Home > ADSS CRL Monitor > CRL Logs

CRL Logs

The CRL log records all system events associated with the polling, retrieval and verification of CRLs for the registered CAs. The log records should be reviewed regularly to ensure CRL polling is being managed as expected.


Each item in the screenshot is described below:

Item Description
Clear Search After a Search this window will only show the filtered records. The Clear Search button is used to view the full set of records.
Search This opens a new window where search criteria can be entered based on each column of the transaction grid.
Customise Columns This opens a new window to configure which column need to be shown in the grid and which column need to be hidden.  See below for more details
|< < > >| These buttons are for navigating the different pages of the transaction log. 
Note: The number of records shown per page is configurable from within Global Settings.
Export Logs Exports the transactions logs into a zipped CSV file in human readable format.
Verify Integrity Verifies the integrity of the SAM service transaction log records. It detects tampered and deleted records and generates a report that can be exported to a physical drive. 
Note: When exporting HMAC verification reports, it is recommended to save the file with “.html” extension so that the report can be viewed in an internet browser.
Show Archived This opens a new window where you can import and view previously archived file i.e. archived/exported transactions log.
Log ID A unique serial number for the log record, it is system-defined and not part of the request/response messages.
Event ID
 Identifies the CRL Monitor Event ID that generated the log record.
CA Friendly Name Identifies the CA for which the CRL was being retrieved.
Performed At Identifies when the system action was performed.
Message Type Identifies the type of message (e.g. a system action, an information message or an error message.
Message Shows messages generated by the system.
Show complete logs By default it is unchecked and only shows the main conclusive message in CRL polling logs rather showing each and every step performed as part of CRL processing. The message either gives final statement whether the CRL is updated in database or ignored or failed.When checked system shows complete CRL logs. 

The CRL Monitor Service transaction records can be sorted in either ascending or descending order by selecting a table column from the drop down list. From the drop down menu in above screen, choose Import Archived and click on Go button. This will show the following screen: 

Item Description
Import archived transaction file
 Use this option to browse the archived log file in zip format from the operator machine. By using this option the archived log file is uploaded on the ADSS Server. It can be an expensive operation if the file is of large size so the operator is allowed to upload a file with maximum size up to 25 MB. Use the archived file path option for files bigger than 25 MB.
Archived transaction file path
 Use this option if the file size is greater than 25 MB. This option does not upload the archived file to the server. Rather the server reads the file from given file path before importing which is faster than the above option. You can either specify the local file system path or a network path.
Note: Do specify the archived log file name in the file path.

The archived files were created in the csv format till ADSS Server v4.7.5 but from v4.7.6 and onward the archived files are zipped to save the disk space when archiving. If you are importing the archived files created using a pre-v4.7.6 deployment to ADSS Server v4.7.6 or later then first zip them before importing otherwise ADSS Server will not recognise them as correct archived files.
As explained above, clicking on the Search button on CRL Monitor Transactions Log Viewer displays following screen:

The Search button can be used to filter the records log. This is particularly useful when looking just for error messages, or messages generated within a particular date range. The filters can be combined to set-up advanced queries such as “show all errors generated whilst downloading CRLs” or “show all errors while verifying CRLs”:

 ​
If "_" character is used in the search then it will act as wildcard.
Clicking on the Customise Columns button on Signing Transactions Log Viewer displays following screen:



By default all columns are in the "Selected Columns" list. In order to hide a column move the required column to "Available Columns" list.

Each log record within the database is protected with a cryptographic HMAC checksum to detect any intentional or accidental modification of records. Clicking the Verify Integrity button verifies the log integrity by checking each checksum and generates a report as shown below:




Click on the Export Logs button to export the request/response to a network file.  Clicking the Fix HMAC Errors button will re-calculate the HMAC for tempered transaction logs records for this module. 

Note: This option will not detect the unauthorized deleted records but it will only fix the unauthorized modifications and/or ambiguous records for which HMAC value is not present/incorrect. 


The Verify Integrity feature is available for the transactions log of all services within ADSS Server.

See also

CRL Monitor Key Features
CRL Storage within ADSS Server
Proxy Settings and Digest Authentication
Using the Service Manager
High Availability for CRL Monitor
Viewing CRL Details
CRL Monitoring
Instant Revocation
Logs Archiving
Alerts
Management Reporting