Introduction
This article will describe the Windows events that are sent to the local Windows Event Viewer. This can be used to centrally capture operations and events carried out when an operator uses vSEC:CMS from the Admin or Agent applications. These event can then be sent to a syslog system, for example using a Splunk agent, for further analysis and reporting.
Additionally, Windows events for vSEC:CMS RSDM and vSEC:CMS Virtual Smart Card can be captured if you use these components on clients for issuing and managing Virtual Smart Cards.
Enable Events Capture
By default this feature is not available. Navigate to Options - Connections and click the Add button. Select External Trace and Ok. You should see something similar to below where the server where vSEC:CMS is installed is shown. Enable Send events checkbox. You may need to install event provider if it is not available on the server/client where you want events to be sent to. This button will then be enabled/available so you should click on the button in that case. Click Ok to save and close the configuration.
If you have additional clients where vSEC:CMS Admin or Agent consoles are running and you want to capture the events/operations carried out on them, then on these clients navigate to Options - Connections - External Trace and select the machine and click Add this computer. The events will then be sent to the local Windows Event Viewer.
Windows Events Captured for vSEC:CMS
The following events will be captured and written to the local Windows Event Viewer where the vSEC:CMS Console is running.
Level |
Source |
Event ID |
Windows Logs |
Message (as displayed in event viewer) |
Description |
Information |
vSEC.CMS |
256 (HEX: 0x100) |
Application |
Application started |
The time and details when the vSEC:CMS Console was started. |
Information |
vSEC.CMS |
257 (HEX: 0x101) |
Application |
Application ended |
The time and details when the vSEC:CMS Console was closed. |
Information |
vSEC.CMS |
258 (HEX: 0x102) |
Application |
New Operator created |
The time and details when a new Operator account is created. |
Information |
vSEC.CMS |
259 (HEX: 0x103) |
Application |
Operator deleted |
The time and details when an Operator account is deleted. |
Information |
vSEC.CMS |
260 (HEX: 0x104) |
Application |
Operator PIN changed |
The time and details when an Operator’s PIN is changed. |
Information |
vSEC.CMS |
261 (HEX: 0x105) |
Application |
Operator PIN unblocked |
The time and details when an Operator’s PIN is unblocked. |
Information |
vSEC.CMS |
262 (HEX: 0x106) |
Application |
Operator PIN blocked |
The time and details when an Operator’s PIN is blocked. |
Information |
vSEC.CMS |
263 (HEX: 0x107) |
Application |
Operator login |
The time and details when an Operator logged into the vSEC:CMS Console. |
Information |
vSEC.CMS |
264 (HEX: 0x108) |
Application |
Operator logout |
The time and details when an Operator logged off the vSEC:CMS Console. |
Information |
vSEC.CMS |
265 (HEX: 0x109) |
Application |
New operator service card created |
The time and details when an Operator Service Card (OSC) was created. |
Information |
vSEC.CMS |
266 (HEX: 0x10a) |
Application |
Operator service card deleted |
The time and details when an Operator Service Card (OSC) was deleted. |
Information |
vSEC.CMS |
267 (HEX: 0x10b) |
Application |
Failed to access operator service card |
The time and details if the Operator Service Card (OSC) could not be accessed. |
Information |
vSEC.CMS |
268 (HEX: 0x10c) |
Application |
Smart card user authenticated |
The time and details when a managed smart card is connected to the vSEC:CMS Console. |
Information |
vSEC.CMS |
269 (HEX: 0x10d) |
Application |
Smart card user logout |
The time and details when a managed smart card is disconnected from the vSEC:CMS Console. |
Error |
vSEC.CMS |
270 (HEX: 0x10e) |
Application |
Smart card user failed to authenticate |
The time and details when a managed smart card failed to authenticate to the vSEC:CMS Console. |
Error |
vSEC.CMS |
271 (HEX: 0x10f) |
Application |
Operator Service Key Store failed to initialize |
The time and details if the Operator Service Key Store (OSKS) fails to initialize. |
Information |
vSEC.CMS |
272 (HEX: 0x110) |
Application |
New operator Service Key Store created |
The time and details if an Operator Service Key Store (OSKS) is created. |
Information |
vSEC.CMS |
273 (HEX: 0x111) |
Application |
Operator Service Key Store deleted |
The time and details if an Operator Service Key Store (OSKS) is deleted. |
Information |
vSEC.CMS |
274 (HEX: 0x112) |
