ADSS Server Logging

ADSS Server generates three types of logs:

1) Transaction Logs

Each ADSS Server service creates its own set of sequenced HMAC secured log entries that record every request and response provided by the service. These log entries are stored in the ADSS database for each service. Multiple load balanced services that use the same database use the same log tables and hence a common view of the complete load balanced service is provided. The logs for each service can be checked using the "transactions log viewer" provided for each service. The log viewer is different for each service because of the different details recorded within the transaction log entries.

2) System Logs

ADSS Server creates system logs that record:

All operations performed by ADSS operators on the ADSS Server – referred to as Operational Logs
All automatic system operations performed by the ADSS Server itself (e.g. CRL publishing, email alerts sent etc) – referred to as Event Logs.

These system logs can be reviewed using the "System Log Viewer" as explained in this link: System Log Viewer.

3) Trace/Debug Logs

Each ADSS Server instance creates external trace log files within the Tomcat web container environment. Each service produces separate trace logs and these are written within this folder area: [ADSS Server Home]/logs. These trace logs record the process flow within ADSS Server and provide useful information when managing process issues. The level of detail in these logs can be set to ERROR, INFO(+ERROR) or DEBUG(+INFO+ERROR) - see: Managing ADSS Server Logs. The trace logs do not store the request/response data for the relevant services – this level of information is only stored inside the transaction logs.

The details for each trace log are provided in the following table:

Log Directory	Description
/console	The console.log provides information related to actions performed by system operators on the ADSS Server console.
/console/trash	The trash.log provides information related to any uncaught log messages along with messages written in the console output.
/console/hibernate	The hibernate.log provides information related to database errors.
/console/hmac	The hmac.log provides information related to manual hmac computation perform by the operator.
/console/pkcs11	The pkcs11.log provides information related to the communication between the ADSS Server console and a hardware security module.
/console/tomcat	Contains the following log files: catalina.log manager.log host-manager.log localhost.log. These are all Tomcat’s internal logs and generated when the Tomcat web server is started.
/service	The service.log provides information related to the status of the ADSS Server services e.g. when the ADSS service started etc.
/service/trash	The trash.log provides information related to any uncaught log messages along with messages written in service output.
/service/hibernate	The hibernate.log provides information related to database errors.
/service/certification	The certification.log provides information related to Certification Service transactions i.e. who sent the request, how ADSS Server processed the request and the details of any errors.
/service/crlmanager	The crlmanager.log provides information related to CRL Monitor processing i.e. details for which CAs CRL polling was started; details of each CA’s CRL polling and errors that are reported.
/service/encryption	The encryption.log provides information related to decryption transactions i.e. who sent the request, how ADSS Server processed the request and the details of any errors.
/service/signing	The signing.log provides information related to signing transactions i.e. who sent the request, how ADSS Server processed the request and the details of any errors.
/service/verification	The verification.log provides information related to verification transactions i.e. who sent the request, how ADSS Server processed the request and the details of any errors.
/service/ocsp	The ocsp.log provides information related to OCSP transactions i.e. who sent the request, when it was sent, the response returned etc.
/service/tsa	The tsa.log provides information related to TSA request transactions i.e. who sent the request, when it was sent, the response returned etc.
/service/xkms	The xkms.log provides information related to XKMS transactions i.e. who sent the request, when it was sent, the response returned etc.
/service/ltan	The ltan.log provides information related to LTAN transactions i.e. who sent the request, when it was sent, the response returned etc.
/service/scvp	The scvp.log provides information related to SCVP transactions i.e. who sent the request, when it was sent, the response returned etc.
/service/gosign	The gosign.log provides information related to Go>Sign Service transactions i.e. who sent the request, when it was sent, the response returned and details of any error that occurred.
/service/ocspmonitor	The ocspmonitor.log provides information related to OCSP Monitor test case execution details and details of any errors that occurred.
/service/database	The database.log provides information related to the service instance connectivity with the database e.g. which database errors were produced etc.
/service/ntp	The ntp.log provides information related to NTP time drift services e.g. what is the time deviation of the ADSS Server from configured NTP time servers.
/service/pkcs11	The pkcs11.log provides information related to the communication between the ADSS Server services and a hardware security module such as a connection failure.
/service/tomcat	Contains the following log files: catalina.log manager.log host-manager.log localhost.log. These are all Tomcat’s internal logs and maintained when the Tomcat web server is started.
/core	The core.log provides information related to the status of the ADSS core service e.g. when the ADSS core started etc.
/core/trash	The trash.log provides information related to any uncaught log messages along with messages written in service output.
/core/hibernate	The hibernate.log provides information related to database errors.
/core/archiving	The archiving.log provides information related to auto archiving of the database records e.g. which errors occurred when performing auto archiving of database records.
/core/database	The database.log provides information related to the core instance connectivity with the database e.g. which database errors were produced etc.
/core/hmac	The hmac.log provides information related to automatic hmac computation e.g. any errors that occurred while verifying database record integrity for tampering.
/core/pkcs11	The pkcs11.log provides information related to the communication between the core service and a hardware security module e.g. reconnection attempts after disconnection.
/core/tomcat	Contains the following log files: catalina.log manager.log host-manager.log localhost.log. These are all Tomcat’s internal logs and maintained when the Tomcat web server is started.

The ADSS Server trace/ debug logs contain technical information designed to be used by Ascertia support staff Software Engineers/ Architects. The log record the process flows such that issues not recorded by the transaction logs can be tracked and identified and relevant advice provided. For certain issues Ascertia support staff may advise that the trace log configuration is changed to record DEBUG levels of detail.