Chapter 7   Identrus logging


The Identrus Transaction Coordinator specifications identify two specific logging actions, these being:

• Logging of all messages sent and received by the Transaction Coordinator (Raw logging)

• Generation of data for billing purposes

Overview

---

The iPlanet Trustbase Transaction Manager fulfils both of these requirements as a default action of processing an Identrus message. The data is stored within the RDBMS specified at installation time, and the tables are available for developers via standard JDBC to provide services that use this information.The following sections define the tables stored in the RDBMS and identify the relationships between each table. The iPlanet Trustbase Transaction Manager will utilise all of the tables described below for all Identrus messages; there should be no requirement for a developer to write to any of these tables.

Data definitions

---

Connection information

The tables below provide the column definitions for the SMTP/SMIME connection logs: Data in Table 7-1 is extracted from the SMIME v2 signature body part on the message.

Table 7-1    SMIME Transport

smime_transport table
Connection_Id	Provides a link back to the smtp_message table
peer_issuer_dn	The issuer_dn of the certificate that was used to verify the message
peer_cert_serial_number	The serial number of the certificate used to verify the message.
message_protection	The type of protection used to secure the message
time_stamp_type	The type of timestamp LOCAL or NETWORK
time_stamp	The time at which the entry was made

Table 7-2    SMTP Connection

smtp_connection table
stream_id	Provides a link back to the smtp_message table
peer_ip_addr	The ip address of the submitting SMTP agent
timestamptype	The type of timestamp LOCAL or NETWORK
timestamp	The time at which the entry was made

Table 7-3    SMTP Message

smtp_message table
stream_id	A unique id for the smime_transport
connection_id	A unique id for the smtp connection
recipients	The recipients of this message
sender	The sender of this message
timestamptype	The type of timestamp LOCAL or NETWORK
message_valid	Is the message valid? 1 indicates it is valid
message_invalid_reason	The reason for the invalidity of the message
timestamp	The date and time at which the entry was made

The ssl_connection and smtp_message tables both have connection_id fields that are passed to the iPlanet Trustbase Transaction Manager running in the application server. This connection_id is stored within the Identrus Log table allowing queries that link the originator information with the actual requests made.

Table 7-4    OCSP_DATA

ocsp_data table
ocspid	A unique identifier for the record
type	OCSPREQUEST or OCSPRESPONSE
message	A text summary of the contents of the request or response
machine	The URL to which the request was submitted to or the response was received from
timestamp	The date and time that the entry was made
data	Base64 encoding of the request or response

Identrus log tables

The default presentation handlers for Identrus messages record the following data for each message that is sent or received.

In order to reduce the volume of data logged with each Identrus message the certificates contained with the message header are stripped out and stored in a certificate table. If the iPlanet Trustbase Transaction Manager has already logged a particular certificate in the table it will not be logged again. The information stored within the table is:

Table 7-5    Certdata

cert_data table
issuerdn	The issuer distinguished name of the certificate, RFC 2253 format string.
serialnumber	The serial number of the certificate
certdata	The Base64 certificate data.
subjectdn	The subject distinguished name from the certifcate, in RFC2253 format

This data is designed to be tamper evident, and services should under no circumstances modify data within the Identrus Log or Tamper tables. The tamper checking is achieved by producing a continuous hash that is stored with each record, and the current hash is stored within a signed record within a separate tamper table. The Tamper table fields are not described here, see the Installation and Configuration Guide for information on how to check the tamper status of records in the raw log.

The Identrus data table records identrus specific message data, which can be related to the raw log records in the raw_data table, using the rawrecordid foreign key [ see the chapter Logging: Error, Audit and Raw for a description of raw logging ]

identrus_data
rawrecordid	the id of the associated raw log record
msggrpid	the Identrus MsgGrpId from the NIB of the message
doctype	the DOCTYPE of the message. e.g.CSCRequest, PingRequest etc..
connectionid	The connection id to link this record to the SSL or SMIME connection logs
protocoltype	The protocol over which the messge arrived e.g. HTTP or SMTP
input	Was this message inbound to the iPlanet Trustbase Transaction Manager or outbound ? A value of 1 indicates it was incoming

Billing records

Billing records are a sub-set of the information within the raw message log that provides sufficient information to determine who made each transaction. These tables are designed for used by third party tools that generate the actual Bill for the customer. The definitions for the bill table columns are as follows:

Table 7-6    Bill data

bill_data table
rawrecordid	This will be the RawRecordId of the associated raw log table record.
subjectdn	This will be the originator distinguished name extracted from the mandatory Identrus level 1 message signature. This will determine who should be billed.
issuerdn	This will be the issuer distinguished name extracted from the mandatory Identrus level 1 message signature. This is to enable the identification of the exact key used to sign this message - in conjunction with the serial number field below.
serialnumber	This will be the originator certificate serial number that may be used to identify the exact key used to sign the message - in conjunction with the issuer distinguished name.