Application |
Operator authenticated |
The time and details when an operator successfully logs into the vSEC:CMS Console. |
Error |
vSEC.CMS |
275 (HEX: 0x113) |
Application |
Operator authentication failed |
The time and details when an operator fails to log into the vSEC:CMS Console. |
Error |
vSEC.CMS |
276 (HEX: 0x114) |
Application |
HSM failed to initialize |
The time and details if HSM fails to initialize. |
Information |
vSEC.CMS |
277 (HEX: 0x115) |
Application |
New master key on HSM added |
The time and details when new master key is created on HSM. |
Information |
vSEC.CMS |
278 (HEX: 0x116) |
Application |
Operator Service Key Store (HSM) deleted |
The time and details if Operator Service Key Store (OSKS) on HSM is deleted. |
Information |
vSEC.CMS |
279 (HEX: 0x117) |
Application |
New Tenant created |
The time and details if a new tenant is created. |
Information |
vSEC.CMS |
280 (HEX: 0x118) |
Application |
Tenant deleted |
The time and details if a tenant is deleted. |
Information |
vSEC.CMS |
281 (HEX: 0x119) |
Application |
Tenant deleted |
The time and details if a tenant is deleted. |
Information |
vSEC.CMS |
282 (HEX: 0x11a) |
Application |
Database migration successfully finished |
The time and details when database migration to SQL completes. |
Error |
vSEC.CMS |
283 (HEX: 0x11b) |
Application |
Database migration failed |
The time and details when database migration to SQL fails. |
Error |
vSEC.CMS |
284 (HEX: 0x11c) |
Application |
Database migration aborted |
The time and details if the migration to SQL database is aborted. |
Information |
vSEC.CMS |
4097 (HEX: 0x1001) |
Application |
Smart card issued |
The time and details when a smart card is successfully issued. |
Information |
vSEC.CMS |
4098 (HEX: 0x1002) |
Application |
Smart card initiated |
The time and details when a smart card is successfully initiated. |
Information |
vSEC.CMS |
4099 (HEX: 0x1003) |
Application |
Smart card inactivated |
The time and details when a smart card is successfully inactivated. |
Information |
vSEC.CMS |
4100 (HEX: 0x1004) |
Application |
Smart card activated |
The time and details when a smart card is successfully activated. |
Information |
vSEC.CMS |
4101 (HEX: 0x1005) |
Application |
Smart card locked |
The time and details when a smart card is successfully locked. |
Information |
vSEC.CMS |
4102 (HEX: 0x1006) |
Application |
Smart card unlocked |
The time and details when a smart card is successfully unlocked. |
Information |
vSEC.CMS |
4103 (HEX: 0x1007) |
Application |
Smart card revoked |
The time and details when a smart card is successfully revoked. |
Information |
vSEC.CMS |
4104 (HEX: 0x1008) |
Application |
Smart card retired |
The time and details when a smart card is successfully retired. |
Information |
vSEC.CMS |
4105 (HEX: 0x1009) |
Application |
Smart card deleted |
The time and details when a smart card is successfully deleted. |
Information |
vSEC.CMS |
4106 (HEX: 0x100a) |
Application |
Backup successfully performed |
The time and details when a backup was successfully performed. |
Error |
vSEC.CMS |
4107 (HEX: 0x100b) |
Application |
Backup failed |
The time and details when a backup failed. |
Error |
vSEC.CMS |
4108 (HEX: 0x100c) |
Application |
SQL server connect failed |
The time and details when connection to SQL database failed. |
Error |
vSEC.CMS |
4109 (HEX: 0x100d) |
Application |
Service API access ticket authentication failed |
The time and details when service API ticket authentication fails. |
Error |
vSEC.CMS |
4110 (HEX: 0x100e) |
Application |
Failed to initialize HSM connection |
The configured HSM connection failed to initialize. |
Error |
vSEC.CMS |
4111 (HEX: 0x100f) |
Application |
Request license from Issue Server failed |
Error encountered when attempting to get license information from online licensing service. |
Error |
vSEC.CMS |
4112 (HEX: 0x1010) |
Application |
Service failed to start |
The core vSEC:CMS service failed to start. |
Information |
vSEC.CMS |
4113 (HEX: 0x1011) |
Application |
Pending resource locks found in the database which has been removed |
A pending resource lock was found in the database and has been removed. |
Error |
vSEC.CMS |
5002 (HEX: 0x138a) |
Application |
A critical exception has been reported |
The vSEC:CMS service crashed and a dump has been written to the Windows user account that the core service runs under here AppData\Local\Versasec\vSEC_CMS\Dumps. |
Windows Events Captured for vSEC:CMS RSDM
The following events will be captured and written to the local Windows event viewer for the vSEC:CMS RSDM client component.
