The purpose of the system log is to log events concerning the SignServer application but not necessarily related to any signing transaction (that is covered by the Worker Log). The audit log covers key and certificate management events, status properties updates (for instance for the status of the time source) and to some extent also configuration changes. For details see the table of events below.

From version 3.4.0 SignServer uses the CESeCore library to perform audit logging.

Available log events

Services

SIGNSERVER_STARTUP

Logged at startup of the SignServer application.

VERSION: The version of SignServer.

Example:

EVENT: SIGNSERVER_STARTUP; MODULE: SERVICE; ADMINISTRATOR: null; ISSUER: null; SERIAL_NUMBER: null; WORKER_ID: null; VERSION: SignServer 3.3.0alpha12; REPLY_TIME:1350562045545

SIGNSERVER_SHUTDOWN

Logged at shutdown of the SignServer application.

VERSION: The version of SignServer.

Example:

EVENT: SIGNSERVER_SHUTDOWN; MODULE: SERVICE; ADMINISTRATOR: null; ISSUER: null; SERIAL_NUMBER: null; WORKER_ID: null; VERSION: SignServer 3.3.0alpha12; REPLY_TIME:1350562045545

Global configuration

SET_GLOBAL_PROPERTY

Logged when a global configuration property was updated.

GLOBALCONFIG_PROPERTY: The property that was updated.
GLOBALCONFIG_VALUE: The new value of the property.

Example:

EVENT: SET_GLOBAL_PROPERTY; MODULE: GLOBAL_CONFIG; ADMINISTRATOR: null; ISSUER: null; SERIAL_NUMBER: null; WORKER_ID: null; GLOBALCONFIG_VALUE: TESTVALUE47; GLOBALCONFIG_PROPERTY: GLOB.TESTPROPERTY47; REPLY_TIME:1350657202153

REMOVE_GLOBAL_PROPERTY

Logged when a global configuration property was removed.

GLOBALCONFIG_PROPERTY: The property that was removed.

Example:

EVENT: REMOVE_GLOBAL_PROPERTY; MODULE: GLOBAL_CONFIG; ADMINISTRATOR: null; ISSUER: null; SERIAL_NUMBER: null; WORKER_ID: null; GLOBALCONFIG_PROPERTY: GLOB.TESTPROPERTY47; REPLY_TIME:1350657202444
GLOBAL_CONFIG_RELOAD

Logged when the global configuration was reloaded from the database.

Example:

EVENT: GLOBAL_CONFIG_RELOAD; MODULE: GLOBAL_CONFIG; ADMINISTRATOR: null; ISSUER: null; SERIAL_NUMBER: null; WORKER_ID: null; REPLY_TIME:1350657202593

GLOBAL_CONFIG_RESYNC

Logged when the resync command was executed.

Example:

EVENT: GLOBAL_CONFIG_RESYNC; MODULE: GLOBAL_CONFIG; ADMINISTRATOR: null; ISSUER: null; SERIAL_NUMBER: null; WORKER_ID: null; REPLY_TIME:1350894343902

Worker configuration

SET_WORKER_CONFIG

Logged when a worker's configuration was updated by adding and/or removing and/or changing any values.

WORKER_ID: The ID of the worker.

Changes in worker properties are logged with prefixes added/changed/removed followed by a colon and the property name a colon and the property value.
Several property changes can occur in one log line (see examples below).

Authorized clients are shown as a property with the name authorized_client.

Example:

EVENT: SET_WORKER_CONFIG; MODULE: WORKER_CONFIG; ADMINISTRATOR: null; ISSUER: null; SERIAL_NUMBER: null; WORKER_ID: 100; added:FOO: bar; REPLY_TIME:1350657202773
EVENT: SET_WORKER_CONFIG; MODULE: WORKER_CONFIG; ADMINISTRATOR: null; ISSUER: null; SERIAL_NUMBER: null; WORKER_ID: 100; changed:FOO: newvalue; REPLY_TIME:1350657202873
EVENT: SET_WORKER_CONFIG; MODULE: WORKER_CONFIG; ADMINISTRATOR: null; ISSUER: null; SERIAL_NUMBER: null; WORKER_ID: 100; removed:FOO: newvalue; REPLY_TIME:1350657202873
EVENT: SET_WORKER_CONFIG; MODULE: WORKER_CONFIG; ADMINISTRATOR: null; ISSUER: null; SERIAL_NUMBER: null; WORKER_ID: 100; added:FOO: bar; changed:BAR: newvalue; REPLY_TIME:1350657202873
EVENT: SET_WORKER_CONFIG; MODULE: WORKER_CONFIG; ADMINISTRATOR: null; ISSUER: null; SERIAL_NUMBER: null; WORKER_ID: 100; added:authorized_client: SN: 1234567890, issuer DN: CN=Test; REPLY_TIME:1350657202873

