ADSS Server generates three types of logs:

1) Transaction Logs

Each ADSS Server service creates its own set of sequenced HMAC secured log entries that record every request and response provided by the service. These log entries are stored in the ADSS database for each service. Multiple load balanced services that use the same database use the same log tables and hence a common view of the complete load balanced service is provided. The logs for each service can be checked using the "transactions log viewer" provided for each service. The log viewer is different for each service because of the different details recorded within the transaction log entries.

2) System Logs

ADSS Server creates system logs that record:  

  • All operations performed by ADSS operators on the ADSS Server – referred to as Operational Logs
  • All automatic system operations performed by the ADSS Server itself (e.g. CRL publishing, email alerts sent etc) – referred to as Event Logs.

These system logs can be reviewed using the "System Log Viewer" as explained in this link: System Log Viewer.

3) Trace/Debug Logs

Each ADSS Server instance creates external trace log files within the Tomcat web container environment. Each service produces separate trace logs and these are written within this folder area: [ADSS Server Home]/logs. These trace logs record the process flow within ADSS Server and provide useful information when managing process issues. The level of detail in these logs can be set to ERROR, INFO(+ERROR) or DEBUG(+INFO+ERROR) - see: Managing ADSS Server Logs. The trace logs do not store the request/response data for the relevant services – this level of information is only stored inside the transaction logs.

The details for each trace log are provided in the following table:

Log Directory

Description

/console

The console.log provides information related to actions performed by system operators on the ADSS Server console.

/console/trash

The trash.log provides information related to any uncaught log messages along with messages written in the console output.

/console/hibernate

The hibernate.log provides information related to database errors. 

/console/hmac

The hmac.log provides information related to manual hmac computation perform by the operator.

/console/pkcs11

The pkcs11.log provides information related to the communication between the ADSS Server console and a hardware security module.

/console/tomcat

Contains the following log files:

  • catalina.log
  • manager.log
  • host-manager.log
  • localhost.log.

These are all Tomcat’s internal logs and generated when the Tomcat web server is started.

/service

The service.log provides information related to the status of the ADSS Server services e.g. when the ADSS service started etc.

/service/trash

The trash.log provides information related to any uncaught log messages along with messages written in service output.

/service/hibernate

The hibernate.log provides information related to database errors. 

/service/certification

The certification.log provides information related to Certification Service transactions i.e. who sent the request, how ADSS Server processed the request and the details of any errors.

/service/crlmanager

The crlmanager.log provides information related to CRL Monitor processing i.e. details for which CAs CRL polling was started; details of each CA’s CRL polling and errors that are reported.

/service/encryption

The encryption.log provides information related to decryption transactions i.e. who sent the request, how ADSS Server processed the request and the details of any errors.

/service/signing

The signing.log provides information related to signing transactions i.e. who sent the request, how ADSS Server processed the request and the details of any errors.

/service/verification

The verification.log provides information related to verification transactions i.e. who sent the request, how ADSS Server processed the request and the details of any errors.

/service/ocsp

The ocsp.log provides information related to OCSP transactions i.e. who sent the request, when it was sent, the response returned etc.

/service/tsa

The tsa.log provides information related to TSA request transactions i.e. who sent the request, when it was sent, the response returned etc.

/service/xkms

The xkms.log provides information related to XKMS transactions i.e. who sent the request, when it was sent, the response returned etc.

/service/ltan

The ltan.log provides information related to LTAN transactions i.e. who sent the request, when it was sent, the response returned etc.

/service/scvp

The scvp.log provides information related to SCVP transactions i.e. who sent the request, when it was sent, the response returned etc.

/service/gosign

The gosign.log provides information related to Go>Sign Service transactions i.e. who sent the request, when it was sent, the response returned and details of any error that occurred.

/service/ocspmonitor

The ocspmonitor.log provides information related to OCSP Monitor test case execution details and details of any errors that occurred.

/service/database

The database.log provides information related to the service instance connectivity with the database e.g. which database errors were produced etc.

/service/ntp

The ntp.log provides information related to NTP time drift services e.g. what is the time deviation of the ADSS Server from configured NTP time servers.

/service/pkcs11

The pkcs11.log provides information related to the communication between the ADSS Server services and a hardware security module such as a connection failure.

/service/tomcat

Contains the following log files:

  • catalina.log
  • manager.log
  • host-manager.log
  • localhost.log.

These are all Tomcat’s internal logs and maintained when the Tomcat web server is started.

/core

The core.log provides information related to the status of the ADSS core service e.g. when the ADSS core started etc.  

/core/trash

The trash.log provides information related to any uncaught log messages along with messages written in service output.

/core/hibernate

The hibernate.log provides information related to database errors. 

/core/archiving

The archiving.log provides information related to auto archiving of the database records e.g. which errors occurred when performing auto archiving of database records.

/core/database

The database.log provides information related to the core instance connectivity with the database e.g. which database errors were produced etc.

/core/hmac

The hmac.log provides information related to automatic hmac computation e.g. any errors that occurred while verifying database record integrity for tampering.

/core/pkcs11

The pkcs11.log provides information related to the communication between the core service and a hardware security module e.g. reconnection attempts after disconnection.

/core/tomcat

Contains the following log files:

  • catalina.log
  • manager.log
  • host-manager.log
  • localhost.log.

These are all Tomcat’s internal logs and maintained when the Tomcat web server is started.


The ADSS Server trace/ debug logs contain technical information designed to be used by Ascertia support staff Software Engineers/ Architects. The log record the process flows such that issues not recorded by the transaction logs can be tracked and identified and relevant advice provided. For certain issues Ascertia support staff may advise that the trace log configuration is changed to record DEBUG levels of detail.


See also

ADSS Server Logging

Localisation
ADSS Service Interface Error Codes
Changing ADSS Default Service URL
Configuring Tomcat for TLS Authentication Using HSM Devices