System Log

The purpose of the system log is to log events concerning the SignServer application but not necessarily related to any signing transaction (that is covered by the Worker Log). The audit log covers key and certificate management events, status properties updates (for instance for the status of the time source) and to some extent also configuration changes. For details see the table of events below.

From version 3.4.0 SignServer uses the CESeCore library to perform audit logging.

Available log events

Services
SIGNSERVER_STARTUP	Logged at startup of the SignServer application. VERSION: The version of SignServer. Example: `EVENT: SIGNSERVER_STARTUP; MODULE: SERVICE; ADMINISTRATOR: null; ISSUER: null; SERIAL_NUMBER: null; WORKER_ID: null; VERSION: SignServer 3.3.0alpha12; REPLY_TIME:1350562045545` XML
SIGNSERVER_SHUTDOWN	Logged at shutdown of the SignServer application. VERSION: The version of SignServer. Example: `EVENT: SIGNSERVER_SHUTDOWN; MODULE: SERVICE; ADMINISTRATOR: null; ISSUER: null; SERIAL_NUMBER: null; WORKER_ID: null; VERSION: SignServer 3.3.0alpha12; REPLY_TIME:1350562045545` XML
Global configuration
SET_GLOBAL_PROPERTY	Logged when a global configuration property was updated. GLOBALCONFIG_PROPERTY: The property that was updated. GLOBALCONFIG_VALUE: The new value of the property. Example: `EVENT: SET_GLOBAL_PROPERTY; MODULE: GLOBAL_CONFIG; ADMINISTRATOR: null; ISSUER: null; SERIAL_NUMBER: null; WORKER_ID: null; GLOBALCONFIG_VALUE: TESTVALUE47; GLOBALCONFIG_PROPERTY: GLOB.TESTPROPERTY47; REPLY_TIME:1350657202153` XML
REMOVE_GLOBAL_PROPERTY	Logged when a global configuration property was removed. GLOBALCONFIG_PROPERTY: The property that was removed. Example: `EVENT: REMOVE_GLOBAL_PROPERTY; MODULE: GLOBAL_CONFIG; ADMINISTRATOR: null; ISSUER: null; SERIAL_NUMBER: null; WORKER_ID: null; GLOBALCONFIG_PROPERTY: GLOB.TESTPROPERTY47; REPLY_TIME:1350657202444` XML
GLOBAL_CONFIG_RELOAD	Logged when the global configuration was reloaded from the database. Example: `EVENT: GLOBAL_CONFIG_RELOAD; MODULE: GLOBAL_CONFIG; ADMINISTRATOR: null; ISSUER: null; SERIAL_NUMBER: null; WORKER_ID: null; REPLY_TIME:1350657202593` XML
GLOBAL_CONFIG_RESYNC	Logged when the resync command was executed. Example: `EVENT: GLOBAL_CONFIG_RESYNC; MODULE: GLOBAL_CONFIG; ADMINISTRATOR: null; ISSUER: null; SERIAL_NUMBER: null; WORKER_ID: null; REPLY_TIME:1350894343902` XML
Worker configuration