CERTINSTALLED

Logged when a certificate was uploaded to the worker configuration.

WORKER_ID: The ID of the worker.
CERTIFICATE: The certificate in PEM format.
SCOPE: If the setting was at GLOBAL or NODE scope.
NODE: The ID of the node if the setting was at NODE scope, otherwise not available.

Example:

EVENT: CERTINSTALLED; MODULE: WORKER_CONFIG; ADMINISTRATOR: null; ISSUER: null; SERIAL_NUMBER: null; WORKER_ID: 100; CERTIFICATE: Subject: CN=Anyone Issuer: CN=Anyone
-----BEGIN CERTIFICATE-----
MIIBnTCCAQagAwIBAgIIWWNYSOeuN+swDQYJKoZIhvcNAQEFBQAwETEPMA0GA1UE
AwwGQW55b25lMB4XDTEyMTAxOTE0MzMyM1oXDTEzMTAxOTE0MzMyM1owETEPMA0G
A1UEAwwGQW55b25lMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCDE9GElbJd
e74WmIpPSsIF9r5vv0oH6WWo7n31goR1zMIHJPC9V1mpwQZ6C0uCHCV2ZvqQIIAE
ZQM7mgbPfxjCF74RqKzScZlOSaHnvdf7zCWpYraVrIDt9Wg3HMxye0/L3cCImmkY
FkFtabtoa5UuPZObdIt154Yg+GpGB8aPBwIDAQABMA0GCSqGSIb3DQEBBQUAA4GB
AHm3oAUHwM0KwMcEUwWouE0f4+UK6ZvYvxLAgiCVZQnPImcqX1oBl+iFV59FlsXj
rqoQYJROxIeV0ByGeyBYXqvgTw1YtdqoR+wKmiymjn/lynmTh1fQMcFoUouGfubX
EK4rfPBXEl33gKbsO5aeMHd5iF2jtx7RfYMsOuHKoDSe
-----END CERTIFICATE-----
; SCOPE: GLOBAL; REPLY_TIME:1350657204367

CERTCHAININSTALLED

Logged when a certificate chain was uploaded to the worker configuration or imported to a crypto token.

With MODULE: WORKER_CONFIG the certificate chain was installed in the configuration:

WORKER_ID: The ID of the worker.
CERTIFICATECHAIN: The certificates in PEM format.
SCOPE: If the setting was at GLOBAL or NODE scope.
NODE: The ID of the node if the setting was at NODE scope, otherwise not available.

Example:

