LogoLogo
LearnDocumentationSupportCommunity
Version 6.30
Version 6.30
  • Welcome
  • Nexthink V6
  • Overview
    • Software components
    • Collector
    • Finder
    • Engine
    • Portal
    • Nexthink Library
    • Digital Experience Score
  • Installation and configuration
    • Planning your installation
      • Overview of the installation process
      • Hardware requirements
      • Connectivity requirements
      • Software requirements
      • Reference architectures
    • Installing Portal and Engine Appliances
      • Installing the Appliance
      • Installing the Appliance on Azure
      • Installing the Appliance on AWS
      • Installing the Appliance on OTC
      • Managing Appliance accounts
      • Setting the names of the Portal
      • Setting the names of the Engines
      • Specifying your internal networks and domains
      • Federating your Appliances
      • STIG compliance in Web Console
      • Connecting the Portal to the Engines
      • Configuring session performance storage
      • Configuring device performance storage
      • Setting up a software license
      • Sending email notifications from the Appliance
      • Allocating resources for the Portal
    • Installing the Collector
      • Installing the Collector on Windows
      • Installing the Collector on macOS
      • Installing the Collector for a Proof of Value
      • Assigning Collectors to Engines
      • Assignment of roaming Collectors
      • Collector MSI parameters reference table
      • Nxtcfg - Collector configuration tool
      • Inspecting the connection status of the Collector
      • Querying the status of the TCP connection of the Collector
      • Reporting the URL of HTTP web requests
      • Auditing logon events
      • Viewing user interactions in virtualized and embedded environments
      • Engage notifications on macOS
      • Configuring Collector level anonymization
    • Collector remote connectivity
      • Redirecting and anonymizing Collector traffic
      • Redirecting the Collector TCP channel
      • Support for DirectAccess
      • Windows Collector proxy support
      • Mac Collector proxy support
    • Installing the Event Connector
      • Installing the Event Connector on Linux
    • Installing the Finder
      • Installing the Finder on Windows
      • Enabling Cross-Engine Finder features
      • Expanding the time frame of investigations in the Finder
      • Enabling Finder access to the Library
      • Finder proxy support
    • Updating from V6.x
      • Updating the Appliance
      • Content centralization when updating the Appliance
      • Updating the Collector
      • Viewing Collector deprecated fields
      • Updating the Finder
    • Security and user account management
      • Importing and replacing certificates
      • Hierarchizing your infrastructure
      • Adding users
      • Enabling SAML authentication of users
      • Just-In-Time provisioning of user accounts
      • Enabling Windows authentication of users
      • Multi-factor authentication for local accounts overview
      • Provisioning user accounts from Active Directory
      • Establishing a privacy policy
      • Disabling local accounts for interactive users
      • Setting the complexity and minimum length of passwords for local accounts
      • Protecting local accounts against brute force attacks
      • Preventing password saving in the Finder
      • Controlling session timeouts in the Portal
      • Security settings in the Appliance
      • Setting the Do Not Disturb periods between campaigns
    • Data retrieval and storage
      • Data retention
      • Increasing the maximum number of metrics
      • Establishing a data retention policy in the Engine
      • Storing Engine data in a secondary disk drive
      • Importing data from Microsoft Active Directory
      • Setting the locale in the Portal
      • Changing the Time Zone of the Portal
      • Time Zones and data collection
      • Changing the data collection time of the Portal
      • Nightly task schedules timetable
      • Changing the thresholds of High CPU warnings
      • Automatic restart of unresponsive Engine
    • Maintenance operations
      • Logging in to the CLI
      • Special operation modes for the Engine and the Portal
      • Changing the default ports in the Appliance
      • Centralized Management of Appliances and Engines
      • Monitoring the performance of the Appliance
      • Resizing partitions in Appliance
      • Configuring the system log
      • Examining the logs in the Portal
      • GDPR - Retrieving or anonymizing personal data
      • Finding out unlicensed devices
      • Removing devices
      • Installing third-party software in the Appliance
      • Installing VMware Tools in the Appliance
      • Operational data sent to Nexthink
      • Sending additional data to Support
    • Disaster recovery
      • Planning for disaster recovery
      • Web Console backup and restore
