IdentifyMe supports extensive logging for monitoring, reporting and debugging needs.

Types of logs

Name Abbreviation Description
System log SYS Contains all information, warnings, errors and debug logs
Collects information about how the system is used:
- When Identify's REST API is called
- Changes made via IdentifyMe's UI
- Other activities that happen on the IdentifyMe server side
Security log SEC Security log contains data about:
- Authentication (OpenID Connect) messages
- Session fixation detector
- Access token validation
- Update users' profiles
- T-OTP/WebAuthn authenticators registration

Logging settings in IdentifyMe

IdentifyMe follows that same logging settings that you can find on the Logging page. Specifically, IdentifyMe shares the log level setting with Identify Runtime.


Text file location

The default folder for logging when Text file is used is C:\Program Files\Safewhere\Identify\Tenants\[your_tenant]\Logs\SelfService. You can change the log folder by editing the C:\Program Files\Safewhere\Identify\Tenants\[your_tenant]\selfservice\appsettings.json file.


Database tables

The default database table for logging when Serilog sinks is used:

  • SQL database: [IdentifyAudit].[your_tenant].[Logs]


  • MongoDB & CosmosDB: [IdentifyAudityour_tenant][logs]


Enable logging features

The Logging features section allows you to control what log types that IdentifyMe needs to log, currently, IdentifyMe supported two log types:

  • Security: control whether Identify should do security log. Recommended setting for production: checked.


Log examples

Log entries are in JSON format.

System log

Name Description
Type Log type, value must be SYS
RequestId Unique ID dynamically generated for every event
BuildNumber Build number of the running IdentifyMe instance
System Value must be Selfservice
EventId Every log event has a unique event id.
LogId Unique ID dynamically generated for every event
Timestamp Time event occurs
IPAddress IP of the machine initiates the request
MachineName Name of the machine initiates the request
UserId Unique ID of the user that produced the request
LogLevel Severity level, eligible values are DEBUG, INFO, WARNING, ERROR
LogMessage More detail information about the event

Notice that, for every incoming web request, Identify logs an event with ID 8010 that contains request's parameters.

Name Description
HttpRequestParameters The HTTP request parameters, consist of Path, Method, RequestContent and RequestCookies parameters

Security log

Name Description
Type Log type, value must be SEC
Component Must be Selfservice
Action The detail description of an action. (In the example JSON above, it's OIDC event action)
Other attributes Similar to those of the SYS log

Appendix A: List of Event IDs for System log (SYS)

ID Description
10020 Common debug logs
10021 Common information logs
10022 Common warning logs
10023 Common errors logs
10024 HTTP request parameters
10025 OIDC debug logs
10026 All REST API requests (GET/POST/PUT/DELETE) to Identify
10027 License validation error
10028 An error happens while loading user session settings

Appendix B: List of event IDs for Security log (SEC)

ID Description
10040 OIDC authentication failure
10041 OIDC access denied
10042 OIDC token validated
10043 Invalid authorization actions
10044 Redirect to Identity Provider to log out
10045 Redirect from Identity Provider to callback endpoint
10046 Redirect to Identity Provider to log in
10047 Invoked after security token validation if an authorization code is present in the protocol message.
10048 Invoked after "authorization code" is redeemed for tokens at the token endpoint.
10049 User's login session management operations
10050 Get system token from Identify succeeded
10051 Get system token from Identify failure
10052 Sign-in redirect endpoint URL
10053 Invoked when there is a remote failure
10054 User's information updated
10055 Reset a T-OTP authenticator
10056 Reset a WebAuthn authenticator
10057 Onboard a T-OTP authenticator
10058 Onboard a WebAuthn authenticator