EVENT: CERTCHAININSTALLED; MODULE: WORKER_CONFIG; ADMINISTRATOR: null; ISSUER: null; SERIAL_NUMBER: null; WORKER_ID: 100; CERTIFICATECHAIN: Subject: CN=Signer,C=SE Issuer: CN=Issuer,C=SE
-----BEGIN CERTIFICATE-----
MIIBdjCCASCgAwIBAgIIE+fXOs/SAwMwDQYJKoZIhvcNAQEFBQAwHjEPMA0GA1UE
AwwGSXNzdWVyMQswCQYDVQQGEwJTRTAeFw0xMjEwMjIwNzQ1MDZaFw0xMzEwMjIw
NzQ1MDZaMB4xDzANBgNVBAMMBlNpZ25lcjELMAkGA1UEBhMCU0UwgZ8wDQYJKoZI
hvcNAQEBBQADgY0AMIGJAoGBAKpX5psdaL5CHAKSxoOvB12Ie8iUb/mX6ikF8jfu
zrbwVgf6bX0RCUnD+v+t9vY7byz+nN32KnmGluNGdBFdM1Ug9Oc+64ZNBbgZi9mi
cHnKMDLLSECBY2Nux62PZejp5SwtzpjFymt3TMCtRr4UHGu3zkuqLLCHFlGRdvdo
MPQ9AgMBAAEwDQYJKoZIhvcNAQEFBQADQQADlInGm9AujZfL+1kM7ehaKyKKencF
fp6YGElOpGEplxxIwgmVc0iYKv4rCkfUAysYL6l3AC+VLK1asxkpEJc1
-----END CERTIFICATE-----
Subject: CN=Issuer,C=SE
Issuer: CN=Issuer,C=SE
-----BEGIN CERTIFICATE-----
MIIBMTCB3KADAgECAggbfKZHs8ttKDANBgkqhkiG9w0BAQUFADAeMQ8wDQYDVQQD
DAZJc3N1ZXIxCzAJBgNVBAYTAlNFMB4XDTEyMTAyMjA3NDUwNloXDTEzMTAyMjA3
NDUwNlowHjEPMA0GA1UEAwwGSXNzdWVyMQswCQYDVQQGEwJTRTBcMA0GCSqGSIb3
DQEBAQUAA0sAMEgCQQCpgzxJ6r6D1cP8v1AB88pJsCwi0SJdeRSGYydYYBOafJk0
fpqxJCwaiFS3tt9OkWUAXzcixv5+sItkEuEOpmp7AgMBAAEwDQYJKoZIhvcNAQEF
BQADQQCC5NG3eWx/mXXKZmePOvZEIwyqWHOwzsBB174gkzlyhOdiOr3YwVihyebI
VAfkEktRrO04Hi5eLR+AxW7EVz6l
-----END CERTIFICATE-----
; SCOPE: GLOBAL; REPLY_TIME:1350891906417

 

With MODULE: KEY_MANAGEMENT the certificate chain was imported to the token:

WORKER_ID: The ID of the worker.
CERTIFICATECHAIN: The certificates in PEM format.
KEYALIAS: The alias of the entry in the token.
CRYPTOTOKEN: Name of the configured crypto worker or the name or ID of the current worker if no separate crypto worker is used.

Example:

EVENT: CERTCHAININSTALLED; MODULE: KEY_MANAGEMENT; ADMINISTRATOR: CLI user; ISSUER: null; SERIAL_NUMBER: null; WORKER_ID: 5801; KEYALIAS: testkeyalias10; CRYPTOTOKEN: HSMCryptoToken1; CERTIFICATECHAIN: Subject: CN=testkeyalias10,C=SE
Issuer: CN=Issuer,C=SE
-----BEGIN CERTIFICATE-----
MIIBMjCB3aADAgECAgEBMA0GCSqGSIb3DQEBCwUAMB4xDzANBgNVBAMMBklzc3Vl
cjELMAkGA1UEBhMCU0UwHhcNMTUwNTI5MTEzMTAyWhcNMTYwNTI4MTEzMTAyWjAm
MRcwFQYDVQQDDA50ZXN0a2V5YWxpYXMxMDELMAkGA1UEBhMCU0UwXDANBgkqhkiG
9w0BAQEFAANLADBIAkEAggmuPO78M3hhwh4MrxYzt0LM6vLmI4IWjLxO8EK8R0FV
cDu5Rruxc/a51LCt8J8dOxm34h0RakqzObbFYZxwZwIDAQABMA0GCSqGSIb3DQEB
CwUAA0EAYR/N98UTyjnkFMnRmd1dQfsD6cih7Dt6NTi+qxFeMbbuzVA9HhRcXwQn
NChSJMtvJ9sKslfhlfqwZGPChSFg3g==
-----END CERTIFICATE-----
Subject: CN=Issuer,C=SE
Issuer: CN=Issuer,C=SE
-----BEGIN CERTIFICATE-----
MIIBMTCB3KADAgECAghQdZlXUcZalTANBgkqhkiG9w0BAQUFADAeMQ8wDQYDVQQD
DAZJc3N1ZXIxCzAJBgNVBAYTAlNFMB4XDTE1MDUyOTExMzEwMloXDTE2MDUyODEx
MzEwMlowHjEPMA0GA1UEAwwGSXNzdWVyMQswCQYDVQQGEwJTRTBcMA0GCSqGSIb3
DQEBAQUAA0sAMEgCQQCa35ZZru5A2DigDNyOdsZL789dVVlUTXch/Fa0e82X+FLc
kuMoRqAuxrEw/5+uG1Xi7EkysdgyRPbdYHmv3hBlAgMBAAEwDQYJKoZIhvcNAQEF
BQADQQAS3us4jsjHRSooeNuaaAdWjrA7b/nVnkhRjEmHUCORJXGwnHykUGB2idj6
d3UejoxEJ78E+EAYWO2JvKbhV0ku
-----END CERTIFICATE-----
; REPLY_TIME:1432899062650

