The Audit Trail is designed to help administrators discover if and when issues occur during registration, authentication, or transaction. HYPR captures this user activity data and provides access to it in a simple, easy-to-use interface which lowers troubleshooting time and personnel resources so the issue can be identified and remedied at speed.
These may also help in understanding and interpreting HYPR Events:
The Audit Trail is a collection of user activity Events generated by the components in the HYPR ecosystem. These captured Events span the entirety of the flow of operations, whether it's registration, authentication, deregistration, or a transaction. At every step of each HYPR request or response, an Event is generated and collected with its corresponding information.
Event data is stored in a separate schema away from the critical HYPR FIDO databases. This allows registration, authentication, and deregistration flows to continue functioning without being affected. The connection information to this schema can be found in the Vault; a HYPR representative can help you find it. The settings for the Audit Trail schema will be automatically set up for you during installation.
We anticipate there could be potentially millions of records in this database. We have included a means to roll over the data. This mechanism will be described in detail at the bottom of this guide.
Each single captured Event is a result of a successful or failed attempt.
A full list of all Events and common parameters can be found in the Event Descriptions article. Not every Event is listed in the CC Audit Trail; some only appear in API responses.
Events triggered from a mobile device (including security keys) will display the Device OS, OS Version, Device Model, Device ID, and SDK Version. See parameter details here.
Events triggered from a workstation will display Extended Message, OS Version, Model, OS, Offline Access Enabled, Offline Token Length, Offline Token Count, Offline Access Days, Tokens Available, and Tokens Remaining. See parameter details here.
Events triggered from the server will display the Node ID and Control Center Version. See parameter details here.
Events triggered from web operations will display the Extended Message and Machine Name. See parameter details here.
The Audit Trail feature is Application-specific and does not encompass a global scope as such. You can locate it in the left navigation panel of the Control Center under App Properties.
When you first click on the Audit Trail option, the last 10 minutes of Events will be displayed by default.
To expand the searchable timeframe, click the calendar icon.
|Gets the last 24 hours of Events.
|Gets the Events from midnight to current time.
|Gets the Events from yesterday.
|Last 7 days
|Gets the Events from the last 7 days.
|Last 30 Days
|Gets the Events from the last 30 days.
You can also select a specific timeframe by clicking the Start Date and End Date in the calendar. For a more precise timeframe search, you also can enter in a time (HH:MM:SS format).
The Audit Trail allows searching by Username, Machine ID, Session ID or Device ID. Searching on one of these identifiers allows the administrator to narrow down the action and get a resolution to the issue without having to dig through the server logs. By quickly identifying a failed event and cross-referencing it with one of the above identifiers, you can further glean the root cause of the issue.
To export rows of the Audit Trail, select the checkbox next to the row you want to export and click the Export button. This will provide you with a
.CSV file with all selected rows.
You have found a failed Event that is a timeout. By searching for the Machine ID, you see that this particular user has many timeouts and errors which say, "Did not receive anything from device." This could be a device issue. Check connectivity and try again.
We keep the last 30 days of Event data.
Every hour we archive the data that is older than 30 days into a backup table.
The backup retains data indefinitely.
Mobile users may be asked to use the support email function, which will generate an email of required debug information.
Support Email Configuration
Support email is set in Control Center Advanced Config Menu: UI Management.
- Check the diagnostic email from the user.
- Copy the FIDO ID (Identifer) and paste it into the Audit Trail search.
- Locate the final error Code: ####### entry and note the value.
- Check the list of HYPR Error Codes for error details and resolution steps.
Integrate Audit Trail APIs into your application to leverage advanced search capabilities or improve integration with the existing system.
Learn more about API Access.
Updated 2 months ago