      • Engine backup and restore
      • Portal backup and restore
      • Rule-based assignment backup and restore
      • License backup and restore
      • PKI backup and restore
    • Branding
      • Branding the Portal
      • Branding of campaigns
  • User manual
    • Getting started
      • Logging in to the Finder
      • Logging in to the Portal
      • Enabling STIG in Webconsole
    • Querying the system
      • Searching the subject of interest
      • Executing an investigation
      • Creating an investigation
      • Editing the options of an investigation
      • Combining logical conditions in investigations
      • Navigating through the results of an investigation
      • Properties of users and devices
    • Visualizing system activity in the Finder
      • Getting a quick overview
      • Graphically observing the activity of users and devices
      • Observing service performance
      • Viewing network connections
      • Viewing web requests
      • Viewing executions
    • Monitoring IT custom metrics
      • Creating a metric
      • Examples of metrics
      • Session performance
      • Device performance
      • Following the evolution of a metric
      • Finding the visuals of a metric
    • Monitoring IT services
      • Analyzing service quality
      • Creating a service
      • Following the evolution of a service
      • Specifying URL paths of web-based services
    • Engaging with the end user
      • Getting feedback from the end users
      • Types of campaigns
      • Creating a campaign
      • Editing a campaign
      • Types of questions
      • Controlling the flow of questions
      • Translating a campaign
      • Triggering a campaign manually
      • Limiting the reception rate of campaigns
      • Scrutinizing the results of a campaign
      • Continuously measuring the satisfaction of employees
    • Rating devices and users with scores
      • Computing scores
      • Creating a score
      • Checking and comparing ratings
      • Computing potential savings
      • Score XML Reference
      • Documenting scores
    • Remotely acting on devices
      • Scenarios for remote actions
      • Creating a remote action
      • Executing remote actions
      • Triggering a remote action manually
      • Writing scripts for remote actions on Windows
      • Writing scripts for remote actions on Mac
      • Example of self-healing scenario
      • Example of self-help scenario
      • Application control and remote actions
    • Organizing objects with categories
      • Classifying objects of the same type
      • Creating categories and keywords
      • Tagging objects manually
      • Tagging objects automatically
      • Importing tags from text files
    • Getting notified by the system
      • Receiving Engage campaigns
      • Receiving email digests
      • Receiving alerts
      • Creating a service-based alert
      • Creating an investigation-based alert
    • Building web-based dashboards
      • Introducing dashboards in the Portal
      • Creating a dashboard
      • Examining metrics in depth
      • Documenting dashboards
      • Assessing license use
      • Computing dashboard data
      • Reusing dashboard content
    • Importing and exporting authored content
      • Methods for reusing authored content
      • Manually sharing Finder content
      • Importing a content pack
      • Conflict resolution
      • Exporting a content pack
  • Library packs
    • Compliance
      • Device Compliance
    • Configuration Manuals
      • Overview (Configuration Manuals)
      • Installing A New Version Of A Library Pack
    • Digital Employee Score (DEX score)
      • DEX Score Installation And Configuration
      • Detailed Library Pack Changelog
    • Device management
      • Reduce logon duration
      • Group Policy Management
      • Hardware Asset Renewal
      • Hardware Asset Renewal Advanced
      • Application Auto-Start Impact
    • Remote Employee Experience
      • Remote Worker Experience
      • Home Networking
      • Change Log And Upgrade Process
      • Remote Worker Vs Office Worker Device Category
      • Remote Worker Insights
      • DEX V2 Upgrade Of Remote Worker
    • Persona Insight
      • Persona Insight - Overview
      • Persona Insight - Library Pack
      • Persona Insight - Score Only Pack
      • Persona Insight - Without Campaign pack
      • Persona Insight - Getting Started and Upgrade Procedure
      • Persona Insight - Configuration Guide
      • Persona Insight - Troubleshooting - Multiple devices on multiple engines
      • Persona Insight - Reference Guide
      • Persona Insight - Example Pack
      • Persona Insight - Device Sizing
        • Persona Insight - Device Sizing Overview
        • Persona Insight - Device Sizing Configuration
      • Persona Insight - Application Sizing
        • Persona Insight - Application Sizing Overview