SET_WORKER_CONFIG	Logged when a worker's configuration was updated by adding and/or removing and/or changing any values. WORKER_ID: The ID of the worker. Changes in worker properties are logged with prefixes added/changed/removed followed by a colon and the property name a colon and the property value. Several property changes can occur in one log line (see examples below). Authorized clients are shown as a property with the name authorized_client. Example: `EVENT: SET_WORKER_CONFIG; MODULE: WORKER_CONFIG; ADMINISTRATOR: null; ISSUER: null; SERIAL_NUMBER: null; WORKER_ID: 100; added:FOO: bar; REPLY_TIME:1350657202773` XML `EVENT: SET_WORKER_CONFIG; MODULE: WORKER_CONFIG; ADMINISTRATOR: null; ISSUER: null; SERIAL_NUMBER: null; WORKER_ID: 100; changed:FOO: newvalue; REPLY_TIME:1350657202873` XML `EVENT: SET_WORKER_CONFIG; MODULE: WORKER_CONFIG; ADMINISTRATOR: null; ISSUER: null; SERIAL_NUMBER: null; WORKER_ID: 100; removed:FOO: newvalue; REPLY_TIME:1350657202873` XML `EVENT: SET_WORKER_CONFIG; MODULE: WORKER_CONFIG; ADMINISTRATOR: null; ISSUER: null; SERIAL_NUMBER: null; WORKER_ID: 100; added:FOO: bar; changed:BAR: newvalue; REPLY_TIME:1350657202873` XML `EVENT: SET_WORKER_CONFIG; MODULE: WORKER_CONFIG; ADMINISTRATOR: null; ISSUER: null; SERIAL_NUMBER: null; WORKER_ID: 100; added:authorized_client: SN: 1234567890, issuer DN: CN=Test; REPLY_TIME:1350657202873` XML
CERTINSTALLED	Logged when a certificate was uploaded to the worker configuration. WORKER_ID: The ID of the worker. CERTIFICATE: The certificate in PEM format. SCOPE: If the setting was at GLOBAL or NODE scope. NODE: The ID of the node if the setting was at NODE scope, otherwise not available. Example: EVENT: CERTINSTALLED; MODULE: WORKER_CONFIG; ADMINISTRATOR: null; ISSUER: null; SERIAL_NUMBER: null; WORKER_ID: 100; CERTIFICATE: Subject: CN=Anyone Issuer: CN=Anyone -----BEGIN CERTIFICATE----- MIIBnTCCAQagAwIBAgIIWWNYSOeuN+swDQYJKoZIhvcNAQEFBQAwETEPMA0GA1UE AwwGQW55b25lMB4XDTEyMTAxOTE0MzMyM1oXDTEzMTAxOTE0MzMyM1owETEPMA0G A1UEAwwGQW55b25lMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCDE9GElbJd e74WmIpPSsIF9r5vv0oH6WWo7n31goR1zMIHJPC9V1mpwQZ6C0uCHCV2ZvqQIIAE ZQM7mgbPfxjCF74RqKzScZlOSaHnvdf7zCWpYraVrIDt9Wg3HMxye0/L3cCImmkY FkFtabtoa5UuPZObdIt154Yg+GpGB8aPBwIDAQABMA0GCSqGSIb3DQEBBQUAA4GB AHm3oAUHwM0KwMcEUwWouE0f4+UK6ZvYvxLAgiCVZQnPImcqX1oBl+iFV59FlsXj rqoQYJROxIeV0ByGeyBYXqvgTw1YtdqoR+wKmiymjn/lynmTh1fQMcFoUouGfubX EK4rfPBXEl33gKbsO5aeMHd5iF2jtx7RfYMsOuHKoDSe -----END CERTIFICATE----- ; SCOPE: GLOBAL; REPLY_TIME:1350657204367 XML
CERTCHAININSTALLED	Logged when a certificate chain was uploaded to the worker configuration or imported to a crypto token. With MODULE: WORKER_CONFIG the certificate chain was installed in the configuration: WORKER_ID: The ID of the worker. CERTIFICATECHAIN: The certificates in PEM format. SCOPE: If the setting was at GLOBAL or NODE scope. NODE: The ID of the node if the setting was at NODE scope, otherwise not available. Example: EVENT: CERTCHAININSTALLED; MODULE: WORKER_CONFIG; ADMINISTRATOR: null; ISSUER: null; SERIAL_NUMBER: null; WORKER_ID: 100; CERTIFICATECHAIN: Subject: