0x108)

Application

Operator logout

The time and details when an Operator logged off the vSEC:CMS Console.

 Information

 vSEC.CMS

265

(HEX: 0x109)

Application

New operator service card created

The time and details when an Operator Service Card (OSC) was created.

 Information

 vSEC.CMS

266

(HEX: 0x10a)

Application

Operator service card deleted

The time and details when an Operator Service Card (OSC) was deleted.

 Information

 vSEC.CMS

267

(HEX: 0x10b)

Application

Failed to access operator service card

The time and details if the Operator Service Card (OSC) could not be accessed.

 Information

 vSEC.CMS

268

(HEX: 0x10c)

Application

Smart card user authenticated

The time and details when a managed smart card is connected to the vSEC:CMS Console.

 Information

 vSEC.CMS

269

(HEX: 0x10d)

Application

Smart card user logout

The time and details when a managed smart card is disconnected from the vSEC:CMS Console.

 Error

 vSEC.CMS

270

(HEX: 0x10e)

Application

Smart card user failed to authenticate

The time and details when a managed smart card failed to authenticate to the vSEC:CMS Console.

 Error

 vSEC.CMS

271

(HEX: 0x10f)

Application

Operator Service Key Store failed to initialize

The time and details if the Operator Service Key Store (OSKS) fails to initialize.

 Information

 vSEC.CMS

272

(HEX: 0x110)

Application

New operator Service Key Store created

The time and details if an Operator Service Key Store (OSKS) is created.

 Information

 vSEC.CMS

273

(HEX: 0x111)

Application

Operator Service Key Store deleted

The time and details if an Operator Service Key Store (OSKS) is deleted.

 Information

 vSEC.CMS

274

(HEX: 0x112)

Application

Operator authenticated

The time and details when an operator successfully logs into the vSEC:CMS Console.

 Error

 vSEC.CMS

275

(HEX: 0x113)

Application

Operator authentication failed

The time and details when an operator fails to log into the vSEC:CMS Console.

 Error

 vSEC.CMS

276

(HEX: 0x114)

Application

HSM failed to initialize

The time and details if HSM fails to initialize.

 Information

 vSEC.CMS

277

(HEX: 0x115)

Application

New master key on HSM added

The time and details when new master key is created on HSM.

 Information

 vSEC.CMS

278

(HEX: 0x116)

Application

Operator Service Key Store (HSM) deleted

The time and details if Operator Service Key Store (OSKS) on HSM is deleted.

 Information

 vSEC.CMS

279

(HEX: 0x117)

Application

New Tenant created

The time and details if a new tenant is created.

 Information

 vSEC.CMS

280

(HEX: 0x118)

Application

Tenant deleted

The time and details if a tenant is deleted.

 Information

 vSEC.CMS

281

(HEX: 0x119)

Application

Tenant deleted

The time and details if a tenant is deleted.

 Information

 vSEC.CMS

282

(HEX: 0x11a)

Application

Database migration successfully finished

The time and details when database migration to SQL completes.

 Error

 vSEC.CMS

283

(HEX: 0x11b)

Application

Database migration failed

The time and details when database migration to SQL fails.

 Error

 vSEC.CMS

284

(HEX: 0x11c)

Application

Database migration aborted

The time and details if the migration to SQL database is aborted.

 Information

 vSEC.CMS

4097

(HEX: 0x1001)

Application

Smart card issued

The time and details when a smart card is successfully issued.

 Information

 vSEC.CMS

4098

(HEX: 0x1002)

Application

Smart card initiated

The time and details when a smart card is successfully initiated.

 Information

 vSEC.CMS

4099

(HEX: 0x1003)

Application

Smart card inactivated

The time and details when a smart card is successfully inactivated.

 Information

 vSEC.CMS

4100

(HEX: 0x1004)

Application

Smart card activated

The time and details when a smart card is successfully activated.

 Information

 vSEC.CMS

4101

(HEX: 0x1005)

Application

Smart card locked

The time and details when a smart card is successfully locked.

