After exporting the audit database what do the columns mean?
Event / Catergory ID / CatID / ID
| Event | CatId | Category | ID |
| Audit cache file deleted | 1 | System | 4 |
| Recovery of the emergency access questions collected by a user | 1 | System | 3 |
| Checking timeslice | 1 | System | 2 |
| Authenticating using cache | 1 | System | 1 |
| Contactless badge self enrolment | 2 | Authentication | 4120 |
| Roaming: User terminates his session | 2 | Authentication | 4119 |
| Roaming: Create user's session | 2 | Authentication | 4118 |
| Token moved to black list | 2 | Authentication | 4117 |
| Certificate enrollment | 2 | Authentication | 4115 |
| Revocation | 2 | Authentication | 4116 |
| User closed session | 2 | Authentication | 8205 |
| Authentication failed | 2 | Authentication | 4114 |
| Authentication successfull | 2 | Authentication | 4113 |
| Authentication outside authorized timeslice | 2 | Authentication | 4112 |
| Invalid user id in smart card | 2 | Authentication | 35 |
| Temporary Password Access deletion | 2 | Authentication | 46 |
| External domain user authentication | 2 | Authentication | 45 |
| User authentication | 2 | Authentication | 44 |
| Automatic generation of primary password during token authentication | 2 | Authentication | 43 |
| Unblock PIN with emergency access | 2 | Authentication | 39 |
| Password Reset with emergency access in disconnected mode | 2 | Authentication | 38 |
| Password Reset with emergency access in connected mode | 2 | Authentication | 37 |
| Questions and answers collect for emergency access | 2 | Authentication | 36 |
| Unblocking secret refused | 2 | Authentication | 34 |
| Unable to change PIN | 2 | Authentication | 33 |
| Unable to unblock smart card | 2 | Authentication | 32 |
| User connecting with application mask | 2 | Authentication | 12 |
| User queried OTP | 2 | Authentication | 11 |
| User not authorized for this application | 2 | Authentication | 10 |
| Wrong user | 2 | Authentication | 9 |
| Unable to sign authentication data | 2 | Authentication | 8 |
| User can unlock workstation | 2 | Authentication | 7 |
| Creation of authentication key | 2 | Authentication | 6 |
| Impossible to get authentication key | 2 | Authentication | 5 |
| Checking directory credentials | 2 | Authentication | 4 |
| Authentication by OTP successful | 2 | Authentication | 3 |
| Invalid OTP | 2 | Authentication | 2 |
| Directory password change | 2 | Authentication | 1 |
| Authentication method refused | 2 | Authentication | 4111 |
| Primary account locked | 2 | Authentication | 4110 |
| Impossible to retreive user security profile | 2 | Authentication | 4109 |
| User not allowed on this accesspoint | 2 | Authentication | 4108 |
| Re-authentication using a different user | 2 | Authentication | 4107 |
| Re-authentication without authentication | 2 | Authentication | 4106 |
| Incorrect registration signature | 2 | Authentication | 4105 |
| Registration not found | 2 | Authentication | 4104 |
| Auto registration | 2 | Authentication | 4103 |
| Auto registration not found | 2 | Authentication | 4102 |
| Incorrect user ID | 2 | Authentication | 4101 |
| Incorrect signature | 2 | Authentication | 4100 |
| Incorrect accesspoint session ID | 2 | Authentication | 4099 |
| Unregistered authentication attempts | 2 | Authentication | 4098 |
| Unsupported authentication method used | 2 | Authentication | 4097 |
| Smart card unblocked | 2 | Authentication | 31 |
| Smart card is being unblocked | 2 | Authentication | 30 |
| Blocked smart card presented | 2 | Authentication | 29 |
| Smart card blocked | 2 | Authentication | 28 |
| Invalid PIN | 2 | Authentication | 27 |
| PIN changed | 2 | Authentication | 26 |
| New PIN refused | 2 | Authentication | 25 |
