Auditing is a detective security control that supports the ability to identify security incidents, policy violations, fraudulent activity, and operational problems as they occur. Logs today are voluminous, disorganized, difficult to understand, and inconsistent.
Log locations
Event codes
Blackboard adds event codes regularly. Items noted as "<Reserved>" are pre-allocated to an upcoming release.
| Event Code | Default Severity | Definition | Comments | Available Beginning in | Source | Log Location |
|---|---|---|---|---|---|---|
| 0 | 0 | Login | 9.1 SP8 | Authentication | bb-authentication-log.txt | |
| 1 | 2 | Invalid Username | 9.1 SP8 | Authentication | bb-authentication-log.txt | |
| 2 | 2 | Invalid Password | 9.1 SP8 | Authentication | bb-authentication-log.txt& | |
| 3 | 0 | Logout | 9.1 SP8 | Authentication | bb-authentication-log.txt | |
| 4 | 0 | Session Expiration | 9.1 SP8 | Authentication | bb-authentication-log.txt | |
| 5 | 6 | Error | 9.1 SP8 | Authentication | bb-authentication-log.txt | |
| 6 | 0 | Info | 9.1 SP8 | Authentication | bb-authentication-log.txt | |
| 7 | <Reserved> | |||||
| 8 | <Reserved> | |||||
| 9 | <Reserved> | |||||
| 10 | <Reserved> | |||||
| 11 | <Reserved> | |||||
| 12 | <Reserved> | |||||
| 13 | 6 | Invalid or Missing Cross-site Request Forgery Nonce Detected | 9.1 SP12 | Application Sensor | bb-security-log.txt | |
| 14 | 6 | Invalid URL Redirection Detected | 9.1 SP12 | Application Sensor | bb-security-log.txt | |
| 15 | 8 | URL Redirection Whitelist Entry Added | 9.1 SP12 | Application Sensor | bb-security-log.txt | |
| 16 | 8 | URL Redirection Whitelist Entry Deleted | 9.1 SP12 | Application Sensor | bb-security-log.txt | |
| 17 | 6 | Invalid Resource Link in Course Package | Course packages should not have invalid resource link tokens unless they are course packages from a different instance.
Numerous invalid resource link tokens could indicate a brute force attempt to gain unauthorized access to course files. |
9.1 SP12 | Application Sensor | bb-security-log.txt |
| 18 | 0 | Input Validation Filter B2 Configuration File Updated | 9.1 SP8 | Input Validation Filter B2 | bb-input-validation-filter-log.txt | |
| 19 | 2 | Input Validation Filter B2 Rule Violation Detected and Logged | 9.1 SP8 | Input Validation Filter B2 | bb-input-validation-filter-log.txt | |
| 20 | 6 | Input Validation Filter B2 Rule Violation Detected and HTML Escaped | 9.1 SP8 | Input Validation Filter B2 | bb-input-validation-filter-log.txt | |
| 21 | 6 | Input Validation Filter B2 Rule Violation Detected and Safe HTML Filtered | 9.1 SP8 | Input Validation Filter B2 | bb-input-validation-filter-log.txt | |
| 22 | 8 | Input Validation Filter B2 Rule Violation Detected and Exception Thrown | 9.1 SP8 | Input Validation Filter B2 | bb-input-validation-filter-log.txt | |
| 23 | 10 | Security Library OWASP ESAPI B2 Not Available but is called | This situation would only occur if the B2 encountered an availability or installation issue. This is a core building block that should always be available. If this situation arose, areas calling this method would be blocked from execution through the NotImplementedException, thus failing secure as part of secure design principles.
In later releases, the ESAPI Security Module Building Block API is part of Blackboard Learn’s core code and is available by default. |
9.1 SP12 | Security Library - OWASP ESAPI B2 | bb-security-log.txt |
| 24 | 6 | Inline Receipt Message Signature Validation Failure Detected and Exception Thrown | Indicates improper use of the inline receipt message framework or a malicious attempt at abusing the framework for use in a phishing attack. | 9.1 SP12 | Inline Receipt Message Framework | bb-security-log.txt |
| 25 | <Reserved> | |||||
| 26 | 6 | Invalid Input Detected | Some locations in the Blackboard Learn platform log to this event code in the event input in an unexpected format or type is received.
This may be an indicator of a cross-site scripting attack. |
9.1 SP12 | Application Sensor | bb-security-log.txt |
| 27 | <Reserved> | |||||
| 28 | 0 if successful 6 if failure |
User Password Migration | On-login, user password hash migrated to new scheme successfully results in this event with outcome=success On-login, user password hash migration could not occur due to an exception results in this event with outcome=failure |
9.1 SP12 | User Password Storage | bb-security-log.txt |
| 29 | <Reserved> | |||||
| 30 | <Reserved> | |||||
| 31 | <Reserved> | |||||
| 32 | <Reserved> | |||||
| 33 | <Reserved> | |||||
| 34 | <Reserved> | |||||
| 35 | <Reserved> | |||||
| 36 | 0 | User Starting an Assessment Violated IP Address Rule | Identifies intentional and unintentional violations to the IP Address value or range restrictions set on an Assessment. An assessment that begins with an IP Address value/range restriction only has a severity of "0" | 9.1 SP14 | bb-security-log.txt | |
| 37 | 2 | User Taking or Finishing an Assessment Violated IP Address Rule | Identifies intentional and unintentional violations to the IP Address value or range restrictions set on an Assessment. An assessment that may start meeting the IP Address rule but then violates it during or at the completion of an assessment. | 9.1 SP14 | bb-security-log.txt | |
| 38 | 2 | IP Address Rule Overridden for an Assessment Attempt | Test Proctors may need to override a given blocked attempt for a particular student if the IP Address/Range was not configured correctly by the Administrator. These exceptions would be logged. | 9.1 SP14 | bb-security-log.txt | |
| 50 | <Reserved> | |||||
| 51 | <Reserved> |