Level |
Source |
Event ID |
Windows Logs |
Message (as displayed in event viewer) |
Description |
Information |
vSEC.CMS.RSDM |
256 (HEX: 0x100) |
Application |
Service started |
The time that the RSDM service started. |
Information |
vSEC.CMS.RSDM |
257 (HEX: 0x101) |
Application |
Service ended |
The time that the RSDM service stopped. |
Information |
vSEC.CMS.RSDM |
258 (HEX: 0x102) |
Application |
Service IPC listener started |
The time that the service IPC (Inter Process Communication) listener started, which means that the RSDM component can now accept connections from other components, for example USS application. |
Error |
vSEC.CMS.RSDM |
259 (HEX: 0x103) |
Application |
Service startup failed |
The RSDM service failed to start. |
Error |
vSEC.CMS.RSDM |
260 (HEX: 0x104) |
Application |
Service aborted |
The RSDM service startup was aborted, for example, the service crashed for an unexpected reason. |
Information |
vSEC.CMS.RSDM |
261 (HEX: 0x105) |
Application |
SOAP server connected |
The time and URL that the RSDM SOAP service connected at when the service started for the first time. |
Information |
vSEC.CMS.RSDM |
262 (HEX: 0x106) |
Application |
SOAP server reconnected |
The time and URL that the RSDM SOAP service reconnected at when the client is reconnected, for example, the client was woken up from a sleep. |
Information |
vSEC.CMS.RSDM |
263 (HEX: 0x107) |
Application |
SOAP server disconnected |
The time and URL that the RSDM SOAP service disconnected at. |
Information |
vSEC.CMS.RSDM |
264 (HEX: 0x108) |
Application |
Device successfully registered |
The time and device ID when the device is registered. |
Information |
vSEC.CMS.RSDM |
265 (HEX: 0x109) |
Application |
Device registration failed |
The time and reason if the device registration fails. |
Information |
vSEC.CMS.RSDM |
266 (HEX: 0x10a) |
Application |
Device not registered |
The time if the device failed to register. |
Information |
vSEC.CMS.RSDM |
267 (HEX: 0x10b) |
Application |
New IPC client connected |
The time and details when an IPC (Inter Process Communication) client connects to RSDM service. |
Information |
vSEC.CMS.RSDM |
268 (HEX: 0x10c) |
Application |
IPC client disconnected |
The time and details when an IPC (Inter Process Communication) client disconnects from RSDM service. |
Information |
vSEC.CMS.RSDM |
269 (HEX: 0x10d) |
Application |
Virtual smart card successfully created |
The time that the virtual smart card was created at. |
Information |
vSEC.CMS.RSDM |
270 (HEX: 0x10e) |
Application |
Failed to create virtual smart card |
The time and reason if the virtual smart card failed to be created. |
Information |
vSEC.CMS.RSDM |
271 (HEX: 0x10f) |
Application |
Virtual smart card successfully destroyed |
The time when a virtual smart card was destroyed. |
Information |
vSEC.CMS.RSDM |
272 (HEX: 0x110) |
Application |
Failed to destroy virtual smart card |
The time and reason if the virtual smart card failed to be destroyed. |
Information |
vSEC.CMS.RSDM |
273 (HEX: 0x111) |
Application |
New smart card issued |
The time and details when a smart card is issued. |
Information |
vSEC.CMS.RSDM |
274 (HEX: 0x112) |
Application |
Registry successfully modified |
The time and details when the registry is changed on client when settings configured on the server side are sent, for example, switch local settings to disable enforce smart card logon. |
Information |
vSEC.CMS.RSDM |
275 (HEX: 0x113) |
