Previous Contents DocHome Index Next |
iPlanet Trustbase Transaction Manager 3.0 Configuration and Installation |
Chapter 5 Logs
Logs allow you to maintain control over messaging in terms of what errors are being generated together with an audit. These can be viewed. Options are available to configure the level of detail that can be seen on the screen.There is also a raw log that provides detail of all message transactions that take place. These can be viewed using any standard Oracle tool.
Introduction
iPlanet Trustbase Transaction Manager allows configuration of three kinds of Logs, two of which are directly viewable:
The Audit log contains entries about the flow of a message as it passes through the iPlanet Trustbase Transaction Manager framework (e.g. message handler, Router). This log can be useful in diagnosing problems in configurations.
The Error log contains entries of any runtime problems both from the iPlanet Trustbase Transaction Manager framework and the Identrus specific components.
The Raw log is only used for Logging Identrus messages both received and sent. This log is not directly viewable.
Figure 5-1    Logs Main Menu
Audit log
Audits can be configured in terms of their types. They can also be queried. The following audit types are available:
ROUTER_ABORT_ROUTING
This audit occurs when the rule based router aborts routing due to illegal rules.ROUTER_CONFIG
This audit occurs when a change is made to the rules via the rule configuration screens.ROUTER_CONSTRUCTION
This audit occurs when new rule sets are constructed at start up.ROUTER_CONTEXT_DIRECTIVE
This audit occurs whenever the router executes one of the following router directives: EndContext, StartContext or ReturnToUser.ROUTER_ROUTE_MESSAGE
This audit occurs whenever a message is routed to a service.ROUTER_START
This audit occurs whenever the rule based router component is initialized.CONFIGURATION_CHANGE
This audit occurs whenever a Trustbase configuration is changed.OPERATION_ABORT
This audit occurs whenever a service has to abort the processing of a message.OPERATION_BEGIN
This audit occurs whenever a service begins processing a message.OPERATION_COMPLETE
This audit occurs whenever a service successfully completes the processing of a message.PARSER_STARTUP
This audit occurs whenever the Message Analyzer component is started.SECURITY_CHANGE
This audit occurs whenever a generic security related event occurs.TAS_SHUTDOWN
This audit occurs when Trustbase is shutdown.TAS_STARTUP
This audit occurs when Trustbase is started.ROLE_SERVICE_MAPPING_CHANGED
This audit occurs whenever a mapping between a service and a role is changed or added in the entitlements configuration.DEFAULT_SECURITY_ROLE_USED
This audit occurs whenever the authentication component cannot find a specific mapping between a user and a role - it indicates that the default security role has been applied to that user.CERT_BASED_ROLE_MAPPING_CHANGED
This audit occurs whenever a mapping between a certificate and a security role is made in the entitlements configuration.USER_PASS_BASED_ROLE_MAPPING_CHANGED
This audit occurs whenever a mapping between a username/password and a security role is made in the entitlements configuration.
Identrus Transaction Co-ordinator Audits:
CSC_PROCESSING
This audit occurs whenever a Certificate Status Check is being made.CSC_DEBUGGING
This audit occurs if you wish to debug a certificate Status Check.
Audit Configuration
Audit Log Configuration allows you to select which audit types are physically viewable. Audit types are either enabled, i.e. they are logged and can be viewed, or disabled, i.e. no information is logged about these types.In order to configure what gets logged: Select <Audit Configuration> from the main Log Menu.
Figure 5-2    Configure Audit
Audit viewing
You can view the audit log by selecting a date range (Start and end date) and machine ID (IP Address). The machine I.D. refers in this case to the machine that is making the log. You can restrict or expand your view by removing or making available the appropriate audit types. Having made your selection the Date, Machine ID, Audit type and message content are displayed on the output screen.In order to select what you want to view: Select <Audit Log Query> from Main Log menu
Figure 5-3    Audit View
For more detailed log viewing, as all information is stored in a standard Oracle database, any third party database reporting tool may also be used.
