Report

Report defines a list of events such as eventlog, registry, file strings, or specified actions to perform when the specified condition is fulfilled.

[Report]
01=LoginSuccess -action SetLastCertificate -certificate {certificate-thumbprint}
02=OperationSign -action SetLastCertificate -certificate {certificate-thumbprint}|{SET-LAST-AT-SIGN}||-|*
03=ExceptionLoaded eventlog -type 0x0001 -application {application-path} -info "Exception in extern library '{component}' for process {process-id}."

Report configuration setup

This is the structure of how to configure a condition for a Report setup.

[Report]
NN=<event> <value> [options]

NN: Two digit number, for example, 01, 02, 03 etc.
event: Available events are listed below.
value: Values are eventlog, registry, file strings, or specified actions.
options: Values can be given options as described on the report command page.

Events

PKCS11 engine

OperationSignPKCS11: Get a report if a sign operation with PKCS11 is successful.
OperationVerifyPKCS11: Get a report if a verify operation with PKCS11 is successful.
OperationDecryptPKCS11: Get a report if a decrypt operation with PKCS11 is successful.
OperationEncryptPKCS11: Get a report if a encrypt operation with PKCS11 is successful.
OperationDerivePKCS11: Get a report if a derive operation with PKCS11 is successful.

PKCS11 login

LoginSuccessPKCS11: Get a report if the PKCS#11 login was correct.
LoginFailedPKCS11: Get a report if the PKCS#11 login was unsatisfactory.

CP login

LoginSuccessLOGON: Get a report if the credential provider login was correct.
LoginSuccessUNLOCK_WORKSTATION: Get a report if the credential provider login was correct.
LoginSuccessCREDUI: Get a report if the credential provider login was correct.

Plugin login

LoginSuccess: Get a report if the Plugin, CSP, or KSP login was correct.
LoginFailed: Get a report if the Plugin, CSP, or KSP login was unsatisfactory.

Plugin signature

OperationSign: Get a report if a sign operation with plugin is successful.

Trace

TraceEnable: Get a report if trace is activated.
TraceDisable: Get a report if trace is disabled.
TraceClear: Get a report if trace is cleared.

PKCS11 Exception

ExceptionLoaded: Get a report if an exception occurs in library.

Values

These values are valid for all listed events.

eventlog [options]: See the report command for eventlog string configurations.
registry [options]: See the report command for registry string configurations.
file [options]: See the report command for file string configurations.
-action [options]: See the Available actions section for information about action types. The available actions are specified in the Action section.

Examples

LoginFailed

Example 1. eventlog performed at LoginFailed.

[Report]
01=LoginFailed eventlog -application lsass.exe -number {token-number} -result 160 -type 1

Example 2. eventlog performed at LoginFailed.

[Report]
01=LoginFailed eventlog -application "{application-name}" -number {token-number} -info "{result-message}" -type 0x0002

Example 3. registry performed at LoginFailed.

[Report]
01=LoginFailed registry -path HKCU\Software\Pointsharp\NetiD\Client\ReportResult\LoginFailed-{time} -names user;time;result;number -result {result} -number {token-number}

Example 4. file performed at LoginFailed.

[Report]
01=LoginFailed file -path "C:\Temp\Report.txt" -value "{token-number};{user};{time};{result-message}"

LoginSuccess

Example 5. Action performed at LoginSuccess.

[Report]
01=LoginSuccess -action SetLastCertificate -certificate {certificate-thumbprint}