I understand that SignServer uses Log4j within JBoss Application Server to store audit logs.
Currently, the default location is located in JBOSS_HOME/server/default/log/server.log
I would like to inquire if there is a web administration console similar to that of EJBCA, whereby the server administrator can view the log history, and export it with a signed certificate.
I also understand that we can set AUTHTYPE=CLIENTCERT to control administrative access. However, is it also possible to log all activities of each login session?
Thanks in advance.
Best Regards
Desmond
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Yes, currently only logging with Log4j is available in SignServer and there is no tool in SignServer for querying it. In future versions logging to database is planned and later also signed logs but when that is going the be implemented depends on when customer requires it and we get resources to build it.
In the mean time Log4j could be configured with Appenders sending the logs to other servers for inspection, external scripts could be used for signing the logs etc.
AUTHTYPE=CLIENTCERT is not for administrative access but for clients requesting signatures from workers. This will be logged in the worker log with one entry per request containing all the configured fields. See http://www.signserver.org/manual/complete.en.html#Logging for how to configure the worker log.
Logging of administrative actions such as changing worker configuration etc is available when connecting to SignServer using the Admin web services (WS) interface for instance by runing the Admin GUI with the "-ws" option and logging in with a client certificate. Then every operation is logged and also the subject DN, issuer DN and serial number of the admin certificate.
Hi Everyone
I understand that SignServer uses Log4j within JBoss Application Server to store audit logs.
Currently, the default location is located in JBOSS_HOME/server/default/log/server.log
I would like to inquire if there is a web administration console similar to that of EJBCA, whereby the server administrator can view the log history, and export it with a signed certificate.
I also understand that we can set AUTHTYPE=CLIENTCERT to control administrative access. However, is it also possible to log all activities of each login session?
Thanks in advance.
Best Regards
Desmond
Hi Desmond,
Yes, currently only logging with Log4j is available in SignServer and there is no tool in SignServer for querying it. In future versions logging to database is planned and later also signed logs but when that is going the be implemented depends on when customer requires it and we get resources to build it.
In the mean time Log4j could be configured with Appenders sending the logs to other servers for inspection, external scripts could be used for signing the logs etc.
AUTHTYPE=CLIENTCERT is not for administrative access but for clients requesting signatures from workers. This will be logged in the worker log with one entry per request containing all the configured fields. See http://www.signserver.org/manual/complete.en.html#Logging for how to configure the worker log.
Logging of administrative actions such as changing worker configuration etc is available when connecting to SignServer using the Admin web services (WS) interface for instance by runing the Admin GUI with the "-ws" option and logging in with a client certificate. Then every operation is logged and also the subject DN, issuer DN and serial number of the admin certificate.
Best regards,
Markus
http://www.primekey.se/Services/Support/
http://www.primekey.se/Services/Training/