ADSS Server Logging
ADSS Server generates three types of logs:
1) Transaction Logs
Each ADSS Server service creates its own set of sequenced HMAC secured log entries that record every request and response provided by the service. These log entries are stored in the ADSS database for each service. Multiple load balanced services that use the same database use the same log tables and hence a common view of the complete load balanced service is provided. The logs for each service can be checked using the "transactions log viewer" provided for each service. The log viewer is different for each service because of the different details recorded within the transaction log entries.
2) System Logs
ADSS Server creates system logs that record:
- All operations performed by ADSS operators on the ADSS Server – referred to as Operational Logs
- All automatic system operations performed by the ADSS Server itself (e.g. CRL publishing, email alerts sent etc) – referred to as Event Logs.
These system logs can be reviewed using the "System Log Viewer" as explained in this link: System Log Viewer.
3) Trace/Debug Logs
Each ADSS Server instance creates external trace log files within the Tomcat web container environment. Each service produces separate trace logs and these are written within this folder area: [ADSS Server Home]/logs. These trace logs record the process flow within ADSS Server and provide useful information when managing process issues. The level of detail in these logs can be set to ERROR, INFO(+ERROR) or DEBUG(+INFO+ERROR) - see: Managing ADSS Server Logs. The trace logs do not store the request/response data for the relevant services – this level of information is only stored inside the transaction logs.
The details for each trace log are provided in the following table:
Log Directory |
Description |
/console |
The console.log provides information related to actions performed by system operators on the ADSS Server console. |
/console/trash |
The trash.log provides information related to any uncaught log messages along with messages written in the console output. |
/console/hibernate |
The hibernate.log provides information related to database errors. |
/console/hmac |
The hmac.log provides information related to manual hmac computation perform by the operator. |
/console/pkcs11 |
The pkcs11.log provides information related to the communication between the ADSS Server console and a hardware security module. |
/console/tomcat |
Contains the following log files:
These are all Tomcat’s internal logs and generated when the Tomcat web server is started. |
/service |
The service.log provides information related to the status of the ADSS Server services e.g. when the ADSS service started etc. |
/service/trash |
The trash.log provides information related to any uncaught log messages along with messages written in service output. |
/service/hibernate |
The hibernate.log provides information related to database errors. |
/service/certification |
The certification.log provides information related to Certification Service transactions i.e. who sent the request, how ADSS Server processed the request and the details of any errors. |
/service/crlmanager |
The crlmanager.log provides information related to CRL Monitor processing i.e. details for which CAs CRL polling was started; details of each CA’s CRL polling and errors that are reported. |
/service/encryption |
The encryption.log provides information related to decryption transactions i.e. who sent the request, how ADSS Server processed the request and the details of any errors. |
/service/signing |
The signing.log provides information related to signing transactions i.e. who sent the request, how ADSS Server processed the request and the details of any errors. |
/service/verification |
The verification.log provides information related to verification transactions i.e. who sent the request, how ADSS Server processed the request and the details of any errors. |
/service/ocsp |
The ocsp.log provides information related to OCSP transactions i.e. who sent the request, when it was sent, the response returned etc. |
/service/tsa |
The tsa.log provides information related to TSA request transactions i.e. who sent the request, when it was sent, the response returned etc. |
/service/xkms |
The xkms.log provides information related to XKMS transactions i.e. who sent the request, when it was sent, the response returned etc. |
/service/ltan |
The ltan.log provides information related to LTAN transactions i.e. who sent the request, when it was sent, the response returned etc. |
/service/scvp |
The scvp.log provides information related to SCVP transactions i.e. who sent the request, when it was sent, the response returned etc. |
/service/gosign |
The gosign.log provides information related to Go>Sign Service transactions i.e. who sent the request, when it was sent, the response returned and details of any error that occurred. |
/service/ocspmonitor |
The ocspmonitor.log provides information related to OCSP Monitor test case execution details and details of any errors that occurred. |
/service/database |
The database.log provides information related to the service instance connectivity with the database e.g. which database errors were produced etc. |
/service/ntp |
The ntp.log provides information related to NTP time drift services e.g. what is the time deviation of the ADSS Server from configured NTP time servers. |
/service/pkcs11 |
The pkcs11.log provides information related to the communication between the ADSS Server services and a hardware security module such as a connection failure. |
/service/tomcat |
Contains the following log files:
These are all Tomcat’s internal logs and maintained when the Tomcat web server is started. |
/core |
The core.log provides information related to the status of the ADSS core service e.g. when the ADSS core started etc. |
/core/trash |
The trash.log provides information related to any uncaught log messages along with messages written in service output. |
/core/hibernate |
The hibernate.log provides information related to database errors. |
/core/archiving |
The archiving.log provides information related to auto archiving of the database records e.g. which errors occurred when performing auto archiving of database records. |
/core/database |
The database.log provides information related to the core instance connectivity with the database e.g. which database errors were produced etc. |
/core/hmac |
The hmac.log provides information related to automatic hmac computation e.g. any errors that occurred while verifying database record integrity for tampering. |
/core/pkcs11 |
The pkcs11.log provides information related to the communication between the core service and a hardware security module e.g. reconnection attempts after disconnection. |
/core/tomcat |
Contains the following log files:
These are all Tomcat’s internal logs and maintained when the Tomcat web server is started. |
The ADSS Server trace/ debug logs contain technical information designed to be used by Ascertia support staff Software Engineers/ Architects. The log record the process flows such that issues not recorded by the transaction logs can be tracked and identified and relevant advice provided. For certain issues Ascertia support staff may advise that the trace log configuration is changed to record DEBUG levels of detail. |
See also
Localisation
ADSS Service Interface Error Codes
Changing ADSS Default Service URL
Configuring Tomcat for TLS Authentication Using HSM Devices