 Information

 vSEC.CMS

4102

(HEX: 0x1006)

Application

Smart card unlocked

The time and details when a smart card is successfully unlocked.

 Information

 vSEC.CMS

4103

(HEX: 0x1007)

Application

Smart card revoked

The time and details when a smart card is successfully revoked.

 Information

 vSEC.CMS

4104

(HEX: 0x1008)

Application

Smart card retired

The time and details when a smart card is successfully retired.

 Information

 vSEC.CMS

4105

(HEX: 0x1009)

Application

Smart card deleted

The time and details when a smart card is successfully deleted.

 Information

 vSEC.CMS

4106

(HEX: 0x100a)

Application

Backup successfully performed

The time and details when a backup was successfully performed.

 Error

 vSEC.CMS

4107

(HEX: 0x100b)

Application

Backup failed

The time and details when a backup failed.

 Error

 vSEC.CMS

4108

(HEX: 0x100c)

Application

SQL server connect failed

The time and details when connection to SQL database failed.

 Error

 vSEC.CMS

4109

(HEX: 0x100d)

Application

Service API access ticket authentication failed

The time and details when service API ticket authentication fails.

 Error

 vSEC.CMS

4110

(HEX: 0x100e)

Application

Failed to initialize HSM connection

The configured HSM connection failed to initialize.

 Error

 vSEC.CMS

4111

(HEX: 0x100f)

Application

Request license from Issue Server failed

Error encountered when attempting to get license information from online licensing service.

 Error

 vSEC.CMS

4112

(HEX: 0x1010)

Application

Service failed to start

The core vSEC:CMS service failed to start.

 Information

 vSEC.CMS

4113

(HEX: 0x1011)

Application

Pending resource locks found in the database which has been removed

A pending resource lock was found in the database and has been removed.

 Error

 vSEC.CMS

5002

(HEX: 0x138a)

Application

A critical exception has been reported

The vSEC:CMS service crashed and a dump has been written to the Windows user account that the core service runs under here AppData\Local\Versasec\vSEC_CMS\Dumps.

 

Windows Events Captured for vSEC:CMS RSDM

The following events will be captured and written to the local Windows event viewer for the vSEC:CMS RSDM client component.

Level

Source

Event ID

Windows Logs

Message (as displayed in event viewer)

Description

Information 

vSEC.CMS.RSDM

256

(HEX: 0x100)

Application

Service started

The time that the RSDM service started.

Information

vSEC.CMS.RSDM

257

(HEX: 0x101)

Application

Service ended

The time that the RSDM service stopped.

Information

vSEC.CMS.RSDM

258

(HEX: 0x102)

Application

Service IPC listener started

The time that the service IPC (Inter Process Communication) listener started, which means that the RSDM component can now accept connections from other components, for example USS application.

Error

vSEC.CMS.RSDM

259

(HEX: 0x103)

Application

Service startup failed

The RSDM service failed to start.

Error

vSEC.CMS.RSDM

260

(HEX: 0x104)

Application

Service aborted

The RSDM service startup was aborted, for example, the service crashed for an unexpected reason.

Information

vSEC.CMS.RSDM

261

(HEX: 0x105)

Application

SOAP server connected

The time and URL that the RSDM SOAP service connected at when the service started for the first time.

Information

vSEC.CMS.RSDM

262

(HEX: 0x106)

Application

SOAP server reconnected

The time and URL that the RSDM SOAP service reconnected at when the client is reconnected, for example, the client was woken up from a sleep.

Information

vSEC.CMS.RSDM

263

(HEX: 0x107)

Application

SOAP server disconnected

The time and URL that the RSDM SOAP service disconnected at.

Information

vSEC.CMS.RSDM

264

(HEX: 0x108)

Application

Device successfully registered

The time and device ID when the device is registered.

Information

vSEC.CMS.RSDM

265

(HEX: 0x109)

Application

Device registration failed

The time and reason if the device registration fails.

Information

vSEC.CMS.RSDM

266

(HEX: 0x10a)

Application

Device not registered

The time if the device failed to register.

