The purpose of the system log is to log events concerning the SignServer application but not necessarily related to any signing transaction. Signing transactions are covered by the Worker Log. The audit log covers key and certificate management events, status properties updates, for instance for the status of the time source, and to some extent also configuration changes. For details, see the following table of events.
From version 3.4.0, SignServer uses the CESeCore library to perform audit logging.
Available Log Events
Services |
|---|
SIGNSERVER_STARTUP | Logged at startup of the SignServer application. VERSION: The version of SignServer. Example:
XML
EVENT: SIGNSERVER_STARTUP; MODULE: SERVICE; ADMINISTRATOR: null; ISSUER: null; SERIAL_NUMBER: null; WORKER_ID: null; VERSION: SignServer 3.3.0alpha12; REPLY_TIME:1350562045545
|
SIGNSERVER_SHUTDOWN | Logged at shutdown of the SignServer application. VERSION: The version of SignServer. Example:
XML
EVENT: SIGNSERVER_SHUTDOWN; MODULE: SERVICE; ADMINISTRATOR: null; ISSUER: null; SERIAL_NUMBER: null; WORKER_ID: null; VERSION: SignServer 3.3.0alpha12; REPLY_TIME:1350562045545
|
Global Configuration |
|---|
SET_GLOBAL_PROPERTY | Logged when a global configuration property was updated. GLOBALCONFIG_PROPERTY: The property that was updated.
GLOBALCONFIG_VALUE: The new value of the property. Example:
XML
EVENT: SET_GLOBAL_PROPERTY; MODULE: GLOBAL_CONFIG; ADMINISTRATOR: null; ISSUER: null; SERIAL_NUMBER: null; WORKER_ID: null; GLOBALCONFIG_VALUE: TESTVALUE47; GLOBALCONFIG_PROPERTY: GLOB.TESTPROPERTY47; REPLY_TIME:1350657202153
|
REMOVE_GLOBAL_PROPERTY | Logged when a global configuration property was removed. GLOBALCONFIG_PROPERTY: The property that was removed. Example:
XML
EVENT: REMOVE_GLOBAL_PROPERTY; MODULE: GLOBAL_CONFIG; ADMINISTRATOR: null; ISSUER: null; SERIAL_NUMBER: null; WORKER_ID: null; GLOBALCONFIG_PROPERTY: GLOB.TESTPROPERTY47; REPLY_TIME:1350657202444
|
GLOBAL_CONFIG_RELOAD | Logged when the global configuration was reloaded from the database. Example:
XML
EVENT: GLOBAL_CONFIG_RELOAD; MODULE: GLOBAL_CONFIG; ADMINISTRATOR: null; ISSUER: null; SERIAL_NUMBER: null; WORKER_ID: null; REPLY_TIME:1350657202593
|
GLOBAL_CONFIG_RESYNC | Logged when the resync command was executed. Example:
XML
EVENT: GLOBAL_CONFIG_RESYNC; MODULE: GLOBAL_CONFIG; ADMINISTRATOR: null; ISSUER: null; SERIAL_NUMBER: null; WORKER_ID: null; REPLY_TIME:1350894343902
|
Worker Configuration |
|---|
SET_WORKER_CONFIG | Logged when a worker's configuration was updated by adding and/or removing and/or changing any values. WORKER_ID: The ID of the worker. Changes in worker properties are logged with prefixes added/changed/removed followed by a colon and the property name a colon and the property value.
