Skip to main content

Audit security log

The following table lists the fields in the audit security log, <MachineName>_AuditSecurity_<Service>.txt.

Information noteThis log is not available for the Qlik Sense Engine Service (QES).
Information noteThe Audit security log does not include a Severity field. This is because all rows in the log have the same log level.
Audit security log fields
Field Format Description
Sequence# Int 1 - 2147483647 by default, but can be configured using custom logging as described in Appenders. Each row in the log starts with a sequence number that is used to ensure that the log is not tampered with (that is, that no rows are inserted or deleted). The sequence number wraps a) when the last sequence number is reached, or b) when the logging, for some reason, is restarted without the last sequence number being reached.
ProductVersion String

The version number of the Qlik Sense service (for example,

Timestamp ISO 8601

Timestamp in ISO 8601 format, YYYYMMDDThhmmss.fffK, where:

  • YYYY: Year
  • MM: Month
  • DD: Day in month
  • T: Delimiter
  • hh: Hour
  • mm: Minutes
  • ss: Seconds
  • fff: Milliseconds
  • K: Time zone offset

For example, 20110805T145657.000+0200 means year 2011, month 8, day 5 at 14:56:57 GMT+2.

HostName String The name of the server.
Id GUID A unique identifier of the log entry (added by Log4net).
Description String

A human-readable message that summarizes the action in the system.


Command=<CommandName>;Result=<ReturnCode (Int)>;ResultText=<Description, Success, or Error message>

ProxySessionId String

The ID of the proxy session.

0 = Internal system command or a command that does not go through the QPS

Information noteThe proxy session ID is logged as a salted-hash ID.
ProxyPackageId String

A unique ID of each HTTP(S) package that passes through the Qlik Sense Proxy Service (QPS).

0 = Internal system command or a command that does not go through the QPS

RequestSequenceId String

The combination of RequestSequenceId and ProxyPackageId is unique for every row in a log file and creates the timeline for the proxy session. The combination also forms a primary key in the log file.

The initial RequestSequenceId is an integer. Subrequests are linked to the initial request by adding a dot and an ID for the subrequest:

  • Initial request: RequestSequenceId = 1
    • Subrequest 1 based on the initial request: RequestSequenceId = 1.0
    • Subrequest 2 based on the initial request: RequestSequenceId = 1.1

0 = Internal system command or a command that does not go through the Qlik Sense Engine Service (QES)

UserDirectory String

The user directory linked to the logged in Qlik Sense user.

System = Internal system command

UserId String

The Qlik Sense user that initiated the command.

System = Internal system command

ObjectId String

The internal ID of the object. Used to link system actions to user actions.

0 = Cannot get the ID of the object

In some cases the ObjectId field contains multiple IDs, separated by the "|" (pipe) sign.

Example: ObjectId field containing multiple IDs

Log event: Start reload task

Contents of the ObjectId field: ed5715cd-2d7f-44ec-825f-44084efb3443|d63c7e4e-6089-4314-b60f-ed47ba6c35cc

  • First ID: The ID of the task.
  • Second ID: The ID of the app.
ObjectName String

The human-readable name of the object. The ObjectName is linked to the ObjectId.

Not available = Cannot link the ObjectName to the ObjectId or the ObjectId is missing

In some cases the ObjectName field contains multiple names.

Example: ObjectName field containing multiple names

Log event: Start reload task

Contents of the ObjectName field: MyReload|MyApp

  • First identifier (MyReload): The name of the task.
  • Second identifier (MyApp): The name of the app.

The list of ObjectNames always matches the list of ObjectIds, meaning that the ObjectName in the first position is identified by the ID in the corresponding position of the ObjectId field. In this example the following IDs apply (see also the description of the ObjectId field):

  • MyReload = ed5715cd-2d7f-44ec-825f-44084efb3443
  • MyApp = d63c7e4e-6089-4314-b60f-ed47ba6c35cc
SecurityClass String

A categorization of the security-related information:

  • Security: Access to resources, authentication, authorization
  • License: License access, license usage, license allocation
  • Certificate: Certificate-related information
ClientHostAddress String The hostname/IP address of the client.
Service String The Qlik Sense service on the server that hosts the process.
Origin String

The origin of the request:

  • AppAccess
  • ManagementAccess
  • Not available
Context String

The context of the command.

The context can be a URL that is linked to the command or a short version of the module path linked to the command.

Command String The core name of the use case or system command.
Result String

Return code:

  • 0, 200 - 226: Success
  • Any other number: Error
Message String Text that describes the log entry. If the request is successful, this field contains "success".
Checksum ID Each row has a checksum. The security log file also includes a file signature.

Did this page help you?

If you find any issues with this page or its content – a typo, a missing step, or a technical error – let us know how we can improve!