Environment
Novell SecureLogin
NSL 7.x
NetIQ SecureLogin
NSL8.x
NSL 7.x
NetIQ SecureLogin
NSL8.x
Situation
Which SecureLogin events can be captured in a Windows event log?
What NSL events can be logged through Windows event logging?
What NSL events can be logged through Windows event logging?
Resolution
The following SecureLogin events can be captured in Windows log events.
Event ID / Description
1. Novell SecureLogin user (%1) has logged in.
2. Novell SecureLogin user (%1) has changed the LDAP password.
3. Workstation has been unlocked by a user (%1) different from the one who had originally logged in.
4. The session for (%1) has timed out due to inactivity.
5. Device removal policy has been triggered for (%1).
6. Manual lock has been triggered for (%1).
256. Application [APPLICATION: my_application] started by user [USERNAME: my_user] from system [SYSTEM: my_system]
257. Application [APPLICATION: my_application] stopped by user [USERNAME: my_user] from system [SYSTEM: my_system]
258. Application [APPLICATION: my_application] enabled by user [USERNAME: my_user] from system [SYSTEM: my_system]
259. Application [APPLICATION: my_application] disabled by user [USERNAME: my_user] from system [SYSTEM: my_system]
260. System [SYSTEM: my_system] didn't have [GPO: %4] at [APPLICATION: my_application] start
261. SSO to application [APPLICATION: my_application] successful by user [USERNAME: my_user] from system [SYSTEM: my_system]
262. Change password successful by user [USERNAME: my_user] from system [SYSTEM: my_system]
263. Change password failed by user [USERNAME: my_user] from system [SYSTEM: my_system]
264. LDAP login successful by user [USERNAME: my_user] from system [SYSTEM: my_system]
265. LDAP login failed with error [ERROR: %3] for user [USERNAME: my_user] from system [SYSTEM: my_system]
266. Preference [PREFERENCENAME: %3] for application [APPLICATION: my_application] changed to [%5] by user [USERNAME: my_user] from system [SYSTEM: my_system]
267. Local copy of the Inherited Application [APPLICATION: my_application] has been created by user [USERNAME: my_user] from system [SYSTEM: my_system]
268. Device [DEVICENAME: %3] removed by user [USERNAME: my_user] from system [SYSTEM: my_system]
269. Preference [PREFERENCENAME: %3] modified from [%4] to [%5] by user [USERNAME: my_user] from system [SYSTEM: my_system] on DN [%6]
270. Passphrase question and answer registered by user [%1] from system [%2]
271. Passphrase request was responded by user [USERNAME: my_user] from system [SYSTEM: my_system]
272. Passphrase request was cancelled by user [USERNAME: my_user] from system [SYSTEM: my_system]
273. Passphrase response was incorrect by user [USERNAME: my_user] from system [SYSTEM: my_system]
274. Directory object [%3] opened by user [USERNAME: my_user] from system [SYSTEM: my_system]
275. Directory object [%3] modified by user [USERNAME: my_user] from system [SYSTEM: my_system]
276. Directory object [%3] deleted by user [USERNAME: my_user] from system [SYSTEM: my_system]
277. Credential named [%3] added to application [APPLICATION: my_application] by user [USERNAME: my_user] from system [SYSTEM: my_system]
278. Credential named [%3] modified for application [APPLICATION: my_application] by user [USERNAME: my_user] from system [SYSTEM: my_system]
279. Credential named [%3] deleted from application [APPLICATION: my_application] by user [USERNAME: my_user] from system [SYSTEM: my_system]
280. Variable [%4] of Credential named [%3] added by user [USERNAME: my_user] from system [SYSTEM: my_system]
281. Variable [%4] of Credential named [%3] deleted by user [USERNAME: my_user] from system [SYSTEM: my_system]
282. Variable [%4] of Credential named [%3] modified by user [USERNAME: my_user] from system [SYSTEM: my_system]
283. Password policy [%3] added with value [%5] by user [USERNAME: my_user] from system [SYSTEM: my_system] on DN [%6]
284. Password policy [%3] modified from [%4] to [%5] by user [USERNAME: my_user] from system [SYSTEM: my_system] on DN [%6]
285. Password policy [%3] deleted by user [USERNAME: my_user] from system [SYSTEM: my_system] on DN [%5]
