Logging
Logging is primarily done to event.log and server.log.
- Event.log contains server events like startup, deployment, user authentication and more.
- Server.log contains system information used when troubleshooting, more information below.
What information is written to the log will depend on the information available in the authenticators and the communication. See example from event.log below.
Recommendations:
- Log-level should be set to INFO. Change temporarily if needed during troubleshooting. (Set to DEBUG only for packages needed to be debugged) More information:
- Set logging retention according to company policy and recommendations.
More information: - Send event logs to SIEM (if siem exist at customer).
More information:
Examples from event.log (version 4.0.4 of PAS):
2021-05-20 10:09:27,628 [EVENT] #nbM7pfPmuYxK77gs INFO: 2021-05-20T10:09:27+02:00 PAS1 CEF:0|PhenixID|PAS|4.0.4|EVT_001020|OTP delivery success|2|dst=+461234567890 duser=jdoe phenixIDIdentifier=smsaccount proto=PhenixID<space>SMS
2021-05-20 10:09:36,130 [EVENT] #uzcA4yfqir81cJjp.nbM7pfPmuYxK77gs INFO: 2021-05-20T10:09:36+02:00 PAS1 CEF:0|PhenixID|PAS|4.0.4|EVT_001022|User authentication success with username, password & OTP|2|duser=jdoe phenixIDTraceId=#uzcA4yfqir81cJjp.nbM7pfPmuYxK77gs proto=RADIUS src=192.168.10.234
2021-05-20 14:20:59,299 [EVENT] INFO: 2021-05-20T14:20:59+02:00 PAS1 CEF:0|PhenixID|PAS|4.0.4|EVT_001020|OTP delivery success|2|dst=+461234567890 duser=jdoe phenixIDIdentifier=smsaccount proto=PhenixID<space>SMS
2021-05-20 14:21:07,221 [EVENT] INFO: 2021-05-20T14:21:07+02:00 PAS1 CEF:0|PhenixID|PAS|4.0.4|EVT_001018|Provided OTP was correct|2|duser=jdoe
2021-05-20 14:21:07,377 [EVENT] INFO: 2021-05-20T14:21:07+02:00 PAS1 CEF:0|PhenixID|PAS|4.0.4|EVT_001022|User authentication success with username, password & OTP|2|destinationServiceName=myapps duser=jdoe phenixIDTraceId=#Z1c4OKhuN8DOHGa3 src=0:0:0:0:0:0:0:1
2021-05-20 14:21:09,498 [EVENT] INFO: 2021-05-20T14:21:09+02:00 PAS1 CEF:0|PhenixID|PAS|4.0.4|EVT_003105|User authentication success|2|destinationServiceName=myapps duser=jdoe phenixIDTraceId=#URj39fm2zKMSBfNV src=0:0:0:0:0:0:0:1