Introduction
This article will describe the Windows events that are sent to the local Windows Event Viewer. This can be used to centrally capture operations and events carried out when an operator uses vSEC:CMS from the Admin or Agent applications. These event can then be sent to a syslog system, for example using a Splunk agent, for further analysis and reporting.
Additionally, Windows events for vSEC:CMS RSDM and vSEC:CMS Virtual Credential can be captured if you use these components on clients for issuing and managing Virtual Credentials.
Windows Events Captured for vSEC:CMS
The following events will be captured and written to the local Windows Event Viewer where the vSEC:CMS Console is running.
Level |
Source |
Event ID |
Windows Logs |
Message (as displayed in event viewer) |
Description |
Information |
vSEC.CMS |
256 (HEX: 0x100) |
Application |
Application started |
The time and details when the vSEC:CMS Console was started. |
Information |
vSEC.CMS |
257 (HEX: 0x101) |
Application |
Application ended |
The time and details when the vSEC:CMS Console was closed. |
Information |
vSEC.CMS |
258 (HEX: 0x102) |
Application |
New Operator created |
The time and details when a new Operator account is created. |
Information |
vSEC.CMS |
259 (HEX: 0x103) |
Application |
Operator deleted |
The time and details when an Operator account is deleted. |
Information |
vSEC.CMS |
260 (HEX: 0x104) |
Application |
Operator PIN changed |
The time and details when an Operator’s PIN is changed. |
Information |
vSEC.CMS |
261 (HEX: 0x105) |
Application |
Operator PIN unblocked |
The time and details when an Operator’s PIN is unblocked. |
Information |
vSEC.CMS |
262 (HEX: 0x106) |
Application |
Operator PIN blocked |
The time and details when an Operator’s PIN is blocked. |
Information |
vSEC.CMS |
263 (HEX: 0x107) |
Application |
Operator login |
The time and details when an Operator logged into the vSEC:CMS Console. |
Information |
vSEC.CMS |
264 (HEX: 0x108) |
Application |
Operator logout |
The time and details when an Operator logged off the vSEC:CMS Console. |
Information |
vSEC.CMS |
265 (HEX: 0x109) |
Application |
New operator service credential created |
The time and details when an Operator Service Credential (OSC) was created. |
Information |
vSEC.CMS |
266 (HEX: 0x10a) |
Application |
Operator service credential deleted |
The time and details when an Operator Service Credential (OSC) was deleted. |
Information |
vSEC.CMS |
267 (HEX: 0x10b) |
Application |
Failed to access operator service credential |
The time and details if the Operator Service Credential (OSC) could not be accessed. |
Information |
vSEC.CMS |
268 (HEX: 0x10c) |
Application |
Credential user authenticated |
The time and details when a managed credential is connected to the vSEC:CMS Console. |
Information |
vSEC.CMS |
269 (HEX: 0x10d) |
Application |
Credential user logout |
The time and details when a managed credential is disconnected from the vSEC:CMS Console. |
Error |
vSEC.CMS |
270 (HEX: 0x10e) |
Application |
Credential user failed to authenticate |
The time and details when a managed credential failed to authenticate to the vSEC:CMS Console. |
Error |
vSEC.CMS |
271 (HEX: 0x10f) |
Application |
Operator Service Key Store failed to initialize |
The time and details if the Operator Service Key Store (OSKS) fails to initialize. |
Information |
vSEC.CMS |
272 (HEX: 0x110) |
Application |
New operator Service Key Store created |
The time and details if an Operator Service Key Store (OSKS) is created. |
Information |
vSEC.CMS |
273 (HEX: 0x111) |
Application |
Operator Service Key Store deleted |
The time and details if an Operator Service Key Store (OSKS) is deleted. |
Information |
vSEC.CMS |
274 (HEX: 0x112) |
Application |
Operator authenticated |
The time and details when an operator successfully logs into the vSEC:CMS Console. |
Error |
vSEC.CMS |
275 (HEX: 0x113) |
Application |
Operator authentication failed |
The time and details when an operator fails to log into the vSEC:CMS Console. |
Error |
vSEC.CMS |
276 (HEX: 0x114) |
Application |
HSM failed to initialize |
The time and details if HSM fails to initialize. |
