If you are using OneSpan Authentication Server system monitoring, we recommend to define targets for the following OneSpan Authentication Server events:
- OneSpan Authentication Server errors. For these type of events, you should define an audit filter that extracts all error audit messages.
- Locked authenticator users. For these type of events, you should define a filter that extracts all audit messages with the audit code 'W-011003'.
- Failed administrative logons. For these type of events, you should define a filter that extracts all audit messages with the audit code 'F-004001'.
- Replication failures. For these type of events, you should define a filter that extracts all audit messages with the audit codes 'F-003001' or 'F-003002'.