Several property changes can occur in one log line (see examples below). Authorized clients are shown as a property with the name authorized_client. Example:
XML
EVENT: SET_WORKER_CONFIG; MODULE: WORKER_CONFIG; ADMINISTRATOR: null; ISSUER: null; SERIAL_NUMBER: null; WORKER_ID: 100; added:FOO: bar; REPLY_TIME:1350657202773
XML
EVENT: SET_WORKER_CONFIG; MODULE: WORKER_CONFIG; ADMINISTRATOR: null; ISSUER: null; SERIAL_NUMBER: null; WORKER_ID: 100; changed:FOO: newvalue; REPLY_TIME:1350657202873
XML
EVENT: SET_WORKER_CONFIG; MODULE: WORKER_CONFIG; ADMINISTRATOR: null; ISSUER: null; SERIAL_NUMBER: null; WORKER_ID: 100; removed:FOO: newvalue; REPLY_TIME:1350657202873
XML
EVENT: SET_WORKER_CONFIG; MODULE: WORKER_CONFIG; ADMINISTRATOR: null; ISSUER: null; SERIAL_NUMBER: null; WORKER_ID: 100; added:FOO: bar; changed:BAR: newvalue; REPLY_TIME:1350657202873
XML
EVENT: SET_WORKER_CONFIG; MODULE: WORKER_CONFIG; ADMINISTRATOR: null; ISSUER: null; SERIAL_NUMBER: null; WORKER_ID: 100; added:authorized_client: SN: 1234567890, issuer DN: CN=Test; REPLY_TIME:1350657202873
|
CERTINSTALLED | Logged when a certificate was uploaded to the worker configuration. WORKER_ID: The ID of the worker.
CERTIFICATE: The certificate in PEM format.
SCOPE: If the setting was at GLOBAL or NODE scope.
NODE: The ID of the node if the setting was at NODE scope, otherwise not available. Example:
XML
EVENT: CERTINSTALLED; MODULE: WORKER_CONFIG; ADMINISTRATOR: null; ISSUER: null; SERIAL_NUMBER: null; WORKER_ID: 100; CERTIFICATE: Subject: CN=Anyone Issuer: CN=Anyone
-----BEGIN CERTIFICATE-----
MIIBnTCCAQagAwIBAgIIWWNYSOeuN+swDQYJKoZIhvcNAQEFBQAwETEPMA0GA1UE
AwwGQW55b25lMB4XDTEyMTAxOTE0MzMyM1oXDTEzMTAxOTE0MzMyM1owETEPMA0G
A1UEAwwGQW55b25lMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCDE9GElbJd
e74WmIpPSsIF9r5vv0oH6WWo7n31goR1zMIHJPC9V1mpwQZ6C0uCHCV2ZvqQIIAE
ZQM7mgbPfxjCF74RqKzScZlOSaHnvdf7zCWpYraVrIDt9Wg3HMxye0/L3cCImmkY
FkFtabtoa5UuPZObdIt154Yg+GpGB8aPBwIDAQABMA0GCSqGSIb3DQEBBQUAA4GB
AHm3oAUHwM0KwMcEUwWouE0f4+UK6ZvYvxLAgiCVZQnPImcqX1oBl+iFV59FlsXj
rqoQYJROxIeV0ByGeyBYXqvgTw1YtdqoR+wKmiymjn/lynmTh1fQMcFoUouGfubX
EK4rfPBXEl33gKbsO5aeMHd5iF2jtx7RfYMsOuHKoDSe
-----END CERTIFICATE-----
; SCOPE: GLOBAL; REPLY_TIME:1350657204367
|
CERTCHAININSTALLED | Logged when a certificate chain was uploaded to the worker configuration or imported to a crypto token. With MODULE: WORKER_CONFIG the certificate chain was installed in the configuration: WORKER_ID: The ID of the worker.
CERTIFICATECHAIN: The certificates in PEM format.
SCOPE: If the setting was at GLOBAL or NODE scope.
