Chapter 5   Logs


Logs allow you to maintain control over messaging in terms of what errors are being generated together with an audit. These can be viewed. Options are available to configure the level of detail that can be seen on the screen.

There is also a raw log that provides detail of all message transactions that take place. These can be viewed using any standard Oracle tool.

Introduction

---

iPlanet Trustbase Transaction Manager allows configuration of three kinds of Logs, two of which are directly viewable:

• The Audit log contains entries about the flow of a message as it passes through the iPlanet Trustbase Transaction Manager framework (e.g. message handler, Router). This log can be useful in diagnosing problems in configurations.

• The Error log contains entries of any runtime problems both from the iPlanet Trustbase Transaction Manager framework and the Identrus specific components.

• The Raw log is only used for Logging Identrus messages both received and sent. This log is not directly viewable.

Figure 5-1    Logs Main Menu

Audit log

---

Audits can be configured in terms of their types. They can also be queried. The following audit types are available:

Trustbase Audits:

• ROUTER_ABORT_ROUTING
  This audit occurs when the rule based router aborts routing due to illegal rules.

• ROUTER_CONFIG
  This audit occurs when a change is made to the rules via the rule configuration screens.

• ROUTER_CONSTRUCTION
  This audit occurs when new rule sets are constructed at start up.

• ROUTER_CONTEXT_DIRECTIVE
  This audit occurs whenever the router executes one of the following router directives: EndContext, StartContext or ReturnToUser.

• ROUTER_ROUTE_MESSAGE
  This audit occurs whenever a message is routed to a service.

• ROUTER_START
  This audit occurs whenever the rule based router component is initialized.

• CONFIGURATION_CHANGE
  This audit occurs whenever a Trustbase configuration is changed.

• OPERATION_ABORT
  This audit occurs whenever a service has to abort the processing of a message.

• OPERATION_BEGIN
  This audit occurs whenever a service begins processing a message.

• OPERATION_COMPLETE
  This audit occurs whenever a service successfully completes the processing of a message.

• PARSER_STARTUP
  This audit occurs whenever the Message Analyzer component is started.

• SECURITY_CHANGE
  This audit occurs whenever a generic security related event occurs.

• TAS_SHUTDOWN
  This audit occurs when Trustbase is shutdown.

• TAS_STARTUP
  This audit occurs when Trustbase is started.

• ROLE_SERVICE_MAPPING_CHANGED
  This audit occurs whenever a mapping between a service and a role is changed or added in the entitlements configuration.

• DEFAULT_SECURITY_ROLE_USED
  This audit occurs whenever the authentication component cannot find a specific mapping between a user and a role - it indicates that the default security role has been applied to that user.

• CERT_BASED_ROLE_MAPPING_CHANGED
  This audit occurs whenever a mapping between a certificate and a security role is made in the entitlements configuration.

• USER_PASS_BASED_ROLE_MAPPING_CHANGED
  This audit occurs whenever a mapping between a username/password and a security role is made in the entitlements configuration.

Identrus Transaction Co-ordinator Audits:

• CSC_PROCESSING
  This audit occurs whenever a Certificate Status Check is being made.

• CSC_DEBUGGING
  This audit occurs if you wish to debug a certificate Status Check.

Audit Configuration

Audit Log Configuration allows you to select which audit types are physically viewable. Audit types are either enabled, i.e. they are logged and can be viewed, or disabled, i.e. no information is logged about these types.

In order to configure what gets logged: Select <Audit Configuration> from the main Log Menu.

Figure 5-2    Configure Audit

• Mouse <Left Click> on the audit type you wish to enable/disable.

• Select <enable> or <disable>

Audit viewing

You can view the audit log by selecting a date range (Start and end date) and machine ID (IP Address). The machine I.D. refers in this case to the machine that is making the log. You can restrict or expand your view by removing or making available the appropriate audit types. Having made your selection the Date, Machine ID, Audit type and message content are displayed on the output screen.

In order to select what you want to view: Select <Audit Log Query> from Main Log menu

Figure 5-3    Audit View

For more detailed log viewing, as all information is stored in a standard Oracle database, any third party database reporting tool may also be used.

