Transactions logs are essential when running a secure trustworthy system as it enables the system data to be subject to future audit reviews, particularly if there is a dispute about an action involving ADSS Server. The ADSS Server automated log archiving feature saves database processing time and aids database space management. This valuable housekeeping process prevents the database from becoming bloated and inefficient.  

Log archiving enables the system to automatically remove old transactional data from the system. By default the configuration is set to “Auto archive every 30 days” and “Archive data older than 90 days”. Each transaction record can occupy a few kilobytes of data in the database.  For low throughput systems the last figure can by increased to 120 or even 180 days if required. 

The archiving module allows operators to enable/disable auto-archiving and/or perform manual archiving of the transactions log for this service. By enabling the auto-archiving option, logged transactions are automatically moved from the database to a zipped CSV file periodically. You can manually archive the logs as well by clicking the Archive Now button at the bottom. Records moved to a zipped CSV file can be imported back into the ADSS Server for auditing purpose later on, details are available here.


It is important to note that archiving is a highly intensive operation and it may impact the performance of the system. Hence it is important to schedule archiving at off-peak hours when end-users are not utilizing the services heavily. Alternatively a dedicated load balanced ADSS Server instance should be set-up for such housekeeping tasks by deploying ADSS Server Core and Service instances on different machines.

The integrity of archived logs can also be preserved by signing the archived log file using a Log Signing key, this configuration is available within the Global Settings > System Certificates module.

The items in screenshot are described below:

Items

Description

Archived file path

This is the path to the location where archived files will be stored in zipped CSV format.

Delete records from database once archived

Enable this option if you want to delete the records from the database upon archiving.

Note: Unless selected the database records will still remain present in the database even upon archiving. In such cases an archive back-up of the records is created but database size is not reduced.  It is therefore important to select this checkbox very carefully depending on the required objective for the archiving process.

Enable auto-archiving

Check this option to enable the auto-archiving of logs.

Auto-archive every

This value specifies how often (in days) the transaction logs are archived.

Archive records older than

The transaction logs older than the configured number of days are auto-archived.

Archive at

This value specifies the time on the day when auto-archiving will be performed. It is important to configure this time keeping in view that auto-archiving of transactions should only be done in off-peek hours as mentioned above.

Archive All Records

This option immediately archives all logs at specified archived file path.


Click Save button for the changes to take effect.

It is recommended not to open archived log files in Microsoft Excel, doing so corrupts the archived log file and the log integrity can no longer be verified if the records are re-imported into ADSS Server later on. This is because Microsoft Excel adds characters to the file on opening. The archived log files can be opened in Notepad (if required). For viewing these log files they should be re-imported into the Transaction Logs Viewer



See also

Configuring the SCVP Service

Access Control
Transactions Log Viewer
Logs Archiving
Alerts
Management Reporting
Operating the SCVP Service in FIPS 201 Compliant Mode
SCVP Service Interface URLs