        • Persona Insight - Application Sizing Configuration
      • Legacy Persona documentation
        • Persona Insight - Library Pack (V.1.0.0.0)
        • Persona Insight - Base Pack
        • Persona Insight - Base Pack Advanced
        • Persona Insight - Customization Guide (V1.0.0.0)
        • Persona Insight - Configuration Guide (V1.0.0.0)
        • Persona Insight - Reference Guide (V1.0.0.0)
    • GSuite
      • GSuite: Health
      • GSuite: Services
      • GSuite: Sentiment
      • GSuite: Advanced Health
    • Support
      • Support: Level 1
    • Shadow IT
      • Shadow IT
    • Malware Protection
      • Malware Protection
    • Office 365 Health
      • Office 365 Health: Overview
      • Office 365 Health: Services
    • Office 365 OneDrive
      • OneDrive Summary
      • OneDrive Operations
      • OneDrive Advanced Health
      • OneDrive Migration
      • OneDrive Sentiment
      • OneDrive Management
      • OneDrive Advanced Operations
    • Office 365 Teams
      • Teams Overall Configuration
      • Teams - Migration
      • Teams - Health
      • Teams - Advanced Health
      • Teams - Adoption
    • Microsoft 365 Apps
      • Microsoft 365 Apps - Operate
    • Employee Self Service
      • Overview
      • Configuration
      • Usage
    • Onboarding Experience Management
      • OEM - Overview
      • OEM - Configuration
    • Office 365 Outlook
      • Outlook Troubleshooting
    • Virtualization
      • Virtualization: Operate
      • Virtualization: AVD - Advanced
      • Virtualization: Citrix Advanced
      • Virtualization: Project
      • Virtualization: Troubleshooting
        • Virtualization: Troubleshooting: Configuration
    • Windows
      • Win10: Configuration
      • Win10: Migration
      • Win10: Feature Update
      • Win10: Quality Update
      • Windows Defender Management
      • Administrators Management
    • Windows 11
      • Windows 11 - Readiness
      • Windows 11 - Migration Pilot
      • Windows 11 - Migration
      • Windows 11 - Operate
    • Webex
      • Webex Operate
    • Zoom
      • Zoom Operate
    • Remote Actions
      • Get Performance Monitor Data
      • Skype For Business
      • Restart Device
      • Upload Logs to S3 using PreSigned URLs
    • Software Asset Optimization
    • Collaboration Optimization
      • Collaboration Optimization - Solution Overview
      • Collaboration Optimization - Configuration
      • Collaboration Optimization - Usage / Troubleshooting
    • Systems Management
      • Manage Configuration Drift
      • MS ConfigMgr - Client Health
        • MS ConfigMgr - Client Health - Summary
        • MS ConfigMgr - Client Health - Configuration Guide
      • Intune
        • Intune - Health
          • Intune - Health - Summary
          • Intune - Health - Configuration Guide
    • Return to the office
      • Return to the office - Planning
      • Return to the office - Readiness
    • Green IT
      • Green IT - Overview
      • Green IT - Configuration Guide
    • Hybrid Working
      • Hybrid Working Experience
      • Hybrid Working Experience - Installation and upgrade procedure
  • Integrations
    • Nexthink ServiceNow Service Graph Connector
      • Overview
        • Roles and Permissions
        • Modules
      • Installation and Configuration Guide
        • Pre-requisites
          • Configure Identification Rules
          • Import and setup the CMDB categories in Finder
        • Setup
          • Configure the connection
          • Configure import properties
          • Configure additional engines
          • Set up scheduled import jobs
      • Data transformation and mapping by default
      • How to customize the behaviour of the Connector
      • FAQ
        • Why ServiceNow Service Graph Connector?
        • What about Nexthink CMDB Connector?
        • Why is the name the primary key for the devices?
      • Troubleshooting
        • IRE identification issues
          • [No Choice found in the sys_choice table for the target table](integrations/nexthink-servicenow-service-graph-connector/troubleshooting/ire-identification-issues/ no-choice-found-in-the-sys_choice-table-for-the-target-table.md)
          • Identification rules not created
          • Discovery_source choice not created
        • Timeout Errors
          • ECCResponseTimeoutException
          • HTTP 0 error
        • MID server issues
          • java.lang.NullPointerException
          • MID Server memory issues
          • Not trusted certificates in Quebec release
        • Configure credentials issues
          • [Not allowing update of property authentication_choice](integrations/nexthink-servicenow-service-graph-connector/troubleshooting/configure-credentials-issues/ not-allowing-update-of-property-authentication_choice.md)
          • Invalid username/password combo (HTTP 401/403)
        • Configure Engines Issues