KEYSELECTED

Logged when the key-pair to use was selected by changing the value of the DEFAULTKEY worker property.

WORKER_ID: The ID of the worker.
KEYALIAS: The new key alias.
CRYPTOTOKEN: Name of the configured crypto worker or the name or ID of the current worker if no separate crypto worker is used.
SCOPE: If the setting was at GLOBAL or NODE scope.
NODE: The ID of the node if the setting was at NODE scope, otherwise not available.

Example:

EVENT: KEYSELECTED; MODULE: WORKER_CONFIG; ADMINISTRATOR: null; ISSUER: null; SERIAL_NUMBER: null; WORKER_ID: 100; KEYALIAS: ts_key00002; CRYPTOTOKEN: TestSigner6000; SCOPE: GLOBAL; REPLY_TIME:1350891907048

Key management

KEYGEN

Logged when a new key-pair was generated using the built-in key generation command.

WORKER_ID: The ID of the worker.
KEYALIAS: The new key alias.
CRYPTOTOKEN: Name of the configured crypto worker or the name or ID of the current worker if no separate crypto worker is used.
KEYSPEC: The key specification (i.e. RSA/DSA bit length or EC curve).
KEYALG: The key algorithm.

Example:

EVENT: KEYGEN; MODULE: KEY_MANAGEMENT; ADMINISTRATOR: null; ISSUER: null; SERIAL_NUMBER: null; WORKER_ID: 5676; KEYALIAS: ts_key00004; CRYPTOTOKEN: HSMCryptoToken0; KEYSPEC: 2048; KEYALG: RSA; REPLY_TIME:135089190791

KEYTEST

Logged when the key test command was executed and a test signing with either the specified key or all keys in the slot if that was specified.

WORKER_ID: The ID of the worker.
KEYALIAS: Alias of the the key to test or "all" to test all available keys in the slot.
CRYPTOTOKEN: Name of the configured crypto worker or the name or ID of the current worker if no separate crypto worker is used.
TESTRESULTS: The test report with an entry for each tested key.

Example:

EVENT: KEYTEST; MODULE: KEY_MANAGEMENT; ADMINISTRATOR: null; ISSUER: null; SERIAL_NUMBER: null; WORKER_ID: 47; KEYALIAS: all; CRYPTOTOKEN: HSMCryptoToken1; TESTRESULTS: KeyTestResult{alias=tsu47_key00005, success=true, status=, publicKeyHash=979359e5261112b11fac341962bec1e7e6052d9e}
KeyTestResult{alias=key5, success=true, status=, publicKeyHash=46b264e4892ef2e4fd9616e4927534ca3597fd9c}
KeyTestResult{alias=key3, success=true, status=, publicKeyHash=ae64792f1f50e23eb54bf79d46d819bc07db2d79}
KeyTestResult{alias=key2, success=true, status=, publicKeyHash=b1317f363e6124a8e15bba8c1adb9f20b2f4ef59}
KeyTestResult{alias=TS Signer 1, success=true, status=, publicKeyHash=8f6dfccdcea931d4deee9466f43c0eb0e7f4d8b1}
; REPLY_TIME:1350564289165

GENCSR

Logged when a certificate signing request (CSR) was generated.

