netid.exe -report - send reports to different sources


netid.exe -report [eventlog …​]|[registry …​]|[file …​]


A built-in reporting functionality that can send information when something happens to EventViewer/Registry or a file. The reporting is generic and is usually called on as part of an action:

$ netid.exe -report eventlog …
$ netid.exe -report registry …
$ netid.exe -report file …



netid.exe -report [eventlog -application <app> -number <token number> [-result <rv>]|[-info <info>]]
-application <app>

Application name.

-number <token number>

Token number.

-result <rv>

The <rv> variable is the PKCS#11 return code. There are four standard values that are the usual return codes: 160, 161, 162, and 164.

#define CKR_PIN_INCORRECT 0x000000A0
#define CKR_PIN_INVALID 0x000000A1
#define CKR_PIN_LEN_RANGE 0x000000A2
#define CKR_PIN_LOCKED 0x000000A4

Still, any PKCS#11 return code can be reported, as long as the return code has a defined error string in the language tables.

Reporting is also available for success or any other information scenarios.

-info <info>

Information to show if the result argument is not used.

There are some limitations due to the event viewer architecture, require resources in the binary for language translation. To allow for the flexible language support in Net iD Client all events are stored with the same event ID. You must open the event to see what really happened.


There are times when you need to set some registry values to report a logon. You should be able to do the same thing using the config command, but the method described here is considered as best practice.

netid.exe -report [registry -path <path> -names <name-list> …​]
-path <path>

Registry key path.

-names <names>

List of value names. The list is optional and the default values are "user;time;result;info;number". The user and time values are automatically set to current user and the current time (GMT).


The report file command adds a new line with information to a file.

netid.exe -report [file -path <path> -value <value>]
-path <path>

Full path to the file that stores the information.

-value <value>

Anything that can be found from the logon credentials and extracted using the built-in variable expansion.



Example 1. Show result 160, PIN is incorrect.
$ netid.exe -report eventlog -application myapp.exe -number 12345678 -result 160
Example 2. Send information to Event Properties using -info <info>.

Instead of result you should send the information you need reported.

$ netid.exe -report eventlog -application myapp.exe -number 12345678 -info "Whatever happens happens"
Example 3. Define the type of event to get the suitable icon in the event list.
#define EVENTLOG_ERROR_TYPE 0x0001
$ netid.exe -report eventlog -application myapp.exe -number 12345678 -info "Whatever happens happen" -type 2


Example 4.  
$ netid.exe -report registry -path HKCU\Software\SecMaker\NetiD -result 160 -number 12345678 -application myapp.exe
"Time"="2019-04-23 14:23:20"
"Result"="PIN is incorrect. (E11)"

The value is overwritten at next logon, and no history is kept. It can be useful for some applications that need this information.

Example 5. Reporting a successful login.
01=LoginSuccessLOGON registry -path HKCU\Software\SecMaker\NetiD -names "user;time;number" -number {token-number}
"Time"="2019-04-23 14:23:20"


Example 6. Report to file using variable expansion.

The content of value can be anything that is found from the logon credentials and extracted using the built-in variable expansion.

01=LoginSuccessPKCS11 file -path C:\Temp\logon.txt -value "{username},{token-number},{time-string},OK"
02=LoginFailedPKCS11 file -path C:\Temp\logon.txt -value "{username},{token-number},{time-string},{result-string}"