          • [The client secret supplied for a confidential client is invalid](integrations/nexthink-servicenow-service-graph-connector/troubleshooting/configure-engines-issues/ the-client-secret-supplied-for-a-confidential-client-is-invalid.md)
        • No Cis imported and no errors found in the log
    • Nexthink ServiceNow Incident Management Connector (IMC)
      • Installation and configuration guide (IMC)
      • Troubleshooting Guide (IMC)
      • Domain separation installation (IMC)
    • Nexthink ServiceNow CMDB Connectors
      • Installation and Configuration Guide
      • Troubleshooting Guide
      • Field transformation and normalisation examples
    • Nexthink Event Connector
      • High level overview
      • Installation and Configuration Guide
      • Troubleshooting guide
      • RPM installation
      • Splunk specific documentation
        • Upgrading from Splunk Connector to Event Connector
        • Splunk add-on installation and usage
    • Nexthink Chatbot SDK
      • Introduction and concepts
      • Installation, configuration and update guide
        • Installation and configuration
        • Update to newer version
        • Uninstallation
        • Authentication
        • Topics configuration
        • Remote action configuration
        • Advanced configuration
        • Additional resources and references
      • Dimensioning guide
      • Troubleshooting
      • Technical solution description
      • Downloads and release notes
  • Glossary and references
    • Search and information display
      • Search in Finder
      • Keyboard shortcuts for column display selection
      • Campaign display compatibility
      • Real-time and consolidated service data
      • Service errors and warnings
      • Errors and warnings for devices and executions
      • Types of widgets
      • Widget compute state in charts
      • Errors in the execution of remote actions
      • Top results of Cross-Engine investigations
      • Engine data history
    • Tooltips in the user and device views
      • Alerts tooltips
      • Warnings tooltips
      • Errors tooltips
      • Activity tooltips
      • Services tooltips
    • Database information and organization
      • Maximum supported values
      • Local and shared content
      • Device Identification
      • Local IP address of devices
      • Timestamping of events
      • Boot and logon duration
      • Application startup duration
      • Application not responding events
      • Memory and CPU usage
      • Status of TCP connections
      • Status of UDP connections
      • Network and port scan conditions
      • Binary paths
      • Maximum number of Binaries
      • Package Executable Mapping
      • Metro apps
      • Investigation with packages
      • Portal aggregation and grouping
      • Focus time metric
    • Security
      • Access rights and permissions
      • Active Directory authentication
      • Canonical domain names for Windows authentication
      • System alerts
      • Audit trail
      • Appliance hardening
      • STIG hardening
      • FIPS 140-2 compliance
      • Security bulletins
        • Is Nexthink affected by Okta breach
        • Is Nexthink affected by SolarWinds breach
        • Nexthink and Log4j - Security bulletin
        • CVE-2022-22965 - Security Vulnerability Spring4shell - Spring Framework
        • Version 6.22.2.10: Security Vulnerability Maintenance Release
        • The Collector V6.27.X Release – Security Bulletin
    • References
      • Components of the Collector
      • Server support
      • Compatibility mode
    • Glossary
      • Activity
      • Alert
      • Application
      • Binary
      • Campaign
      • Category
      • Connection
      • Dashboard
      • Destination
      • Device
      • Domain
      • Entity
      • Event
      • Executable
      • Execution
      • Focus time
      • Hierarchy
      • Installation
      • Investigation
      • Keyword
      • Metric
      • Module
      • Object
      • Package
      • Platform
      • Port
      • Printer
      • Score
      • Service
      • Session
      • System boot
      • User
      • User logon
      • Web request
      • Widget
  • API and integrations
    • Integrating with Nexthink
      • Event Connector
      • Getting data through the NXQL API
      • Bidirectional integration with the Finder
      • Count metrics API
      • Software metering API
      • Services API
      • List Engines API
      • GetSID API
      • Triggering campaigns via their API
      • Triggering remote actions via their API
      • Audit trail API
      • Integrating investigation-based alerts
      • Downloads
    • NXQL API
      • Introducing the NXQL API
      • NXQL Tutorial
      • NXQL language definition
      • NXQL Data Model
    • Integrations
      • Excel integration with NXQL
      • Power BI
      • Azure Data Lake Storage Gen2
      • Splunk Event Connector
    • ServiceNow
      • CMDB Connector
      • Incident Management Connector
      • Event Management