WORKER_ID: The ID of the worker.
KEYALIAS: The key alias of the key used to generate the CSR.
FOR_DEFAULTKEY: True if the "default key" was requested.
CRYPTOTOKEN: Name of the configured crypto worker or the name or ID of the current worker if no separate crypto worker is used.
CSR: Base64 encoded CSR (typically in PKCS#10 format).

Example:

EVENT: GENCSR; MODULE: KEY_MANAGEMENT; ADMINISTRATOR: null; ISSUER: null; SERIAL_NUMBER: null; WORKER_ID: 5676; KEYALIAS: ts_key00004; CRYPTOTOKEN: HSMCryptoToken0; CSR: MIIBYDCBygIBADAjMRQwEgYDVQQDDAtUUyBTaWduZXIgMTELMAkGA1UEBhMCU0Uw
gZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAJt8F51wD+QcX+WLyIxjWu3at3q+
IiJrL5jIenmggUhjOLHGHOStoNOiYEQAaiiTZ623m9y7O3zhqFdAdWZg+JrfsHQJ
pjKV9RgvJznl6yk/K54BWOBgqjvbloAUGtn8y8Hf+5DYJUJNFqrzvRLcmCQ9JU0H
mgSmEIqgOIwBL3oBAgMBAAEwDQYJKoZIhvcNAQEFBQADgYEAer5hr/cUYx4jy0XO
N4U8sP/2gSFppytx9dn5BamVBLjDkcML8B3c9u9omDPebd+LEsCU+HCmYN9xHkSS
Ei8lcAqyVv+SDLEmvE8gnrPFR/J7uADCRayLVQumW6/YpVO/sFEGuM6rgnn8ZJmW
X2lhvJ4V1UhlkEAeyIQ861U3IgE=; REPLY_TIME:1350891907981

KEYREMOVE

Logged when a key was removed or an removal attempt was performed.

WORKER_ID: The ID of the worker.
KEYALIAS: The key alias of the key removed.
CRYPTOTOKEN: Name of the configured crypto worker or the name or ID of the current worker if no separate crypto worker is used.
SUCCESS: True if the key was removed or false if the removal failed or if removal was not supported by the token.

Example:

EVENT: KEYREMOVE; MODULE: KEY_MANAGEMENT; ADMINISTRATOR: CLI user; ISSUER: null; SERIAL_NUMBER: null; WORKER_ID: 20003; KEYALIAS: signKey000002; CRYPTOTOKEN: HSMCryptoToken1; SUCCESS: true; REPLY_TIME:1391008847962

Status Repository

SET_STATUS_PROPERTY

Logged when a status property was updated.

STATUSREPO_PROPERTY: The updated property.
STATUSREPO_VALUE: The new property value.
STATUSREPO_EXPIRATION: Expiration time for the status property (timestamp), if any.

Example:

EVENT: SET_STATUS_PROPERTY; MODULE: STATUS_REPOSITORY; ADMINISTRATOR: null; ISSUER: null; SERIAL_NUMBER: null; WORKER_ID: null; STATUSREPO_EXPIRATION: 1350891909366; STATUSREPO_PROPERTY: TEST_PROPERTY1; STATUSREPO_VALUE: TESTVALUE47; REPLY_TIME:1350891908372

Worker processing

PROCESS

Logged for events regarding worker processing but when a worker logger can not be used because the requested worker does not exist etc.

WORKER_ID: The ID of the worker or empty in case of non existing worker.
Worker logger fields: All fields available to the worker logger.

Example:

EVENT: PROCESS; MODULE: WORKER; ADMINISTRATOR: null; ISSUER: null; SERIAL_NUMBER: null; WORKER_ID: null; LOG_ID: db517726-ff0d-40dd-8f2b-2297925cb4d3; CLIENT_IP: 127.0.0.1; PROCESS_SUCCESS: false; REQUEST_LENGTH: 0; XFORWARDEDFOR: null; FILENAME: noname.dat;
REQUEST_FULLURL: http://localhost:8080/signserver/process?null; LOG_TIME: 1350628977410; WORKER_ID: 0; EXCEPTION: No such worker: 0; REPLY_TIME:1350628977411