CN=Signer,C=SE Issuer: CN=Issuer,C=SE -----BEGIN CERTIFICATE----- MIIBdjCCASCgAwIBAgIIE+fXOs/SAwMwDQYJKoZIhvcNAQEFBQAwHjEPMA0GA1UE AwwGSXNzdWVyMQswCQYDVQQGEwJTRTAeFw0xMjEwMjIwNzQ1MDZaFw0xMzEwMjIw NzQ1MDZaMB4xDzANBgNVBAMMBlNpZ25lcjELMAkGA1UEBhMCU0UwgZ8wDQYJKoZI hvcNAQEBBQADgY0AMIGJAoGBAKpX5psdaL5CHAKSxoOvB12Ie8iUb/mX6ikF8jfu zrbwVgf6bX0RCUnD+v+t9vY7byz+nN32KnmGluNGdBFdM1Ug9Oc+64ZNBbgZi9mi cHnKMDLLSECBY2Nux62PZejp5SwtzpjFymt3TMCtRr4UHGu3zkuqLLCHFlGRdvdo MPQ9AgMBAAEwDQYJKoZIhvcNAQEFBQADQQADlInGm9AujZfL+1kM7ehaKyKKencF fp6YGElOpGEplxxIwgmVc0iYKv4rCkfUAysYL6l3AC+VLK1asxkpEJc1 -----END CERTIFICATE----- Subject: CN=Issuer,C=SE Issuer: CN=Issuer,C=SE -----BEGIN CERTIFICATE----- MIIBMTCB3KADAgECAggbfKZHs8ttKDANBgkqhkiG9w0BAQUFADAeMQ8wDQYDVQQD DAZJc3N1ZXIxCzAJBgNVBAYTAlNFMB4XDTEyMTAyMjA3NDUwNloXDTEzMTAyMjA3 NDUwNlowHjEPMA0GA1UEAwwGSXNzdWVyMQswCQYDVQQGEwJTRTBcMA0GCSqGSIb3 DQEBAQUAA0sAMEgCQQCpgzxJ6r6D1cP8v1AB88pJsCwi0SJdeRSGYydYYBOafJk0 fpqxJCwaiFS3tt9OkWUAXzcixv5+sItkEuEOpmp7AgMBAAEwDQYJKoZIhvcNAQEF BQADQQCC5NG3eWx/mXXKZmePOvZEIwyqWHOwzsBB174gkzlyhOdiOr3YwVihyebI VAfkEktRrO04Hi5eLR+AxW7EVz6l -----END CERTIFICATE----- ; SCOPE: GLOBAL; REPLY_TIME:1350891906417 XML With MODULE: KEY_MANAGEMENT the certificate chain was imported to the token: WORKER_ID: The ID of the worker. CERTIFICATECHAIN: The certificates in PEM format. KEYALIAS: The alias of the entry in the token. CRYPTOTOKEN: Name of the configured crypto worker or the name or ID of the current worker if no separate crypto worker is used. Example: EVENT: CERTCHAININSTALLED; MODULE: KEY_MANAGEMENT; ADMINISTRATOR: CLI user; ISSUER: null; SERIAL_NUMBER: null; WORKER_ID: 5801; KEYALIAS: testkeyalias10; CRYPTOTOKEN: HSMCryptoToken1; CERTIFICATECHAIN: Subject: CN=testkeyalias10,C=SE Issuer: CN=Issuer,C=SE -----BEGIN CERTIFICATE----- MIIBMjCB3aADAgECAgEBMA0GCSqGSIb3DQEBCwUAMB4xDzANBgNVBAMMBklzc3Vl cjELMAkGA1UEBhMCU0UwHhcNMTUwNTI5MTEzMTAyWhcNMTYwNTI4MTEzMTAyWjAm MRcwFQYDVQQDDA50ZXN0a2V5YWxpYXMxMDELMAkGA1UEBhMCU0UwXDANBgkqhkiG 9w0BAQEFAANLADBIAkEAggmuPO78M3hhwh4MrxYzt0LM6vLmI4IWjLxO8EK8R0FV cDu5Rruxc/a51LCt8J8dOxm34h0RakqzObbFYZxwZwIDAQABMA0GCSqGSIb3DQEB CwUAA0EAYR/N98UTyjnkFMnRmd1dQfsD6cih7Dt6NTi+qxFeMbbuzVA9HhRcXwQn NChSJMtvJ9sKslfhlfqwZGPChSFg3g== -----END CERTIFICATE----- Subject: CN=Issuer,C=SE Issuer: CN=Issuer,C=SE -----BEGIN CERTIFICATE----- MIIBMTCB3KADAgECAghQdZlXUcZalTANBgkqhkiG9w0BAQUFADAeMQ8wDQYDVQQD DAZJc3N1ZXIxCzAJBgNVBAYTAlNFMB4XDTE1MDUyOTExMzEwMloXDTE2MDUyODEx MzEwMlowHjEPMA0GA1UEAwwGSXNzdWVyMQswCQYDVQQGEwJTRTBcMA0GCSqGSIb3 DQEBAQUAA0sAMEgCQQCa35ZZru5A2DigDNyOdsZL789dVVlUTXch/Fa0e82X+FLc kuMoRqAuxrEw/5+uG1Xi7EkysdgyRPbdYHmv3hBlAgMBAAEwDQYJKoZIhvcNAQEF BQADQQAS3us4jsjHRSooeNuaaAdWjrA7b/nVnkhRjEmHUCORJXGwnHykUGB2idj6 d3UejoxEJ78E+EAYWO2JvKbhV0ku -----END CERTIFICATE----- ; REPLY_TIME:1432899062650 XML