Information |
vSEC.CMS |
277 (HEX: 0x115) |
Application |
New master key on HSM added |
The time and details when new master key is created on HSM. |
Information |
vSEC.CMS |
278 (HEX: 0x116) |
Application |
Operator Service Key Store (HSM) deleted |
The time and details if Operator Service Key Store (OSKS) on HSM is deleted. |
Information |
vSEC.CMS |
279 (HEX: 0x117) |
Application |
New Tenant created |
The time and details if a new tenant is created. |
Information |
vSEC.CMS |
280 (HEX: 0x118) |
Application |
Tenant deleted |
The time and details if a tenant is deleted. |
Information |
vSEC.CMS |
281 (HEX: 0x119) |
Application |
Tenant deleted |
The time and details if a tenant is deleted. |
Information |
vSEC.CMS |
282 (HEX: 0x11a) |
Application |
Database migration successfully finished |
The time and details when database migration to SQL completes. |
Error |
vSEC.CMS |
283 (HEX: 0x11b) |
Application |
Database migration failed |
The time and details when database migration to SQL fails. |
Error |
vSEC.CMS |
284 (HEX: 0x11c) |
Application |
Database migration aborted |
The time and details if the migration to SQL database is aborted. |
Information |
vSEC.CMS |
4097 (HEX: 0x1001) |
Application |
Credential issued |
The time and details when a credential is successfully issued. |
Information |
vSEC.CMS |
4098 (HEX: 0x1002) |
Application |
Credential initiated |
The time and details when a credential is successfully initiated. |
Information |
vSEC.CMS |
4099 (HEX: 0x1003) |
Application |
Credential inactivated |
The time and details when a credential is successfully inactivated. |
Information |
vSEC.CMS |
4100 (HEX: 0x1004) |
Application |
Credential activated |
The time and details when a credential is successfully activated. |
Information |
vSEC.CMS |
4101 (HEX: 0x1005) |
Application |
Credential locked |
The time and details when a credential is successfully locked. |
Information |
vSEC.CMS |
4102 (HEX: 0x1006) |
Application |
Credential unlocked |
The time and details when a credential is successfully unlocked. |
Information |
vSEC.CMS |
4103 (HEX: 0x1007) |
Application |
Credential revoked |
The time and details when a credential is successfully revoked. |
Information |
vSEC.CMS |
4104 (HEX: 0x1008) |
Application |
Credential retired |
The time and details when a credential is successfully retired. |
Information |
vSEC.CMS |
4105 (HEX: 0x1009) |
Application |
Credential deleted |
The time and details when a credential is successfully deleted. |
Information |
vSEC.CMS |
4106 (HEX: 0x100a) |
Application |
Backup successfully performed |
The time and details when a backup was successfully performed. |
Error |
vSEC.CMS |
4107 (HEX: 0x100b) |
Application |
Backup failed |
The time and details when a backup failed. |
Error |
vSEC.CMS |
4108 (HEX: 0x100c) |
Application |
SQL server connect failed |
The time and details when connection to SQL database failed. |
Error |
vSEC.CMS |
4109 (HEX: 0x100d) |
Application |
Service API access ticket authentication failed |
The time and details when service API ticket authentication fails. |
Error |
vSEC.CMS |
4110 (HEX: 0x100e) |
Application |
Failed to initialize HSM connection |
The configured HSM connection failed to initialize. |
Error |
vSEC.CMS |
4111 (HEX: 0x100f) |
Application |
Request license from Issue Server failed |
Error encountered when attempting to get license information from online licensing service. |
Error |
vSEC.CMS |
4112 (HEX: 0x1010) |
Application |
Service failed to start |
The core vSEC:CMS service failed to start. |
Information |
vSEC.CMS |
4113 (HEX: 0x1011) |
Application |
Pending resource locks found in the database which has been removed |
A pending resource lock was found in the database and has been removed. |
Error |
vSEC.CMS |
5002 (HEX: 0x138a) |
Application |
A critical exception has been reported |
The vSEC:CMS service crashed and a dump has been written to the Windows user account that the core service runs under here AppData\Local\Versasec\vSEC_CMS\Dumps. |
Windows Events Captured for vSEC:CMS RSDM
The following events will be captured and written to the local Windows event viewer for the vSEC:CMS RSDM client component.