NODE: The ID of the node if the setting was at NODE scope, otherwise not available. Example:
XML
EVENT: CERTCHAININSTALLED; MODULE: WORKER_CONFIG; ADMINISTRATOR: null; ISSUER: null; SERIAL_NUMBER: null; WORKER_ID: 100; CERTIFICATECHAIN: Subject: CN=Signer,C=SE Issuer: CN=Issuer,C=SE
-----BEGIN CERTIFICATE-----
MIIBdjCCASCgAwIBAgIIE+fXOs/SAwMwDQYJKoZIhvcNAQEFBQAwHjEPMA0GA1UE
AwwGSXNzdWVyMQswCQYDVQQGEwJTRTAeFw0xMjEwMjIwNzQ1MDZaFw0xMzEwMjIw
NzQ1MDZaMB4xDzANBgNVBAMMBlNpZ25lcjELMAkGA1UEBhMCU0UwgZ8wDQYJKoZI
hvcNAQEBBQADgY0AMIGJAoGBAKpX5psdaL5CHAKSxoOvB12Ie8iUb/mX6ikF8jfu
zrbwVgf6bX0RCUnD+v+t9vY7byz+nN32KnmGluNGdBFdM1Ug9Oc+64ZNBbgZi9mi
cHnKMDLLSECBY2Nux62PZejp5SwtzpjFymt3TMCtRr4UHGu3zkuqLLCHFlGRdvdo
MPQ9AgMBAAEwDQYJKoZIhvcNAQEFBQADQQADlInGm9AujZfL+1kM7ehaKyKKencF
fp6YGElOpGEplxxIwgmVc0iYKv4rCkfUAysYL6l3AC+VLK1asxkpEJc1
-----END CERTIFICATE-----
Subject: CN=Issuer,C=SE
Issuer: CN=Issuer,C=SE
-----BEGIN CERTIFICATE-----
MIIBMTCB3KADAgECAggbfKZHs8ttKDANBgkqhkiG9w0BAQUFADAeMQ8wDQYDVQQD
DAZJc3N1ZXIxCzAJBgNVBAYTAlNFMB4XDTEyMTAyMjA3NDUwNloXDTEzMTAyMjA3
NDUwNlowHjEPMA0GA1UEAwwGSXNzdWVyMQswCQYDVQQGEwJTRTBcMA0GCSqGSIb3
DQEBAQUAA0sAMEgCQQCpgzxJ6r6D1cP8v1AB88pJsCwi0SJdeRSGYydYYBOafJk0
fpqxJCwaiFS3tt9OkWUAXzcixv5+sItkEuEOpmp7AgMBAAEwDQYJKoZIhvcNAQEF
BQADQQCC5NG3eWx/mXXKZmePOvZEIwyqWHOwzsBB174gkzlyhOdiOr3YwVihyebI
VAfkEktRrO04Hi5eLR+AxW7EVz6l
-----END CERTIFICATE-----
; SCOPE: GLOBAL; REPLY_TIME:1350891906417
With MODULE: KEY_MANAGEMENT the certificate chain was imported to the token: WORKER_ID: The ID of the worker.
CERTIFICATECHAIN: The certificates in PEM format.
KEYALIAS: The alias of the entry in the token.
CRYPTOTOKEN: Name of the configured crypto worker or the name or ID of the current worker if no separate crypto worker is used. Example:
XML
EVENT: CERTCHAININSTALLED; MODULE: KEY_MANAGEMENT; ADMINISTRATOR: CLI user; ISSUER: null; SERIAL_NUMBER: null; WORKER_ID: 5801; KEYALIAS: testkeyalias10; CRYPTOTOKEN: HSMCryptoToken1; CERTIFICATECHAIN: Subject: CN=testkeyalias10,C=SE
Issuer: CN=Issuer,C=SE
-----BEGIN CERTIFICATE-----
MIIBMjCB3aADAgECAgEBMA0GCSqGSIb3DQEBCwUAMB4xDzANBgNVBAMMBklzc3Vl
cjELMAkGA1UEBhMCU0UwHhcNMTUwNTI5MTEzMTAyWhcNMTYwNTI4MTEzMTAyWjAm
MRcwFQYDVQQDDA50ZXN0a2V5YWxpYXMxMDELMAkGA1UEBhMCU0UwXDANBgkqhkiG
9w0BAQEFAANLADBIAkEAggmuPO78M3hhwh4MrxYzt0LM6vLmI4IWjLxO8EK8R0FV
cDu5Rruxc/a51LCt8J8dOxm34h0RakqzObbFYZxwZwIDAQABMA0GCSqGSIb3DQEB
CwUAA0EAYR/N98UTyjnkFMnRmd1dQfsD6cih7Dt6NTi+qxFeMbbuzVA9HhRcXwQn
NChSJMtvJ9sKslfhlfqwZGPChSFg3g==
-----END CERTIFICATE-----
Subject: CN=Issuer,C=SE
Issuer: CN=Issuer,C=SE
-----BEGIN CERTIFICATE-----
MIIBMTCB3KADAgECAghQdZlXUcZalTANBgkqhkiG9w0BAQUFADAeMQ8wDQYDVQQD
DAZJc3N1ZXIxCzAJBgNVBAYTAlNFMB4XDTE1MDUyOTExMzEwMloXDTE2MDUyODEx
MzEwMlowHjEPMA0GA1UEAwwGSXNzdWVyMQswCQYDVQQGEwJTRTBcMA0GCSqGSIb3
DQEBAQUAA0sAMEgCQQCa35ZZru5A2DigDNyOdsZL789dVVlUTXch/Fa0e82X+FLc
kuMoRqAuxrEw/5+uG1Xi7EkysdgyRPbdYHmv3hBlAgMBAAEwDQYJKoZIhvcNAQEF
BQADQQAS3us4jsjHRSooeNuaaAdWjrA7b/nVnkhRjEmHUCORJXGwnHykUGB2idj6
d3UejoxEJ78E+EAYWO2JvKbhV0ku
-----END CERTIFICATE-----
; REPLY_TIME:1432899062650
|
KEYSELECTED | Logged when the key-pair to use was selected by changing the value of the DEFAULTKEY worker property. WORKER_ID: The ID of the worker.