| Expired PIN | 2 | Authentication | 24 |
| Invalid PIN state | 2 | Authentication | 23 |
| Temporarily replaced token reactivated | 2 | Authentication | 22 |
| Temporarily replaced token presented | 2 | Authentication | 21 |
| To giveback token presented | 2 | Authentication | 20 |
| Old token presented | 2 | Authentication | 19 |
| Expired token presented | 2 | Authentication | 18 |
| Blacklisted token presented | 2 | Authentication | 17 |
| Disabled token presented | 2 | Authentication | 16 |
| Personal config modification | 3 | SSO | 8 |
| Account deletion | 3 | SSO | 7 |
| Account modification | 3 | SSO | 6 |
| SSO account modified by administrator | 3 | SSO | 5 |
| Account access denied | 3 | SSO | 4 |
| SSOKey table modified | 3 | SSO | 3 |
| Use of primary password for SSO | 3 | SSO | 2 |
| Use of account password for SSO | 3 | SSO | 1 |
| Modify account delegation | 3 | SSO | 4100 |
| Remove account delegation | 3 | SSO | 4099 |
| Delegate account | 3 | SSO | 4098 |
| Open session | 3 | SSO | 4097 |
| Token | 4 | Admin | 15 |
| Configuration | 4 | Admin | 14 |
| Access point profile | 4 | Admin | 13 |
| User profile | 4 | Admin | 12 |
| Biometric data | 4 | Admin | 11 |
| Application profile | 4 | Admin | 10 |
| application's parameter | 4 | Admin | 9 |
| application administration profile | 4 | Admin | 8 |
| Access point - user access | 4 | Admin | 7 |
| User - application access | 4 | Admin | 6 |
| Application - user access | 4 | Admin | 5 |
| Application - access point access | 4 | Admin | 4 |
| Organization | 4 | Admin | 3 |
| Access point | 4 | Admin | 2 |
| Application | 4 | Admin | 1 |
| Technical reference | 4 | Admin | 25 |
| SSO storage | 4 | Admin | 24 |
| Parameter | 4 | Admin | 23 |
| Account's parameter | 4 | Admin | 22 |
| Account | 4 | Admin | 21 |
| Software module | 4 | Admin | 20 |
| Time slice | 4 | Admin | 19 |
| Personal access | 4 | Admin | 18 |
| PGP | 4 | Admin | 17 |
| PFCP | 4 | Admin | 16 |
| Batch of cards | 4 | Admin | 41 |
| Representative | 4 | Admin | 40 |
| Administrator challenge retrieve for disconnected PIN Reset with emergency access | 4 | Admin | 39 |
| Administrator challenge retrieve for disconnected Password Reset with emergency access | 4 | Admin | 38 |
| User | 4 | Admin | 37 |
| Group | 4 | Admin | 36 |
| WG Auth | 4 | Admin | 35 |
| Role | 4 | Admin | 34 |
| Administration profile | 4 | Admin | 33 |
| token class configuration | 4 | Admin | 32 |
| Cluster | 4 | Admin | 62 |
| User Password Forced | 4 | Admin | 61 |
| Audit Filter | 4 | Admin | 60 |
| Temporary Password Access | 4 | Admin | 59 |
| Revocation: OCSP response | 4 | Admin | 58 |
| Revocation: CRL update | 4 | Admin | 57 |
| Audit database purged | 4 | Admin | 56 |
| File Encryption Key update requested | 4 | Admin | 55 |
| File Encryption Key information change requested | 4 | Admin | 54 |
| File Encryption Key information changed | 4 | Admin | 53 |
| File Encryption Key updated | 4 | Admin | 52 |
| File Encryption Key created | 4 | Admin | 51 |
| File Encryption Key | 4 | Admin | 50 |
| Certificate | 4 | Admin | 49 |
| PKA Authority | 4 | Admin | 48 |
| File Encryption Key updated by user | 5 | File Encryption | 3 |
| File encryption Key information changed by user | 5 | File Encryption | 2 |
| File Encryption Key created by user | 5 | File Encryption | 1 |
Time
The time is stored in Unix Time / Epoch (The number of seconds since 01/01/1970 at 0h00 GMT+0)
There's a online converter below with example SQL statements.
http://www.epochconverter.com/
Result Code
The ResultCode corresponds to standard QESSO error codes but the data is in HEX format.
In ResultCode:
- 0 means no error at all
- a positive number (such as 33562688) is a warning code
- any negative number is an error
