Audit Trail

HYPR Control Center Advanced: App Properties Menu

The Audit Trail is designed to help administrators discover if and when issues occur during registration, authentication, or transaction. HYPR captures this user activity data and provides access to it in a simple, easy-to-use interface which lowers troubleshooting time and personnel resources so the issue can be identified and remedied at speed.

Related Articles

These may also help in understanding and interpreting HYPR Events:

What Is the Audit Trail?

The Audit Trail is a collection of user activity Events generated by the components in the HYPR ecosystem. These captured Events span the entirety of the flow of operations, whether it's registration, authentication, deregistration, or a transaction. At every step of each HYPR request or response, an Event is generated and collected with its corresponding information.

How It Works

Event data is stored in a separate schema away from the critical HYPR FIDO databases. This allows registration, authentication, and deregistration flows to continue functioning without being affected. The connection information to this schema can be found in the Vault; a HYPR representative can help you find it. The settings for the Audit Trail schema will be automatically set up for you during installation.

We anticipate there could be potentially millions of records in this database. We have included a means to roll over the data. This mechanism will be described in detail at the bottom of this guide.

Events

Each single captured Event is a result of a successful or failed attempt.

2926

Audit Trail Events

πŸ“˜

Event Descriptions

A full list of all Events and common parameters can be found in the Event Descriptions article. Not every Event is listed in the CC Audit Trail; some only appear in API responses.

Mobile Device

Events triggered from a mobile device (including security keys) will display the Device OS, OS Version, Device Model, Device ID, and SDK Version. See parameter details here.

Workstation

Events triggered from a workstation will display Extended Message, OS Version, Model, OS, Offline Access Enabled, Offline Token Length, Offline Token Count, Offline Access Days, Tokens Available, and Tokens Remaining. See parameter details here.

Server

Events triggered from the server will display the Node ID and Control Center Version. See parameter details here.

Web

Events triggered from web operations will display the Extended Message and Machine Name. See parameter details here.

User Interface

The Audit Trail feature is Application-specific and does not encompass a global scope as such. You can locate it in the left navigation panel of the Control Center under App Properties.

Searching Events

When you first click on the Audit Trail option, the last 10 minutes of Events will be displayed by default.

Search by Time Frame

To expand the searchable timeframe, click the calendar icon.

Quick Filters

ParameterDescription
Last HourGets the last 24 hours of Events.
TodayGets the Events from midnight to current time.
YesterdayGets the Events from yesterday.
Last 7 daysGets the Events from the last 7 days.
Last 30 DaysGets the Events from the last 30 days.

User Interface

You can also select a specific timeframe by clicking the Start Date and End Date in the calendar. For a more precise timeframe search, you also can enter in a time (HH:MM:SS format).

Search by Username, Machine ID, Session ID, or Device ID

The Audit Trail allows searching by Username, Machine ID, Session ID or Device ID. Searching on one of these identifiers allows the administrator to narrow down the action and get a resolution to the issue without having to dig through the server logs. By quickly identifying a failed event and cross-referencing it with one of the above identifiers, you can further glean the root cause of the issue.

Export

To export rows of the Audit Trail, select the checkbox next to the row you want to export and click the Export button. This will provide you with a .CSV file with all selected rows.

Examples

You have found a failed Event that is a timeout. By searching for the Machine ID, you see that this particular user has many timeouts and errors which say, "Did not receive anything from device." This could be a device issue. Check connectivity and try again.

Database Rollover

We keep the last 30 days of Event data.
Every hour we archive the data that is older than 30 days into a backup table.
The backup retains data indefinitely.

Troubleshooting

Mobile User Flow

Mobile users may be asked to use the support email function, which will generate an email of required debug information.

πŸ“˜

Support Email Configuration

Support email is set in Control Center Advanced Config Menu: UI Management.

Administrative Troubleshooting

  1. Check the diagnostic email from the user.
1398
  1. Copy the FIDO ID (Identifer) and paste it into the Audit Trail search.
  1. Locate the final error Code: ####### entry and note the value.
  2. Check the list of HYPR Error Codes for error details and resolution steps.

API Access

Integrate Audit Trail APIs into your application to leverage advanced search capabilities or improve integration with the existing system.

Learn more about API Access.