KEYALIAS: The new key alias.
CRYPTOTOKEN: Name of the configured crypto worker or the name or ID of the current worker if no separate crypto worker is used.
SCOPE: If the setting was at GLOBAL or NODE scope.
NODE: The ID of the node if the setting was at NODE scope, otherwise not available. Example:
XML
EVENT: KEYSELECTED; MODULE: WORKER_CONFIG; ADMINISTRATOR: null; ISSUER: null; SERIAL_NUMBER: null; WORKER_ID: 100; KEYALIAS: ts_key00002; CRYPTOTOKEN: TestSigner6000; SCOPE: GLOBAL; REPLY_TIME:1350891907048
|
Key Management |
|---|
KEYGEN | Logged when a new key-pair was generated using the built-in key generation command. WORKER_ID: The ID of the worker.
KEYALIAS: The new key alias.
CRYPTOTOKEN: Name of the configured crypto worker or the name or ID of the current worker if no separate crypto worker is used.
KEYSPEC: The key specification (i.e. RSA bit length or EC curve).
KEYALG: The key algorithm. Example:
XML
EVENT: KEYGEN; MODULE: KEY_MANAGEMENT; ADMINISTRATOR: null; ISSUER: null; SERIAL_NUMBER: null; WORKER_ID: 5676; KEYALIAS: ts_key00004; CRYPTOTOKEN: HSMCryptoToken0; KEYSPEC: 2048; KEYALG: RSA; REPLY_TIME:135089190791
|
KEYTEST | Logged when the key test command was executed and a test signing with either the specified key or all keys in the slot if that was specified. WORKER_ID: The ID of the worker.
KEYALIAS: Alias of the the key to test or "all" to test all available keys in the slot.
CRYPTOTOKEN: Name of the configured crypto worker or the name or ID of the current worker if no separate crypto worker is used.
TESTRESULTS: The test report with an entry for each tested key. Example:
XML
EVENT: KEYTEST; MODULE: KEY_MANAGEMENT; ADMINISTRATOR: null; ISSUER: null; SERIAL_NUMBER: null; WORKER_ID: 47; KEYALIAS: all; CRYPTOTOKEN: HSMCryptoToken1; TESTRESULTS: KeyTestResult{alias=tsu47_key00005, success=true, status=, publicKeyHash=979359e5261112b11fac341962bec1e7e6052d9e}
KeyTestResult{alias=key5, success=true, status=, publicKeyHash=46b264e4892ef2e4fd9616e4927534ca3597fd9c}
KeyTestResult{alias=key3, success=true, status=, publicKeyHash=ae64792f1f50e23eb54bf79d46d819bc07db2d79}
KeyTestResult{alias=key2, success=true, status=, publicKeyHash=b1317f363e6124a8e15bba8c1adb9f20b2f4ef59}
KeyTestResult{alias=TS Signer 1, success=true, status=, publicKeyHash=8f6dfccdcea931d4deee9466f43c0eb0e7f4d8b1}
; REPLY_TIME:1350564289165
|
GENCSR | Logged when a certificate signing request (CSR) was generated. WORKER_ID: The ID of the worker.