© Nexthink

  • Privacy policy
  • Responsible Disclosure Policy
On this page
  • Overview
  • Appliance
  • Web Console
  • Portal
  • Engine

Was this helpful?

  1. Glossary and references
  2. Security

Audit trail

Last updated 5 months ago

Was this helpful?

Overview

To trace relevant activities in your Appliances (accesses, configuration modifications, starts, stops, and so on), Nexthink components write to the audit log file:

/var/log/nexthink/audit.log

Find below the complete list of audit events. In the tables, the words displayed in italics in the log messages are replaced by actual values by the log system. For example, the actual username of the account that performed a particular logged action will replace the word account.

Appliance

See how to for the Appliance to record the following events:

  • Logon with the SSH Nexthink account

  • Commands launched with super-user privileges

Web Console

Code
Description and format

50000

User logged in

[Console|Login|50000|account] Login successful

50001

User login failed

[Console|Login|50001|account] Login failed

50002

User logged out

[Console|Login|50002|account] User logout

51000

Web Console password updated

[Console|Appliance|51000|account] Console password updated

51010

Portal remote management account password updated

[Console|Appliance|51010|account] Remote password updated

51011

Portal remote management account enabled

[Console|Appliance|51011|account] Remote access enabled

51012

Portal remote management account disabled

[Console|Appliance|51012|account] Remote access disabled

51020

SSH Nexthink account password updated

[Console|Appliance|51020|account] SSH Nexthink account password updated

51021

SSH Nexthink account enabled

[Console|Appliance|51021|account] SSH Nexthink account enabled

51022

SSH Nexthink account disabled

[Console|Appliance|51022|account] SSH Nexthink account disabled

51100

Appliance hostname updated

[Console|Appliance|51100|account] Appliance hostname updated

51101

Appliance static route updated

[Console|Appliance|51101|account] Appliance static route updated

51102

Appliance static route deleted

[Console|Appliance|51102|account] Appliance static route deleted

51103

Appliance DNS server updated

[Console|Appliance|51103|account] Appliance dns server updated

51104

Appliance default gateway updated

[Console|Appliance|51104|account] Appliance default gateway updated

51106

Appliance Chrony servers updated

[Console|Appliance|51106|account] Appliance Chrony servers updated

51107

Appliance Chrony service enabled

[Console|Appliance|51107|account] Appliance Chrony service enabled

51108

Appliance Chrony service disabled

[Console|Appliance|51108|account] Appliance Chrony service disabled

51109

Appliance network interface updated

[Console|Appliance|51109|account] Appliance network insterface updated

51111

rsyslog service restarted

[Console|Appliance|51111|account] rsyslog service restarted

51112

crond service restarted

[Console|Appliance|51112|account] crond service restarted

51200

STIG compliance enabled

[Console|Compliance|51200|account] STIG compliance enabled

51201

STIG compliance disabled

[Console|Compliance|51201|account] STIG compliance disabled

51300

New federated appliance added

[Console|Appliance|51300|account] New federated appliance added with ID: id, DNS: dns

51301

Edited federated appliance

[Console|Appliance|51301|account] Edited federated appliance with ID: id, DNS: dns