Level |
Source |
Event ID |
Windows Logs |
Message (as displayed in event viewer) |
Description |
Information |
vSEC.CMS.RSDM |
256 (HEX: 0x100) |
Application |
Service started |
The time that the RSDM service started. |
Information |
vSEC.CMS.RSDM |
257 (HEX: 0x101) |
Application |
Service ended |
The time that the RSDM service stopped. |
Information |
vSEC.CMS.RSDM |
258 (HEX: 0x102) |
Application |
Service IPC listener started |
The time that the service IPC (Inter Process Communication) listener started, which means that the RSDM component can now accept connections from other components, for example USS application. |
Error |
vSEC.CMS.RSDM |
259 (HEX: 0x103) |
Application |
Service startup failed |
The RSDM service failed to start. |
Error |
vSEC.CMS.RSDM |
260 (HEX: 0x104) |
Application |
Service aborted |
The RSDM service startup was aborted, for example, the service crashed for an unexpected reason. |
Information |
vSEC.CMS.RSDM |
261 (HEX: 0x105) |
Application |
SOAP server connected |
The time and URL that the RSDM SOAP service connected at when the service started for the first time. |
Information |
vSEC.CMS.RSDM |
262 (HEX: 0x106) |
Application |
SOAP server reconnected |
The time and URL that the RSDM SOAP service reconnected at when the client is reconnected, for example, the client was woken up from a sleep. |
Information |
vSEC.CMS.RSDM |
263 (HEX: 0x107) |
Application |
SOAP server disconnected |
The time and URL that the RSDM SOAP service disconnected at. |
Information |
vSEC.CMS.RSDM |
264 (HEX: 0x108) |
Application |
Device successfully registered |
The time and device ID when the device is registered. |
Information |
vSEC.CMS.RSDM |
265 (HEX: 0x109) |
Application |
Device registration failed |
The time and reason if the device registration fails. |
Information |
vSEC.CMS.RSDM |
266 (HEX: 0x10a) |
Application |
Device not registered |
The time if the device failed to register. |
Information |
vSEC.CMS.RSDM |
267 (HEX: 0x10b) |
Application |
New IPC client connected |
The time and details when an IPC (Inter Process Communication) client connects to RSDM service. |
Information |
vSEC.CMS.RSDM |
268 (HEX: 0x10c) |
Application |
IPC client disconnected |
The time and details when an IPC (Inter Process Communication) client disconnects from RSDM service. |
Information |
vSEC.CMS.RSDM |
269 (HEX: 0x10d) |
Application |
Virtual credential successfully created |
The time that the virtual credential was created at. |
Information |
vSEC.CMS.RSDM |
270 (HEX: 0x10e) |
Application |
Failed to create virtual credential |
The time and reason if the virtual credential failed to be created. |
Information |
vSEC.CMS.RSDM |
271 (HEX: 0x10f) |
Application |
Virtual credential successfully destroyed |
The time when a virtual credential was destroyed. |
Information |
vSEC.CMS.RSDM |
272 (HEX: 0x110) |
Application |
Failed to destroy virtual credential |
The time and reason if the virtual credential failed to be destroyed. |
Information |
vSEC.CMS.RSDM |
273 (HEX: 0x111) |
Application |
New credential issued |
The time and details when a credential is issued. |
Information |
vSEC.CMS.RSDM |
274 (HEX: 0x112) |
Application |
Registry successfully modified |
The time and details when the registry is changed on client when settings configured on the server side are sent, for example, switch local settings to disable enforce credential logon. |
Information |
vSEC.CMS.RSDM |
275 (HEX: 0x113) |
Application |