286. Application definition script for application [APPLICATION: my_application] of type [APPLICATIONTYPE: %4] added by user [USERNAME: my_user] from system [SYSTEM: my_system]
287. Application definition script for application [APPLICATION: my_application] of type [APPLICATIONTYPE: %4] modified by user [USERNAME: my_user] from system [SYSTEM: my_system]
288. Application definition script for application [APPLICATION: my_application] of type [APPLICATIONTYPE: %4] deleted by user [USERNAME: my_user] from system [SYSTEM: my_system]
289. Work Offline mode selected by user [USERNAME: my_user] from system [SYSTEM: my_system]
290. Work Offline mode deselected by user [USERNAME: my_user] from system [SYSTEM: my_system]
291. Corporate Passphrase question added with value [%3] by user [USERNAME: my_user] from system [SYSTEM: my_system] on DN [%4]
292. Corporate Passphrase question deleted with value [%3] by user [USERNAME: my_user] from system [SYSTEM: my_system] on DN [%4]
293. Passphrase question and answer changed by user [%1] from system [%2]
294. Password/PIN provided by user [%1] from system [%2] while accessing tray icon is Correct
295. Password/PIN provided by user [%1] from system [%2] while accessing tray icon is Incorrect
296. Password request while accessing tray icon was cancelled by user [USERNAME: my_user] from system [SYSTEM: my_system]
297. Single sign-on Configuration deleted by user [USERNAME: my_user] from system [SYSTEM: my_system] of object [%3]
512. General message unused? See additional data
513. SecureLogin Client on [SYSTEM: my_system] has executed the AuditEvent Command [Additional data 1: %5] by user [USERNAME: my_user]
514. SecureLogin Client on [SYSTEM: my_system] provided password to an application [APPLICATION: my_application] by user [USERNAME: my_user]
515. SecureLogin Client on [SYSTEM: my_system] changed the password for application [APPLICATION: my_application] in response to the ChangePassword command by user [USERNAME: my_user]
516. SecureLogin Client on [SYSTEM: my_system] automatically changed the password for application [APPLICATION: my_application] in response to the ChangePassword command by user [USERNAME: my_user]
Event ID / Description
1. Novell SecureLogin user (%1) has logged in.
2. Novell SecureLogin user (%1) has changed the LDAP password.
3. Workstation has been unlocked by a user (%1) different from the one who had originally logged in.
4. The session for (%1) has timed out due to inactivity.
5. Device removal policy has been triggered for (%1).
6. Manual lock has been triggered for (%1).
256. Application [APPLICATION: my_application] started by user [USERNAME: my_user] from system [SYSTEM: my_system]
257. Application [APPLICATION: my_application] stopped by user [USERNAME: my_user] from system [SYSTEM: my_system]
258. Application [APPLICATION: my_application] enabled by user [USERNAME: my_user] from system [SYSTEM: my_system]
259. Application [APPLICATION: my_application] disabled by user [USERNAME: my_user] from system [SYSTEM: my_system]
260. System [SYSTEM: my_system] didn't have [GPO: %4] at [APPLICATION: my_application] start
261. SSO to application [APPLICATION: my_application] successful by user [USERNAME: my_user] from system [SYSTEM: my_system]
262. Change password successful by user [USERNAME: my_user] from system [SYSTEM: my_system]
263. Change password failed by user [USERNAME: my_user] from system [SYSTEM: my_system]
264. LDAP login successful by user [USERNAME: my_user] from system [SYSTEM: my_system]
265. LDAP login failed with error [ERROR: %3] for user [USERNAME: my_user] from system [SYSTEM: my_system]
266. Preference [PREFERENCENAME: %3] for application [APPLICATION: my_application] changed to [%5] by user [USERNAME: my_user] from system [SYSTEM: my_system]
267. Local copy of the Inherited Application [APPLICATION: my_application] has been created by user [USERNAME: my_user] from system [SYSTEM: my_system]
268. Device [DEVICENAME: %3] removed by user [USERNAME: my_user] from system [SYSTEM: my_system]
269. Preference [PREFERENCENAME: %3] modified from [%4] to [%5] by user [USERNAME: my_user] from system [SYSTEM: my_system] on DN [%6]