51302

Federated appliance deleted

[Console|Appliance|51302|account] Federated appliance deleted with ID: id

51400

External backup parameters saved

[Console|Backup|51400|account] External backup parameters saved

51603

Automatic updates enabled / disabled

[Console|Appliance|51603|account] Automatic updates enabled

[Console|Appliance|51603|account] Automatic updates disabled

51609

Updates email recipient updated

[Console|Appliance|51609|account] Updates email recipient updated

51610

Check for updates triggered

[Console|Appliance|51610|account] Check for updates triggered

51611

Start updates triggered

[Console|Appliance|51611|account] Start updates triggered

51800

Appliance reboot triggered

[Console|Appliance|51800|account] Appliance reboot triggered

52000

Portal parameters updated

[Console|Portal|52000|account] Portal parameters updated

52001

Engine name updated

[Console|Engine-01|52001|account] Engine name updated

52007

Maximum stored events updated

[Console|Engine-01|52007|account] Maximum stored events updated

52010

Portal server address updated

[Console|Engine-01|52010|account] Portal server address updated

52010

Portal admin account reset

[Console|Portal|52010|account] Portal admin account reset

52011

Aggregation policy updated

[Console|Engine-01|52011|account] Aggregation policy updated

52012

Domain compression updated

[Console|Engine-01|52012|account] Domain compression updated

52090

Engine stopped

[Console|Engine-01|52090|account] Engine stopped

52091

Engine started

[Console|Engine-01|52091|account] Engine started

52100

Internal network removed

[Console|Engine-01|52100|account] Internal network removed

52100

Internal network added

[Console|Engine-01|52100|account] Internal network added

52105

Engine internal domains configuration updated

[Console|Engine-01|52105|account] Engine internal domains configuration updated

52200

Active directory added

[Console|Engine-01|52200|account] Active directory added

52201

Active directory removed

[Console|Engine-01|52201|account] Active directory removed

52550

Engine Mobile Bridge parameters updated

[Console|Engine-01|52550|account] Engine Mobile Bridge parameters updated

53090

Portal stopped

[Console|Portal|53090|account] Portal stopped

53091

Portal started

[Console|Portal|53091|account] Portal started

53092

LLM started

[Console|Portal|53092|account] LLM started

53093

LLM stopped

[Console|Portal|53093|account] LLM stopped

53094

Nginx started

[Console|Portal|53094|account] nginx started

53095

Nginx stopped

[Console|Portal|53095|account] nginx stopped

Portal

Code
Description

20001

Portal is starting

[Portal|SYSTEM|20001|*system] Portal is starting

20002

Portal is up and running

[Portal|SYSTEM|20002|*system] Portal is up and running

20004

Portal is stopped

[Portal|SYSTEM|20004|*system] Portal is stopped

20101

User logged in

[Portal|LOGIN|20101|account] User account logged with session id session id

20102

User logged out

[Portal|LOGIN|20102|account] User account logout for session id session id

20103

User login failed

[Portal|LOGIN|20103|*system] User account failed login attempts - reason

20104

User locked

[Portal|LOGIN|20104|account] User account is locked

20105

User account session time out

[Portal|LOGIN|20105|account] User account session timed out for session id session id

20201

User created

[Portal|USER|20201|account] User created account is created

20202

User removed

[Portal|USER|20202|account] User deleted account is removed

20203

User updated

[Portal|USER|20203|account] User updated account is created

20204

User profile updated

[Portal|USER|20204|account] Updated profile of n users

20205

User domain ownership updated

[Portal|USER|20204|account] Updated account ownership of n users

20206

Role added

[Portal|USER|20206|account] Role name is added

20207

Role updated

[Portal|USER|20207|account] Role name is updated

20208

Role removed

[Portal|USER|20208|account] Role name is removed

20209

Profile added (with roles)

[Portal|USER|20209|account] Added profile name roles: roles names

20210

Profile updated (with roles)