Registry failed to modify |
The time and details when the registry failed to be changed on client when settings configured on the server side are sent, for example, switch local settings to disable enforce credential logon. |
Information |
vSEC.CMS.RSDM |
276 (HEX: 0x114) |
Application |
Virtual credential PIN successfully invalidated |
The time and details when the virtual credential PIN got invalidated at. This is not implemented yet but present for future use. |
Information |
vSEC.CMS.RSDM |
277 (HEX: 0x115) |
Application |
Failed to invalidate virtual credential PIN |
The time and details when the virtual credential PIN failed to be invalidated. This is not implemented yet but present for future use. |
Information |
vSEC.CMS.RSDM |
278 (HEX: 0x116) |
Application |
Message received |
The time and details on message received from server-side (vSEC:CMS). |
Information |
vSEC.CMS.RSDM |
279 (HEX: 0x117) |
Application |
Message sent |
The time and details on message sent to server-side (vSEC:CMS). |
Information |
vSEC.CMS.RSDM |
280 (HEX: 0x118) |
Application |
Message sent |
The time and details on message sent to USS. |
Error |
vSEC.CMS.RSDM |
281 (HEX: 0x119) |
Application |
Failed to send message |
The time and details if the message sent to USS fails. |
Information |
vSEC.CMS.RSDM |
282 (HEX: 0x11a) |
Application |
Message notify setting updated |
The time and details on the notify settings that have been updated. |
Information |
vSEC.CMS.RSDM |
283 (HEX: 0x11b) |
Application |
Broadcast listener started |
The time that the broadcast listener started at. |
Error |
vSEC.CMS.RSDM |
284 (HEX: 0x11c) |
Application |
Broadcast listener failed |
The time that the broadcast listener failed to start at. |
Information |
vSEC.CMS.RSDM |
285 (HEX: 0x11d) |
Application |
Broadcast listener stopped |
The time that the broadcast listener was stopped at. |
Information |
vSEC.CMS.RSDM |
286 (HEX: 0x11e) |
Application |
Broadcast packet received ok |
The time that the broadcast packet was received. |
Error |
vSEC.CMS.RSDM |
287 (HEX: 0x11f) |
Application |
Broadcast packet received failed |
The time and details if the broadcast packet received cannot be interpreted correctly. |
Error |
vSEC.CMS.RSDM |
288 (HEX: 0x120) |
Application |
An error occurred |
The time and details if an RSDM system error occurred. |
Error |
vSEC.CMS.RSDM |
289 (HEX: 0x121) |
Application |
UDP connection test failed |
The time and details if UDP test connection fails. |
Information |
vSEC.CMS.RSDM |
290 (HEX: 0x122) |
Application |
UDP test connection success |
The time and details if UDP test connection is successful. |
Error |
vSEC.CMS.RSDM |
291 (HEX: 0x123) |
Application |
Failed to retrieve UDP packet verify key |
The time and details if the UDP packet verify key is not retrieved from the server side. |
Information |
vSEC.CMS.RSDM |
292 (HEX: 0x124) |
Application |
Message notify polling started |
The time and details when the polling mechanism starts. |
Information |
vSEC.CMS.RSDM |
293 (HEX: 0x125) |
Application |
Message notify polling stopped |
The time and details when the polling mechanism is stopped. |
Information |
vSEC.CMS.RSDM |
294 (HEX: 0x126) |
Application |
Device info successfully updated |
The time and details if the device information is successfully updated. |
Error |
vSEC.CMS.RSDM |
295 (HEX: 0x127) |
Application |
Failed to update device info |
The time and details if the device information fails to get updated. |
