MFA Guides

Event Logging Overview

Authentication events are logged by RapidIdentity Windows Client in the Windows System Log, as RapidIdentity Windows Client, by authentication type (smart card logon, contactless card logon, and emergency access logon), logon type (interactive logon, unlock, or remote interactive logon) and success or failure (except smart card logon failures in Vista and Windows 7).

Secured Applications events and Shared Workstation events are logged in the Windows Application Log as RapidIdentity Windows Client-SW.

Event logging is designed to collect logon, and general security information for operating system authentication and Secured Application events on one system only. These events are not aggregated in RapidIdentity Server.

Use of a traditional Security Event Management application is necessary to aggregate multiple security events from multiple systems. RapidIdentity Windows Client monitors username and password (Windows XP only), contact smart card, contactless, and Emergency Access authentication events in Windows XP, Windows Vista, and Windows 7. Windows logs username and password events for Windows Vista and Windows 7.

RapidIdentity Windows Client also logs Secured Applications (logon) events to the Windows Application Log. The following overview provides the general information required to understand how RapidIdentity Windows Client implements event logging in a Windows environment.