270. Passphrase question and answer registered by user [%1] from system [%2]
271. Passphrase request was responded by user [USERNAME: my_user] from system [SYSTEM: my_system]
272. Passphrase request was cancelled by user [USERNAME: my_user] from system [SYSTEM: my_system]
273. Passphrase response was incorrect by user [USERNAME: my_user] from system [SYSTEM: my_system]
274. Directory object [%3] opened by user [USERNAME: my_user] from system [SYSTEM: my_system]
275. Directory object [%3] modified by user [USERNAME: my_user] from system [SYSTEM: my_system]
276. Directory object [%3] deleted by user [USERNAME: my_user] from system [SYSTEM: my_system]
277. Credential named [%3] added to application [APPLICATION: my_application] by user [USERNAME: my_user] from system [SYSTEM: my_system]
278. Credential named [%3] modified for application [APPLICATION: my_application] by user [USERNAME: my_user] from system [SYSTEM: my_system]
279. Credential named [%3] deleted from application [APPLICATION: my_application] by user [USERNAME: my_user] from system [SYSTEM: my_system]
280. Variable [%4] of Credential named [%3] added by user [USERNAME: my_user] from system [SYSTEM: my_system]
281. Variable [%4] of Credential named [%3] deleted by user [USERNAME: my_user] from system [SYSTEM: my_system]
282. Variable [%4] of Credential named [%3] modified by user [USERNAME: my_user] from system [SYSTEM: my_system]
283. Password policy [%3] added with value [%5] by user [USERNAME: my_user] from system [SYSTEM: my_system] on DN [%6]
284. Password policy [%3] modified from [%4] to [%5] by user [USERNAME: my_user] from system [SYSTEM: my_system] on DN [%6]
285. Password policy [%3] deleted by user [USERNAME: my_user] from system [SYSTEM: my_system] on DN [%5]
286. Application definition script for application [APPLICATION: my_application] of type [APPLICATIONTYPE: %4] added by user [USERNAME: my_user] from system [SYSTEM: my_system]
287. Application definition script for application [APPLICATION: my_application] of type [APPLICATIONTYPE: %4] modified by user [USERNAME: my_user] from system [SYSTEM: my_system]
288. Application definition script for application [APPLICATION: my_application] of type [APPLICATIONTYPE: %4] deleted by user [USERNAME: my_user] from system [SYSTEM: my_system]
289. Work Offline mode selected by user [USERNAME: my_user] from system [SYSTEM: my_system]
290. Work Offline mode deselected by user [USERNAME: my_user] from system [SYSTEM: my_system]
291. Corporate Passphrase question added with value [%3] by user [USERNAME: my_user] from system [SYSTEM: my_system] on DN [%4]
292. Corporate Passphrase question deleted with value [%3] by user [USERNAME: my_user] from system [SYSTEM: my_system] on DN [%4]
293. Passphrase question and answer changed by user [%1] from system [%2]
294. Password/PIN provided by user [%1] from system [%2] while accessing tray icon is Correct
295. Password/PIN provided by user [%1] from system [%2] while accessing tray icon is Incorrect
296. Password request while accessing tray icon was cancelled by user [USERNAME: my_user] from system [SYSTEM: my_system]
297. Single sign-on Configuration deleted by user [USERNAME: my_user] from system [SYSTEM: my_system] of object [%3]
512. General message unused? See additional data
513. SecureLogin Client on [SYSTEM: my_system] has executed the AuditEvent Command [Additional data 1: %5] by user [USERNAME: my_user]
514. SecureLogin Client on [SYSTEM: my_system] provided password to an application [APPLICATION: my_application] by user [USERNAME: my_user]
515. SecureLogin Client on [SYSTEM: my_system] changed the password for application [APPLICATION: my_application] in response to the ChangePassword command by user [USERNAME: my_user]
516. SecureLogin Client on [SYSTEM: my_system] automatically changed the password for application [APPLICATION: my_application] in response to the ChangePassword command by user [USERNAME: my_user]
Additional Information
For details about configuring such log events see the online documentation at https://www.netiq.com/documentation/securelogin-81/administration_guide/data/b3lvqso.html