[Portal|USER|20210|account] Updated profile name roles: roles names

20211

Profile removed

[Portal|USER|20211|account] Removed profile name

20501

Hierarchy added

[Portal|HIERARCHY|20501|account] Hierarchy name is added

20502

Hierarchy removed

[Portal|HIERARCHY|20502|account] Hierarchy name is removed

20503

Hierarchy updated

[Portal|HIERARCHY|20503|account] Hierarchy name is updated

20504

Definition of entities updated

[Portal|HIERARCHY|20504|account] CSV of entities category is updated

20701

Engine added

[Portal|ENGINE|20701|account] Engine name of IP IP address or DNS name Port port number is added

20702

Engine removed

[Portal|ENGINE|20702|account] Engine name of IP IP address or DNS name Port port number is removed

20703

Engine connected

[Portal|ENGINE|20703|account] Engine name of IP IP address or DNS name Port port number is connected

20704

Engine disconnected

[Portal|ENGINE|20704|account] Engine name of IP IP address or DNS name Port port number is disconnected

20801

Finder user logged in

[Portal|FINDER|20801|account] User account logged in (finder)

20803

Finder user login failed

[Portal|FINDER|20801|account] User account login failed

20804

Library pack import request (only issued for big packs)

[Portal|FINDER|20804|account] Finder import req uid=pack uid

20901

Remote action updated

[Portal|CONTENTMANAGER|20901|account] Updated remote action in content manager, uid=remote action uid, name=remote action name

20902

Remote action created

[Portal|CONTENTMANAGER|20902|account] Created remote action in content manager, uid=remote action uid, name=remote action name

20903

Remote action deleted

[Portal|CONTENTMANAGER|20902|account] Deleted remote action in content manager, uid=remote action uid

20911

Metric updated

[Portal|CONTENTMANAGER|20911|account] Updated metric in content manager, uid=metric uid, status=enabled|disabled

20912

Metric created

[Portal|CONTENTMANAGER|20912|account] Created metric in content manager, uid=metric uid

20913

Metric deleted

[Portal|CONTENTMANAGER|20913|account] Deleted metric in content manager, uid=metric uid

20921

Service updated

[Portal|CONTENTMANAGER|20921|account] Updated service in content manager, uid=service uid, status=enabled|disabled

20922

Service created

[Portal|CONTENTMANAGER|20922|account] Created service in content manager, uid=service uid

20923

Service deleted

[Portal|CONTENTMANAGER|20923|account] Deleted service in content manager, uid=service uid

20931

Campaign updated

[Portal|CONTENTMANAGER|20931|account] Updated campaign in content manager, uid=campaign uid, name=campaign name, status=draft|published|retired

20932

Campaign created

[Portal|CONTENTMANAGER|20932|account] Created campaign in content manager, uid=campaign uid, name=campaign name

20933

Campaign deleted

[Portal|CONTENTMANAGER|20933|account] Deleted campaign in content manager, uid=campaign uid

20941

Category updated

[Portal|CONTENTMANAGER|20941|account] Updated category, uid=category uid

20942

Category created

[Portal|CONTENTMANAGER|20942|account] Created category, uid=category uid

20943

Category deleted

[Portal|CONTENTMANAGER|20943|account] Deleted category, uid=category uid

21001

Manual execution of a remote action through the Finder

[Portal|REMOTEACTION|21001|account] Finder request manual execution of remote action, uid=remote action uid on n devices with uids devices uids

21002

External execution of a remote action through the API

[Portal|REMOTEACTION|21002|account] API request manual execution of remote action, uid=remote action uid on n devices with uids devices uids

21003

External execution of a remote action through the API v2

[Portal|REMOTEACTION|21003|account] API request manual execution of remote action, uid=remote action uid on n devices with uids devices uids

21101

Metric compute triggered from the Finder

[Portal|METRICS|21101|account] Compute metric from finder uid=metric uid

21102

Metric clear history triggered by query

[Portal|METRICS|21102|account] Clear metric from query uid=metric uid

21103

Metric clear triggered from the Finder

[Portal|METRICS|21103|account] Clear metric from finder uid=metric uid

21104

Metric compute triggered by query

[Portal|METRICS|21104|account] Compute metric from query uid=metric uid

21201

Module published

[Portal|MODULES|21201|account] Published module uid=module uid, name=module name

21202

Module deleted

[Portal|MODULES|21202|account] Deleted module uid=module uid

21203

Module replaced

[Portal|MODULES|21203|account] Replaced published module uid=module uid, replaced uid=module uid