Information

vSEC.CMS.RSDM

267

(HEX: 0x10b)

Application

New IPC client connected

The time and details when an IPC (Inter Process Communication) client connects to RSDM service.

Information

vSEC.CMS.RSDM

268

(HEX: 0x10c)

Application

IPC client disconnected

The time and details when an IPC (Inter Process Communication) client disconnects from RSDM service.

Information

vSEC.CMS.RSDM

269

(HEX: 0x10d)

Application

Virtual smart card successfully created

The time that the virtual smart card was created at.

Information

vSEC.CMS.RSDM

270

(HEX: 0x10e)

Application

Failed to create virtual smart card

The time and reason if the virtual smart card failed to be created.

Information

vSEC.CMS.RSDM

271

(HEX: 0x10f)

Application

Virtual smart card successfully destroyed

The time when a virtual smart card was destroyed.

Information

vSEC.CMS.RSDM

272

(HEX: 0x110)

Application

Failed to destroy virtual smart card

The time and reason if the virtual smart card failed to be destroyed.

Information

vSEC.CMS.RSDM

273

(HEX: 0x111)

Application

New smart card issued

The time and details when a smart card is issued.

Information

vSEC.CMS.RSDM

274

(HEX: 0x112)

Application

Registry successfully modified

The time and details when the registry is changed on client when settings configured on the server side are sent, for example, switch local settings to disable enforce smart card logon.

Information

vSEC.CMS.RSDM

275

(HEX: 0x113)

Application

Registry failed to modify

The time and details when the registry failed to be changed on client when settings configured on the server side are sent, for example, switch local settings to disable enforce smart card logon.

Information

vSEC.CMS.RSDM

276

(HEX: 0x114)

Application

Virtual smart card PIN successfully invalidated

The time and details when the virtual smart card PIN got invalidated at. This is not implemented yet but present for future use.

Information

vSEC.CMS.RSDM

277

(HEX: 0x115)

Application

Failed to invalidate virtual smart card PIN

The time and details when the virtual smart card PIN failed to be invalidated. This is not implemented yet but present for future use.

Information

vSEC.CMS.RSDM

278

(HEX: 0x116)

Application

Message received

The time and details on message received from server-side (vSEC:CMS).

Information

vSEC.CMS.RSDM

279

(HEX: 0x117)

Application

Message sent

The time and details on message sent to server-side (vSEC:CMS).

Information

vSEC.CMS.RSDM

280

(HEX: 0x118)

Application

Message sent

The time and details on message sent to USS.

Error

vSEC.CMS.RSDM

281

(HEX: 0x119)

Application

Failed to send message

The time and details if the message sent to USS fails.

Information

vSEC.CMS.RSDM

282

(HEX: 0x11a)

Application

Message notify setting updated

The time and details on the notify settings that have been updated.

Information

vSEC.CMS.RSDM

283

(HEX: 0x11b)

Application

Broadcast listener started

The time that the broadcast listener started at.

Error

vSEC.CMS.RSDM

284

(HEX: 0x11c)

Application

Broadcast listener failed

The time that the broadcast listener failed to start at.

Information

vSEC.CMS.RSDM

285

(HEX: 0x11d)

Application

Broadcast listener stopped

The time that the broadcast listener was stopped at.

Information

vSEC.CMS.RSDM

286

(HEX: 0x11e)

Application

Broadcast packet received ok

The time that the broadcast packet was received.

Error

vSEC.CMS.RSDM

287

(HEX: 0x11f)

Application

Broadcast packet received failed

The time and details if the broadcast packet received cannot be interpreted correctly.

Error

vSEC.CMS.RSDM

288

(HEX: 0x120)

Application

An error occurred

The time and details if an RSDM system error occurred.

Error

vSEC.CMS.RSDM

289

(HEX: 0x121)

Application

UDP connection test failed

The time and details if UDP test connection fails.

Information

vSEC.CMS.RSDM

290

(HEX: 0x122)

Application

UDP test connection success

The time and details if UDP test connection is successful.

Error

vSEC.CMS.RSDM

291

(HEX: 0x123)

Application

Failed to retrieve UDP packet verify key

The time and details if the UDP packet verify key is not retrieved from the server side.

