Individual audit records can be viewed in the live audit viewer, and filtered and exported using the OneSpan Authentication Server Appliance Configuration Tool.
Events generated by the OneSpan Authentication Server component for auditing are stored in the internal database. They are moved to an audit database on a monthly basis or until a maximum audit data size limit of 500 MB is reached. When this limit is exceeded, new audit data is stored in a new database part.
Parts of the database can be downloaded and deleted via the OneSpan Authentication Server Appliance Configuration Tool. Downloading is the same as the exporting, but uses a format compatible with OneSpan Authentication Server.
Exporting and downloading auditing information
Exporting auditing information can be useful in the following cases:
- One reporting system is used for all servers on a network.
- Auditing information needs to be kept for a long time.
You can use filters to define which data should be exported.
Exported data can use different formats:
- IDENTIKEY. Select this option for OneSpan Authentication Server compatibility. It allows you to import the exported data to an instance of OneSpan Authentication Server that is acting as a dedicated reporting server in a setup with multiple OneSpan Authentication Server and/or OneSpan Authentication Server Appliance instances.
- CSV. The comma-separated values format allows the data to be imported by other auditing systems.
Although it is still called CSV format, the CSV option creates an export file that uses tab characters as the separator, not a comma!
Audit Message Types
OneSpan Authentication Server Appliance logs different types of audit messages.
| Type | Description |
|---|---|
| Error | The message contains details about a system, configuration, licensing or some internal error. Errors do not include normal processing events such as failed logon requests. |
| Warning | Warning messages contain details about potential problems within the system. This could include details such as a failed connection attempt to a database. |
| Information | Informational messages provide details about events within the system that need to be recorded but do not indicate errors or potential errors. |
| Success | Success messages contain details about processing events that were correctly processed. This may include successful authentications or successful administration commands. |
| Failure | Failure messages contain details about processing events that failed. This may include rejected authentications, or administration actions that failed. |
For a full reference list of audit messages, refer to the OneSpan Authentication Server Appliance Administrator Reference.