21501

Dashboard deleted

[Portal|DASHBOARDS|21501|account] Deleted dashboard, uid=dashboard uid

21301

Software metering metric updated

[Portal|SOFTWARE_METERING_METRIC|21301|account] Updated software metering metric, uid=metric uid

21302

Software metering metric deleted

[Portal|SOFTWARE_METERING_METRIC|21302|account] Deleted software metering metric, uid=metric uid

21303

Software metering metric enabled

[Portal|SOFTWARE_METERING_METRIC|21303|account] Enabled software metering metric, uid=metric uid

21304

Software metering metric disabled

[Portal|SOFTWARE_METERING_METRIC|21304|account] Disabled software metering metric, uid=metric uid

21401

Software metering module updated

[Portal|SOFTWARE_METERING_MODULE|21401|account] Updated software metering module, uid=module uid

21402

Software metering module created

[Portal|SOFTWARE_METERING_MODULE|21402|account] Created software metering module, uid=module uid

Engine

Code
Description

10001

Engine is up and running

[Engine-01|General|10001|nxengine] Engine is up and running

10002

Engine stopped with error

[Engine-01|General|10002|nxengine] Engine abnormally stopped

10003

Engine stopped gracefully

[Engine-01|MAIN|10003|nxengine] Engine gracefuly stopped

10004

Engine stopped forcefully

[Engine-01|General|10004|nxengine] Engine stopped

10005

Database created

[Engine-01|Database|10005|nxengine] Engine database creation:new database created

10006

Finder user logged in

[Engine-01|Communication|10006|account] Finder user logged in:[milliseconds]

10007

Finder user logged out

[Engine-01|Communication|10007|account] Finder logged out

10008

Finder user login attempt

[Engine-01|Communication|10008|account] Finder log-in attempt

10009

Finder account created

[Engine-01|Database|10009|portal] Finder account creation:[created account]

10010

Finder account deleted

[Engine-01|Database|10010|portal] Finder account destruction:[deleted account]

10011

Finder account updated

[Engine-01|Database|10011|portal] Finder account update:[updated account]

10012

Finder account password changed

[Engine-01|Database|10012|portal] Finder password change:[changed account]

10017

Global alert created

[Engine-01|Database|10017|portal] Global alert creation:[alert name]

10018

Global alert deleted

[Engine-01|Database|10018|portal] Global alert destruction:[alert name]

10019

Global alert updated

[Engine-01|Database|10019|portal] Global alert update:[alert name]

10026

LDAP synchronization request

[Engine-01|Communication|10026|account] LDAP synchronization

10028

Object manually tagged

[Engine-01|DBMGR|10028|account] Manual tagging:[object type|object name]

10029

Binary filtering rule (storage policy) updated

[Engine-01|DBMGR|10029|account] Binary filtering rule update:[binary|executable name]

10030

Executable filtering rule (storage policy) updated

[Engine-01|DBMGR|10030|account] Application filtering rule update:[application|executable name]

10031

Application filtering rule (storage policy) updated

[Engine-01|DBMGR|10031|account] Product or source filtering rule update:[product|application name]

10032

Device filtering rule (storage policy) updated

[Engine-01|DBMGR|10032|account] Source filtering rule update:[source|device name]

10034

Finder request execution

[Engine-01|Communication|10034|account] Request execution:[request type|request details]

10035

Alert execution

[Engine-01|Alert|10035|account] Alert execution:[alert name|alert frequency|number of impacted objects|selector]

10038

License updated

[Engine-01|License|10038|nxengine] License updated: D licensed sources, S licensed servers, M licensed mobile devices with enabled features

10039

NXQL request execution

[Engine-01|WebAPI|10039|account] NXQL V2 execution:[duration ms|wait ms|computation ms| dump ms|NXQL query]

The start and stop commands for the Engine that are executed from the command line interface (CLI) are logged in journalctl. Run the following command to retrieve them:

sudo journalctl -u nxengine@*.service | grep systemd

RELATED TASK

configure the system log
Configuring the system log