The screen, as illustrated in Figure 5-4, might produce an output similar to the following audit:
Figure 5-4    Audit Results
If results do not fit on one page there is an index tab, as illustrated at the bottom of the screen. Users intending to search using SQL should refer to the sql table AUDITDATA.
Raw Logging
As part of being an Identrus member, you are required to maintain and archive a raw log. The goals fulfilled by logging the raw data are:
Non Repudiation support - a complete transactional log that provides evidentiary support for transactions.
Normally these options, listed below, do not need to be changed. they can also be configured from tbase.properties:Auditing - a complete transactional log that assists auditing the activities of iPlanet Trustbase Transaction Manager.
Signature Algorithm - By default the SHA-1/RSA algorithm is used to sign entries in the raw log. The options depend on the cryptographic security provider being utilised.
The message logger places the raw data it receives into the logs for safe-keeping. It will log data for Identrus specific transactions that it supports and for only those transactions. This raw data contains information in plain text and base64 encoding that gets signed by the message logger to provide the kinds of guarantees mentioned previously. At present there are facilities for multi-logging using the script.Digest Algorithm - By default the SHA-1 algorithm is used to digest entries in the raw log. The digest is used as part of the raw log mechanism that ensures no tampering of the log contents.
Certificate Attribute - This option is only used if the issuer DN and serial number fields are blank. By default, this field contains the value L1IPSC that indicates the certificate purpose ID, inter-participant signing certificate.
Sequence Factory Type - This option should not be changed. It is for internal purpose only and affects the way data is sequenced for different database providers (e.g Oracle).
Sequence Factory Name - This option should not be changed. It is for internal purpose only and affects the way data is sequenced for different database providers (e.g Oracle).
/opt/TTM/runAddLoggerWizard
Note The raw log can be displayed from Oracle using the RAW_DATA table e.g. "select * from raw_data displaying MSGRPID".
Errors
Errors are now discussed in four sections:
How to view errors
What the severity of an error means
Where to find a list of core iPlanet Trustbase Transaction Manager error messages
Viewing
You can view the error log by selecting a date range (start and end dates) and machine ID (IP Address). You can restrict or expand your view by specifying a minimum and maximum error severity. Additionally, by specifying a Java class, errors can be viewed that are produced by that class only. Having made your selection the Date, Machine ID, class type and error message are displayed on the output screen. For example the following selection:
Figure 5-5    Error Log Query
The Error log can be displayed from Oracle using the ERRORVIEW table e.g. "select * from ERRORVIEW"
The screen shown on the previous page might produce an output similar to the following errors:
Figure 5-6    Error Log Query Results
Configuring Error Event Types
This section allows you to specify the minimum error level that will be logged. Any errors with tags below this level will NOT be recorded.
Figure 5-7    Error Log Configuration
iPlanet Trustbase Transaction Manager defines an error as a severity, the class of object defining the error, and a programmer defined message. The default implementation defines four constants that indicate the various severity levels:
INFORMATION - This constant is to be used to log informational events, which are not necessarily errors - this should be used sparingly.
WARNING - This constant is to be used for error conditions that are expected and handled, but require logging for behaviour analysis.
ERROR - This constant is to be used for serious errors which indicate that something is inherently incorrect with the system, but that allow processing to continue, or be retried.
FATAL - This constant is to be used for fatal errors from which processing cannot recover, these errors would result in the abandoning of processing.
Error Messages
Error messages fall into two categories, those that are produced by the iPlanet Trustbase Transaction Manager framework and those produced by Identrus services. For instance, Identrus message codes fall into a number of categories:Details of what all TTM core iPlanet Trustbase Transaction Manager error messages mean can be found in your Oracle Database in a table called error_codes as illustrated below:
Figure 5-8    Selecting Error codes from your Oracle Database
su -
cd /opt/TTM/current/Config/sql
sqlplus tbase/tbase
select * from error_codes;
Previous Contents DocHome Index Next
Copyright © 2001 Sun Microsystems, Inc. Some preexisting portions Copyright © 2001 Netscape Communications Corp. All rights reserved.
Last Updated November 21, 2001