KEYSELECTED	Logged when the key-pair to use was selected by changing the value of the DEFAULTKEY worker property. WORKER_ID: The ID of the worker. KEYALIAS: The new key alias. CRYPTOTOKEN: Name of the configured crypto worker or the name or ID of the current worker if no separate crypto worker is used. SCOPE: If the setting was at GLOBAL or NODE scope. NODE: The ID of the node if the setting was at NODE scope, otherwise not available. Example: `EVENT: KEYSELECTED; MODULE: WORKER_CONFIG; ADMINISTRATOR: null; ISSUER: null; SERIAL_NUMBER: null; WORKER_ID: 100; KEYALIAS: ts_key00002; CRYPTOTOKEN: TestSigner6000; SCOPE: GLOBAL; REPLY_TIME:1350891907048` XML
Key management
KEYGEN	Logged when a new key-pair was generated using the built-in key generation command. WORKER_ID: The ID of the worker. KEYALIAS: The new key alias. CRYPTOTOKEN: Name of the configured crypto worker or the name or ID of the current worker if no separate crypto worker is used. KEYSPEC: The key specification (i.e. RSA/DSA bit length or EC curve). KEYALG: The key algorithm. Example: `EVENT: KEYGEN; MODULE: KEY_MANAGEMENT; ADMINISTRATOR: null; ISSUER: null; SERIAL_NUMBER: null; WORKER_ID: 5676; KEYALIAS: ts_key00004; CRYPTOTOKEN: HSMCryptoToken0; KEYSPEC: 2048; KEYALG: RSA; REPLY_TIME:135089190791` XML
KEYTEST	Logged when the key test command was executed and a test signing with either the specified key or all keys in the slot if that was specified. WORKER_ID: The ID of the worker. KEYALIAS: Alias of the the key to test or "all" to test all available keys in the slot. CRYPTOTOKEN: Name of the configured crypto worker or the name or ID of the current worker if no separate crypto worker is used. TESTRESULTS: The test report with an entry for each tested key. Example: EVENT: KEYTEST; MODULE: KEY_MANAGEMENT; ADMINISTRATOR: null; ISSUER: null; SERIAL_NUMBER: null; WORKER_ID: 47; KEYALIAS: all; CRYPTOTOKEN: HSMCryptoToken1; TESTRESULTS: KeyTestResult{alias=tsu47_key00005, success=true, status=, publicKeyHash=979359e5261112b11fac341962bec1e7e6052d9e} KeyTestResult{alias=key5, success=true, status=, publicKeyHash=46b264e4892ef2e4fd9616e4927534ca3597fd9c} KeyTestResult{alias=key3, success=true, status=, publicKeyHash=ae64792f1f50e23eb54bf79d46d819bc07db2d79} KeyTestResult{alias=key2, success=true, status=, publicKeyHash=b1317f363e6124a8e15bba8c1adb9f20b2f4ef59} KeyTestResult{alias=TS Signer 1, success=true, status=, publicKeyHash=8f6dfccdcea931d4deee9466f43c0eb0e7f4d8b1} ; REPLY_TIME:1350564289165 XML