The screen, as illustrated in Figure 5-4, might produce an output similar to the following audit:

Figure 5-4    Audit Results

If results do not fit on one page there is an index tab, as illustrated at the bottom of the screen. Users intending to search using SQL should refer to the sql table AUDITDATA.

Raw Logging

---

As part of being an Identrus member, you are required to maintain and archive a raw log. The goals fulfilled by logging the raw data are:

• Non Repudiation support - a complete transactional log that provides evidentiary support for transactions.

• Auditing - a complete transactional log that assists auditing the activities of iPlanet Trustbase Transaction Manager.

Normally these options, listed below, do not need to be changed. they can also be configured from tbase.properties:

• Signature Algorithm - By default the SHA-1/RSA algorithm is used to sign entries in the raw log. The options depend on the cryptographic security provider being utilised.

• Digest Algorithm - By default the SHA-1 algorithm is used to digest entries in the raw log. The digest is used as part of the raw log mechanism that ensures no tampering of the log contents.

• Certificate Attribute - This option is only used if the issuer DN and serial number fields are blank. By default, this field contains the value L1IPSC that indicates the certificate purpose ID, inter-participant signing certificate.

• Sequence Factory Type - This option should not be changed. It is for internal purpose only and affects the way data is sequenced for different database providers (e.g Oracle).

• Sequence Factory Name - This option should not be changed. It is for internal purpose only and affects the way data is sequenced for different database providers (e.g Oracle).

The message logger places the raw data it receives into the logs for safe-keeping. It will log data for Identrus specific transactions that it supports and for only those transactions. This raw data contains information in plain text and base64 encoding that gets signed by the message logger to provide the kinds of guarantees mentioned previously. At present there are facilities for multi-logging using the script.

/opt/TTM/runAddLoggerWizard

---

Note	The raw log can be displayed from Oracle using the RAW_DATA table e.g. "select * from raw_data displaying MSGRPID".

---

Errors

---

Errors are now discussed in four sections:

• How to view errors

• What the severity of an error means

• Where to find a list of core iPlanet Trustbase Transaction Manager error messages

• A table summary of all Identrus specific error messages

Viewing

You can view the error log by selecting a date range (start and end dates) and machine ID (IP Address). You can restrict or expand your view by specifying a minimum and maximum error severity. Additionally, by specifying a Java class, errors can be viewed that are produced by that class only. Having made your selection the Date, Machine ID, class type and error message are displayed on the output screen. For example the following selection:

Figure 5-5    Error Log Query

The Error log can be displayed from Oracle using the ERRORVIEW table e.g. "select * from ERRORVIEW"

The screen shown on the previous page might produce an output similar to the following errors:

Figure 5-6    Error Log Query Results

Configuring Error Event Types

This section allows you to specify the minimum error level that will be logged. Any errors with tags below this level will NOT be recorded.

Figure 5-7    Error Log Configuration

iPlanet Trustbase Transaction Manager defines an error as a severity, the class of object defining the error, and a programmer defined message. The default implementation defines four constants that indicate the various severity levels:

• INFORMATION - This constant is to be used to log informational events, which are not necessarily errors - this should be used sparingly.

• WARNING - This constant is to be used for error conditions that are expected and handled, but require logging for behaviour analysis.

• ERROR - This constant is to be used for serious errors which indicate that something is inherently incorrect with the system, but that allow processing to continue, or be retried.

• FATAL - This constant is to be used for fatal errors from which processing cannot recover, these errors would result in the abandoning of processing.

Error Messages

Error messages fall into two categories, those that are produced by the iPlanet Trustbase Transaction Manager framework and those produced by Identrus services. For instance, Identrus message codes fall into a number of categories:

• Message Writer Errors

• Message Reader Errors

• Certificate Status Check Errors

Details of what all TTM core iPlanet Trustbase Transaction Manager error messages mean can be found in your Oracle Database in a table called error_codes as illustrated below:

Figure 5-8    Selecting Error codes from your Oracle Database

su - cd /opt/TTM/current/Config/sql sqlplus tbase/tbase select * from error_codes;