Application |
Registry failed to modify |
The time and details when the registry failed to be changed on client when settings configured on the server side are sent, for example, switch local settings to disable enforce smart card logon. |
Information |
vSEC.CMS.RSDM |
276 (HEX: 0x114) |
Application |
Virtual smart card PIN successfully invalidated |
The time and details when the virtual smart card PIN got invalidated at. This is not implemented yet but present for future use. |
Information |
vSEC.CMS.RSDM |
277 (HEX: 0x115) |
Application |
Failed to invalidate virtual smart card PIN |
The time and details when the virtual smart card PIN failed to be invalidated. This is not implemented yet but present for future use. |
Information |
vSEC.CMS.RSDM |
278 (HEX: 0x116) |
Application |
Message received |
The time and details on message received from server-side (vSEC:CMS). |
Information |
vSEC.CMS.RSDM |
279 (HEX: 0x117) |
Application |
Message sent |
The time and details on message sent to server-side (vSEC:CMS). |
Information |
vSEC.CMS.RSDM |
280 (HEX: 0x118) |
Application |
Message sent |
The time and details on message sent to USS. |
Error |
vSEC.CMS.RSDM |
281 (HEX: 0x119) |
Application |
Failed to send message |
The time and details if the message sent to USS fails. |
Information |
vSEC.CMS.RSDM |
282 (HEX: 0x11a) |
Application |
Message notify setting updated |
The time and details on the notify settings that have been updated. |
Information |
vSEC.CMS.RSDM |
283 (HEX: 0x11b) |
Application |
Broadcast listener started |
The time that the broadcast listener started at. |
Error |
vSEC.CMS.RSDM |
284 (HEX: 0x11c) |
Application |
Broadcast listener failed |
The time that the broadcast listener failed to start at. |
Information |
vSEC.CMS.RSDM |
285 (HEX: 0x11d) |
Application |
Broadcast listener stopped |
The time that the broadcast listener was stopped at. |
Information |
vSEC.CMS.RSDM |
286 (HEX: 0x11e) |
Application |
Broadcast packet received ok |
The time that the broadcast packet was received. |
Error |
vSEC.CMS.RSDM |
287 (HEX: 0x11f) |
Application |
Broadcast packet received failed |
The time and details if the broadcast packet received cannot be interpreted correctly. |
Error |
vSEC.CMS.RSDM |
288 (HEX: 0x120) |
Application |
An error occurred |
The time and details if an RSDM system error occurred. |
Error |
vSEC.CMS.RSDM |
289 (HEX: 0x121) |
Application |
UDP connection test failed |
The time and details if UDP test connection fails. |
Information |
vSEC.CMS.RSDM |
290 (HEX: 0x122) |
Application |
UDP test connection success |
The time and details if UDP test connection is successful. |
Error |
vSEC.CMS.RSDM |
291 (HEX: 0x123) |
Application |
Failed to retrieve UDP packet verify key |
The time and details if the UDP packet verify key is not retrieved from the server side. |
Information |
vSEC.CMS.RSDM |
292 (HEX: 0x124) |
Application |
Message notify polling started |
The time and details when the polling mechanism starts. |
Information |
vSEC.CMS.RSDM |
293 (HEX: 0x125) |
Application |
Message notify polling stopped |
The time and details when the polling mechanism is stopped. |
Information |
vSEC.CMS.RSDM |
294 (HEX: 0x126) |
Application |
Device info successfully updated |
The time and details if the device information is successfully updated. |
Error |
vSEC.CMS.RSDM |
295 (HEX: 0x127) |
Application |
Failed to update device info |