KEYALIAS: The key alias of the key used to generate the CSR.
FOR_DEFAULTKEY: True if the "default key" was requested.
CRYPTOTOKEN: Name of the configured crypto worker or the name or ID of the current worker if no separate crypto worker is used.
CSR: Base64 encoded CSR (typically in PKCS#10 format). Example:
CODE
EVENT: GENCSR; MODULE: KEY_MANAGEMENT; ADMINISTRATOR: null; ISSUER: null; SERIAL_NUMBER: null; WORKER_ID: 5676; KEYALIAS: ts_key00004; CRYPTOTOKEN: HSMCryptoToken0; CSR: MIIBYDCBygIBADAjMRQwEgYDVQQDDAtUUyBTaWduZXIgMTELMAkGA1UEBhMCU0Uw
gZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAJt8F51wD+QcX+WLyIxjWu3at3q+
IiJrL5jIenmggUhjOLHGHOStoNOiYEQAaiiTZ623m9y7O3zhqFdAdWZg+JrfsHQJ
pjKV9RgvJznl6yk/K54BWOBgqjvbloAUGtn8y8Hf+5DYJUJNFqrzvRLcmCQ9JU0H
mgSmEIqgOIwBL3oBAgMBAAEwDQYJKoZIhvcNAQEFBQADgYEAer5hr/cUYx4jy0XO
N4U8sP/2gSFppytx9dn5BamVBLjDkcML8B3c9u9omDPebd+LEsCU+HCmYN9xHkSS
Ei8lcAqyVv+SDLEmvE8gnrPFR/J7uADCRayLVQumW6/YpVO/sFEGuM6rgnn8ZJmW
X2lhvJ4V1UhlkEAeyIQ861U3IgE=; REPLY_TIME:1350891907981
|
KEYREMOVE | Logged when a key was removed or an removal attempt was performed. WORKER_ID: The ID of the worker.
KEYALIAS: The key alias of the key removed.
CRYPTOTOKEN: Name of the configured crypto worker or the name or ID of the current worker if no separate crypto worker is used.
SUCCESS: True if the key was removed or false if the removal failed or if removal was not supported by the token. Example:
XML
EVENT: KEYREMOVE; MODULE: KEY_MANAGEMENT; ADMINISTRATOR: CLI user; ISSUER: null; SERIAL_NUMBER: null; WORKER_ID: 20003; KEYALIAS: signKey000002; CRYPTOTOKEN: HSMCryptoToken1; SUCCESS: true; REPLY_TIME:1391008847962
|
Status Repository |
|---|
SET_STATUS_PROPERTY | Logged when a status property was updated. STATUSREPO_PROPERTY: The updated property.
STATUSREPO_VALUE: The new property value.
STATUSREPO_EXPIRATION: Expiration time for the status property (timestamp), if any. Example:
XML
EVENT: SET_STATUS_PROPERTY; MODULE: STATUS_REPOSITORY; ADMINISTRATOR: null; ISSUER: null; SERIAL_NUMBER: null; WORKER_ID: null; STATUSREPO_EXPIRATION: 1350891909366; STATUSREPO_PROPERTY: TEST_PROPERTY1; STATUSREPO_VALUE: TESTVALUE47; REPLY_TIME:1350891908372
|
Worker Processing |
|---|
PROCESS | Logged for events regarding worker processing such as when a worker logger can not be used because the requested worker does not exist. WORKER_ID: The ID of the worker or empty in case of non existing worker.
Worker logger fields: All fields available to the worker logger. Example:
XML
EVENT: PROCESS; MODULE: WORKER; ADMINISTRATOR: null; ISSUER: null; SERIAL_NUMBER: null; WORKER_ID: null; LOG_ID: db517726-ff0d-40dd-8f2b-2297925cb4d3; CLIENT_IP: 127.0.0.1; PROCESS_SUCCESS: false; REQUEST_LENGTH: 0; XFORWARDEDFOR: null; FILENAME: noname.dat;
REQUEST_FULLURL: http://localhost:8080/signserver/process?null; LOG_TIME: 1350628977410; WORKER_ID: 0; EXCEPTION: No such worker: 0; REPLY_TIME:1350628977411
|