GENCSR	Logged when a certificate signing request (CSR) was generated. WORKER_ID: The ID of the worker. KEYALIAS: The key alias of the key used to generate the CSR. FOR_DEFAULTKEY: True if the "default key" was requested. CRYPTOTOKEN: Name of the configured crypto worker or the name or ID of the current worker if no separate crypto worker is used. CSR: Base64 encoded CSR (typically in PKCS#10 format). Example: EVENT: GENCSR; MODULE: KEY_MANAGEMENT; ADMINISTRATOR: null; ISSUER: null; SERIAL_NUMBER: null; WORKER_ID: 5676; KEYALIAS: ts_key00004; CRYPTOTOKEN: HSMCryptoToken0; CSR: MIIBYDCBygIBADAjMRQwEgYDVQQDDAtUUyBTaWduZXIgMTELMAkGA1UEBhMCU0Uw gZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAJt8F51wD+QcX+WLyIxjWu3at3q+ IiJrL5jIenmggUhjOLHGHOStoNOiYEQAaiiTZ623m9y7O3zhqFdAdWZg+JrfsHQJ pjKV9RgvJznl6yk/K54BWOBgqjvbloAUGtn8y8Hf+5DYJUJNFqrzvRLcmCQ9JU0H mgSmEIqgOIwBL3oBAgMBAAEwDQYJKoZIhvcNAQEFBQADgYEAer5hr/cUYx4jy0XO N4U8sP/2gSFppytx9dn5BamVBLjDkcML8B3c9u9omDPebd+LEsCU+HCmYN9xHkSS Ei8lcAqyVv+SDLEmvE8gnrPFR/J7uADCRayLVQumW6/YpVO/sFEGuM6rgnn8ZJmW X2lhvJ4V1UhlkEAeyIQ861U3IgE=; REPLY_TIME:1350891907981 CODE
KEYREMOVE	Logged when a key was removed or an removal attempt was performed. WORKER_ID: The ID of the worker. KEYALIAS: The key alias of the key removed. CRYPTOTOKEN: Name of the configured crypto worker or the name or ID of the current worker if no separate crypto worker is used. SUCCESS: True if the key was removed or false if the removal failed or if removal was not supported by the token. Example: `EVENT: KEYREMOVE; MODULE: KEY_MANAGEMENT; ADMINISTRATOR: CLI user; ISSUER: null; SERIAL_NUMBER: null; WORKER_ID: 20003; KEYALIAS: signKey000002; CRYPTOTOKEN: HSMCryptoToken1; SUCCESS: true; REPLY_TIME:1391008847962` XML
Status Repository
SET_STATUS_PROPERTY	Logged when a status property was updated. STATUSREPO_PROPERTY: The updated property. STATUSREPO_VALUE: The new property value. STATUSREPO_EXPIRATION: Expiration time for the status property (timestamp), if any. Example: `EVENT: SET_STATUS_PROPERTY; MODULE: STATUS_REPOSITORY; ADMINISTRATOR: null; ISSUER: null; SERIAL_NUMBER: null; WORKER_ID: null; STATUSREPO_EXPIRATION: 1350891909366; STATUSREPO_PROPERTY: TEST_PROPERTY1; STATUSREPO_VALUE: TESTVALUE47; REPLY_TIME:1350891908372` XML
Worker processing
PROCESS	Logged for events regarding worker processing but when a worker logger can not be used because the requested worker does not exist etc. WORKER_ID: The ID of the worker or empty in case of non existing worker. Worker logger fields: All fields available to the worker logger. Example: `EVENT: PROCESS; MODULE: WORKER; ADMINISTRATOR: null; ISSUER: null; SERIAL_NUMBER: null; WORKER_ID: null; LOG_ID: db517726-ff0d-40dd-8f2b-2297925cb4d3; CLIENT_IP: 127.0.0.1; PROCESS_SUCCESS: false; REQUEST_LENGTH: 0; XFORWARDEDFOR: null; FILENAME: noname.dat; REQUEST_FULLURL: http://localhost:8080/signserver/process?null; LOG_TIME: 1350628977410; WORKER_ID: 0; EXCEPTION: No such worker: 0; REPLY_TIME:1350628977411` XML