The time and details if the device information fails to get updated. |
Information |
vSEC.CMS.RSDM |
296 (HEX: 0x128) |
Application |
Session reconnected successfully |
The time and details when the RSDM session is successfully reconnected. |
Error |
vSEC.CMS.RSDM |
297 (HEX: 0x129) |
Application |
Failed to reconnect session |
The time and details if the RSDM session fails to reconnected. |
Information |
vSEC.CMS.RSDM |
298 (HEX: 0x12a) |
Application |
Message expired |
The time and details if a message has expired. |
Error |
vSEC.CMS.RSDM |
301 (HEX: 0x12d) |
Application |
Failed to determine if issuance is enabled |
The time and details if failed to determine if issuance is enabled. |
Information |
vSEC.CMS.RSDM |
302 (HEX: 0x12e) |
Application |
User enabled for issuance |
The time and details if a user is enabled for issuance. |
Error |
vSEC.CMS.RSDM |
303 (HEX: 0x12f) |
Application |
Failed to download message from server |
The time and details if RSDM message fails to be downloaded from server side (vSEC:CMS). |
Warning |
vSEC.CMS.RSDM |
304 (HEX: 0x130) |
Application |
User not enabled for issuance |
The time and details if the user is not enabled for issuance. |
Windows Events Captured for vSEC:CMS Virtual Smart Card (VSC)
The following events will be captured and written to the local Windows event viewer where the vSEC:CMS VSC is used.
Level |
Source |
Event ID |
Windows Logs |
Message (as displayed in event viewer) |
Description |
Information |
vSEC.CMS.VSC |
256 (HEX: 0x100) |
Application |
Service starting |
The time and details when the vSEC:CMS VSC service started. |
Information |
vSEC.CMS.VSC |
257 (HEX: 0x101) |
Application |
Service ready |
The time and details when the vSEC:CMS VSC service is ready. |
Error |
vSEC.CMS.VSC |
258 (HEX: 0x102) |
Application |
Service failed to start |
The time and details if the vSEC:CMS VSC service failed to start. |
Information |
vSEC.CMS.VSC |
259 (HEX: 0x103) |
Application |
Service ended |
The time and details when the vSEC:CMS VSC service stopped. |
Error |
vSEC.CMS.VSC |
260 (HEX: 0x104) |
Application |
Service stopped unexcepted |
The time and details when the vSEC:CMS VSC service stopped unexpectedly. |
Information |
vSEC.CMS.VSC |
261 (HEX: 0x105) |
Application |
Success remove card from reader |
The time and details if the VSC is removed from the virtual card reader. |
Error |
vSEC.CMS.VSC |
262 (HEX: 0x106) |
Application |
Failed to remove card from reader |
The time and details if the VSC fails to be removed from the virtual card reader. |
Information |
vSEC.CMS.VSC |
263 (HEX: 0x107) |
Application |
Card inserted in reader |
The time and details if the VSC is inserted into the virtual card reader. |
Error |
vSEC.CMS.VSC |
264 (HEX: 0x108) |
Application |
Failed to insert card in reader |
The time and details if the VSC fails to get inserted into the virtual card reader. |
Error |
vSEC.CMS.VSC |
265 (HEX: 0x109) |
Application |
Card access |
The time and details if there is an issue with accessing the VSC. |
Warning |
vSEC.CMS.VSC |
266 (HEX: 0x110) |
Application |
PIN blocked |
The time and details if the PIN is blocked for the VSC. |
Error |
vSEC.CMS.VSC |
267 (HEX: 0x111) |
Application |
An internal error occurred |
The time and details if an internal error occurs. |
Error |
vSEC.CMS.VSC |
8193 (HEX: 0x2001) |
Application |
Crypto is unavailable |
The time and details if the crypto engine is not available or throws unexpected errors. |