Operational Logs
Operational Logs record any change to any record within the ADSS Server database as a result of an operation performed by an ADSS Server operator (i.e. normal operator, administrator or any other role holder). The change could be insertion, modification or deletion of any record.
The following screen shows example operational log records:
The details in the screen are as follows:
| Item | Description |
| |< < > >| | These buttons are for navigating the different pages of the operational log file. Note the number of records shown per page is configurable from within Global Settings. |
| Clear Search | After a Search the window will only show the filtered records, this button clears the search and shows the full set of records again. |
| Search | This opens a new window where search criteria based can be entered based on each column of log viewer grid (see below for further details). |
| Export Logs | Used to export the logs shown in Operational Log Viewer window into a tab separated file at a configurable path. Note the records continue to remain in the database also (i.e. they are not deleted from the database as part of the export process). |
| Verify Integrity | Verifies the log integrity of the operational log records. It detects tampered and deleted records and generates a report that can be exported to the physical drive. When exporting HMAC verification report, it is recommended saving the file with “.html” extension so that the report can be viewed in an internet browser. |
| Operation ID link | This table column identifies the type of operation that was performed and clicking on the link for operation ID also shows details of the operation (including a pre-change view and a post-change view). See further details below. |
| Module ID | This column shows the ADSS Server module in which the operation was performed. |
| Sub Module ID | For some modules there are sub-modules, and in this case the column shows the name of the sub-module in which the operation was performed. When there are no sub-modules then the Module ID is repeated. |
| Performed At | This identifies the date and time when the operation was performed. |
| Performed By | This identifies which ADSS system operator performed this action. |
| Information | This column will identify any messages generated as a result of the operation. |
From the drop down menu in above screen, choose Show Archived and click on Go button. This will show the following screen:
| Item | Description |
| Import archived transaction file | Use this option to browse the archived log file in zip format from the operator machine. By using this option the archived log file is uploaded on the ADSS Server. It can be an expensive operation if the file is of large size so the operator is allowed to upload a file with maximum size up to 25 MB. Use the archived file path option for files bigger than 25 MB. |
| Archived transaction file path | Use this option if the file size is greater than 25 MB. This option does not upload the archived file to the server. Rather the server reads the file from given file path before importing which is faster than the above option. You can either specify the local file system path or a network path. Note: Do specify the archived log file name in the file path. |
The archived files were created in the csv format till ADSS Server v4.7.5 but from v4.7.6 and onward the archived files are zipped to save the disk space when archiving. If you are importing the archived files created using a pre-v4.7.6 deployment to ADSS Server v4.7.6 or later then first zip them before importing otherwise ADSS Server will not recognise them as correct archived files.
Clicking the Search button displays the following screen allowing a search for a particular log record:
If multiple items are entered then AND operator is used in the query to produce the result. Therefore this search facility enables advanced filters to be created such as “Show all operations performed by operator_1 during May 2006”.
Each log record within the database is protected with an HMAC checksum to detect any intentional or accidental modification of records. Clicking Verify Integrity button verifies the log integrity and generates a report as shown below:
Click on the Export logs button to export the request/response to a network file. Clicking the Fix HMAC Errors button will re-calculate the HMAC for tempered transaction logs records for this module.
Note: This option will not detect the unauthorized deleted records but it will only fix the unauthorized modifications and/or ambiguous records for which HMAC value is not present/incorrect.
Verify Integrity feature is available for the transactions log of all services within ADSS Server.
Operational Log records can be sorted in either Ascending or Descending order by selecting a table column from the drop down list.
Click on the relevant Operation ID link to view details of an operation:
This shows an update on the Global Settings > Miscellaneous page. The header also shows who performed this operation and when.
The table provides a separate row for each element in the record. The element’s “Pre-State” i.e. before the action was carried out and a “Post-State” which shows the element’s value after the operation are shown. This clearly shows the changes made to each element in the record. Empty elements are shown as “-“. The field within the record that has been changed is shown in red.
Unauthorized Modification Information
When any configuration is updated, the HMAC is re-computed for the related database record. In this case if there were unauthorized modifications, these would not be detected anymore as a problem and any changes made by an attacker would get protected. To overcome this problem, ADSS Server verifies the existing HMAC value against the previous state of the record (which is saved in the database). If an unauthorized modification is detected in the previous state then the relevant operational log entry will be highlighted red with a tool-tip message "HMAC re-computed for unauthorized modified record".
See also