Information |
vSEC.CMS.RSDM |
296 (HEX: 0x128) |
Application |
Session reconnected successfully |
The time and details when the RSDM session is successfully reconnected. |
Error |
vSEC.CMS.RSDM |
297 (HEX: 0x129) |
Application |
Failed to reconnect session |
The time and details if the RSDM session fails to reconnected. |
Information |
vSEC.CMS.RSDM |
298 (HEX: 0x12a) |
Application |
Message expired |
The time and details if a message has expired. |
Error |
vSEC.CMS.RSDM |
301 (HEX: 0x12d) |
Application |
Failed to determine if issuance is enabled |
The time and details if failed to determine if issuance is enabled. |
Information |
vSEC.CMS.RSDM |
302 (HEX: 0x12e) |
Application |
User enabled for issuance |
The time and details if a user is enabled for issuance. |
Error |
vSEC.CMS.RSDM |
303 (HEX: 0x12f) |
Application |
Failed to download message from server |
The time and details if RSDM message fails to be downloaded from server side (vSEC:CMS). |
Warning |
vSEC.CMS.RSDM |
304 (HEX: 0x130) |
Application |
User not enabled for issuance |
The time and details if the user is not enabled for issuance. |
Windows Events Captured for vSEC:CMS Virtual Credential (VSC)
The following events will be captured and written to the local Windows event viewer where the vSEC:CMS VSC is used.
Level |
Source |
Event ID |
Windows Logs |
Message (as displayed in event viewer) |
Description |
Information |
vSEC.CMS.VSC |
256 (HEX: 0x100) |
Application |
Service starting |
The time and details when the vSEC:CMS VSC service started. |
Information |
vSEC.CMS.VSC |
257 (HEX: 0x101) |
Application |
Service ready |
The time and details when the vSEC:CMS VSC service is ready. |
Error |
vSEC.CMS.VSC |
258 (HEX: 0x102) |
Application |
Service failed to start |
The time and details if the vSEC:CMS VSC service failed to start. |
Information |
vSEC.CMS.VSC |
259 (HEX: 0x103) |
Application |
Service ended |
The time and details when the vSEC:CMS VSC service stopped. |
Error |
vSEC.CMS.VSC |
260 (HEX: 0x104) |
Application |
Service stopped unexcepted |
The time and details when the vSEC:CMS VSC service stopped unexpectedly. |
Information |
vSEC.CMS.VSC |
261 (HEX: 0x105) |
Application |
Success remove credential from reader |
The time and details if the VSC is removed from the virtual credential reader. |
Error |
vSEC.CMS.VSC |
262 (HEX: 0x106) |
Application |
Failed to remove credential from reader |
The time and details if the VSC fails to be removed from the virtual credential reader. |
Information |
vSEC.CMS.VSC |
263 (HEX: 0x107) |
Application |
Credential inserted in reader |
The time and details if the VSC is inserted into the virtual credential reader. |
Error |
vSEC.CMS.VSC |
264 (HEX: 0x108) |
Application |
Failed to insert credential in reader |
The time and details if the VSC fails to get inserted into the virtual credential reader. |
Error |
vSEC.CMS.VSC |
265 (HEX: 0x109) |
Application |
Credential access |
The time and details if there is an issue with accessing the VSC. |
Warning |
vSEC.CMS.VSC |
266 (HEX: 0x110) |
Application |
PIN blocked |
The time and details if the PIN is blocked for the VSC. |
Error |
vSEC.CMS.VSC |
267 (HEX: 0x111) |
Application |
An internal error occurred |
The time and details if an internal error occurs. |
Error |
vSEC.CMS.VSC |
8193 (HEX: 0x2001) |
Application |
Crypto is unavailable |
The time and details if the crypto engine is not available or throws unexpected errors. |