Secure Logging

Secure logging adds an extra measure of security to the Logging Service. When secure logging is enabled, the Logging Service can detect unauthorized changes to the security logs. No special coding is required to leverage this feature. However, secure logging uses a certificate that you must create and install in the container that runs OpenSSO Enterprise. When secure logging is enabled, a Manifest Analysis and Certification (MAC) is generated and stored for every log record, and a special signature record is periodically inserted in the log. The signature record represents the signature for the contents of the log written up to that point. The combination of the certificate and the signature record ensures that the logs have not been tampered. For detailed information about enabling secure logging, see Chapter 14, Logging Service, in Sun OpenSSO Enterprise 8.0 Administration Guide.