Information

vSEC.CMS.RSDM

292

(HEX: 0x124)

Application

Message notify polling started

The time and details when the polling mechanism starts.

Information

vSEC.CMS.RSDM

293

(HEX: 0x125)

Application

Message notify polling stopped

The time and details when the polling mechanism is stopped.

Information

vSEC.CMS.RSDM

294

(HEX: 0x126)

Application

Device info successfully updated

The time and details if the device information is successfully updated.

Error

vSEC.CMS.RSDM

295

(HEX: 0x127)

Application

Failed to update device info

The time and details if the device information fails to get updated.

Information

vSEC.CMS.RSDM

296

(HEX: 0x128)

Application

Session reconnected successfully

The time and details when the RSDM session is successfully reconnected.

Error

vSEC.CMS.RSDM

297

(HEX: 0x129)

Application

Failed to reconnect session

The time and details if the RSDM session fails to reconnected.

Information

vSEC.CMS.RSDM

298

(HEX: 0x12a)

Application

Message expired

The time and details if a message has expired.

Error

vSEC.CMS.RSDM

301

(HEX: 0x12d)

Application

Failed to determine if issuance is enabled

The time and details if failed to determine if issuance is enabled.

Information

vSEC.CMS.RSDM

302

(HEX: 0x12e)

Application

User enabled for issuance

The time and details if a user is enabled for issuance.

Error

vSEC.CMS.RSDM

303

(HEX: 0x12f)

Application

Failed to download message from server

The time and details if RSDM message fails to be downloaded from server side (vSEC:CMS).

Warning

vSEC.CMS.RSDM

304

(HEX: 0x130)

Application

User not enabled for issuance

The time and details if the user is not enabled for issuance.

 

Windows Events Captured for vSEC:CMS Virtual Smart Card (VSC)

The following events will be captured and written to the local Windows event viewer where the vSEC:CMS VSC is used.

Level

Source

Event ID

Windows Logs

Message (as displayed in event viewer)

Description

Information 

vSEC.CMS.VSC

256

(HEX: 0x100)

Application

Service starting

The time and details when the vSEC:CMS VSC service started.

Information

vSEC.CMS.VSC

257

(HEX: 0x101)

Application

Service ready

The time and details when the vSEC:CMS VSC service is ready.

Error

vSEC.CMS.VSC

258

(HEX: 0x102)

Application

Service failed to start

The time and details if the vSEC:CMS VSC service failed to start.

Information

vSEC.CMS.VSC

259

(HEX: 0x103)

Application

Service ended

The time and details when the vSEC:CMS VSC service stopped.

Error

vSEC.CMS.VSC

260

(HEX: 0x104)

Application

Service stopped unexcepted

The time and details when the vSEC:CMS VSC service stopped unexpectedly.

Information

vSEC.CMS.VSC

261

(HEX: 0x105)

Application

Success remove card from reader

The time and details if the VSC is removed from the virtual card reader.

Error

vSEC.CMS.VSC

262

(HEX: 0x106)

Application

Failed to remove card from reader

The time and details if the VSC fails to be removed from the virtual card reader.

Information

vSEC.CMS.VSC

263

(HEX: 0x107)

Application

Card inserted in reader

The time and details if the VSC is inserted into the virtual card reader.

Error

vSEC.CMS.VSC

264

(HEX: 0x108)

Application

Failed to insert card in reader

The time and details if the VSC fails to get inserted into the virtual card reader.

Error

vSEC.CMS.VSC

265

(HEX: 0x109)

Application

Card access

The time and details if there is an issue with accessing the VSC.

Warning

vSEC.CMS.VSC

266

(HEX: 0x110)

Application

PIN blocked

The time and details if the PIN is blocked for the VSC.

Error

vSEC.CMS.VSC

267

(HEX: 0x111)

Application

An internal error occurred

The time and details if an internal error occurs.

Error

vSEC.CMS.VSC

8193

(HEX: 0x2001)

Application

Crypto is unavailable

The time and details if the crypto engine is not available or throws unexpected errors.