The ADSS Decryption service transaction log records every Decryption service request and response messages:



Each item in the screenshot is described below:

Items

Description

Clear Search

After a Search this window will only show the filtered records. The Clear Search button is used to view the full set of records.

Search

This opens a new window where search criteria can be entered based on each column of the transaction grid. See below for further details.

Customise Columns

This opens a new window to configure which column need to be shown on the grid and which column need to be hidden.

|< < > >|

These buttons are for navigating the different pages of the transaction log. Note the number of records shown per page is configurable from within Global Settings.

Export Logs

Used to export the logs shown in Transactions Log Viewer window into a tab separated file at a configurable path. Note the records continue to remain in the database also (i.e. they are not deleted from the database as part of the export process).

Verify Integrity

Verifies the integrity of the service transaction log records. It detects tampered and deleted records and generates a report that can be exported to a physical drive. When exporting the HMAC verification report, it is recommended to save the file with “.html” extension so that the report can be viewed in an internet browser. 

Log ID

A unique serial number for the log record, which is system-defined. Log ID is shown as a link, clicking on which shows the details for the selected transaction.

Response Status

This shows a response status for the returned response i.e. SUCCESS or FAILED. 

Request Type

This specifies the requested Decryption operation for the relevant transaction. Currently only Decrypt is shown. 

Request Time

Records the date/time when the request was received.

Response Time

Records the date/time when the response was sent.

Request/Response

Provides a link to view the request/response messages in a new window. See below for further details. 

Originator ID

Records the originator ID of the client application who requested the selected transaction. 

TLS Cert

Provides a link to view client authentication certificate of the requester when request is sent over TLS channel with client authentication. 

Signing Cert

Provides a link to view request signing certificate of the requester based on the requests being signed.

Error Code

Bring mouse over the View link to see the error code if the transaction is failed for some reason e.g. Request not signed, Decryption Service disabled etc. 


The Decryption Service transaction records can be sorted in either ascending or descending order by selecting a table column from the drop down list. From the drop down menu in above screen, choose Import Archived and click on Go button. This will show the following screen: 

Each item in the screenshot is described below:

Items

Description

Import archived transaction file

Use this option to browse the archived log file in zip format from the operator machine. By using this option the archived log file is uploaded on the ADSS Server. It can be an expensive operation if the file is of large size so the operator is allowed to upload a file with maximum size up to 25 MB. Use the archived file path option for files bigger than 25 MB.

Archived transaction file path

Use this option if the file size is greater than 25 MB. This option does not upload the archived file to the server. Rather the server reads the file from given file path before importing which is faster than the above option. You can either specify the local file system path or a network path.

Note: Do specify the archived log file name in the file path.


The archived files were created in the csv format till ADSS Server v4.7.5 but from v4.7.6 and onward the archived files are zipped to save the disk space when archiving. If you are importing the archived files created using a pre-v4.7.6 deployment to ADSS Server v4.7.6 or later then first zip them before importing otherwise ADSS Server will not recognise them as correct archived files.

As explained above, clicking on the Search button on Transactions Log Viewer displays following screen:

This helps to locate a particular transaction the Decryption Service may have performed within a particular time frame or to a particular client (i.e. using the Originator ID). If a search is based on multiple values, then these will be combined together using the “AND” operator, and thus only records that meet all the criteria will be presented.


If "_" character is used in the search then it will act as wildcard.

Clicking on the Customise Columns button on Decryption Transactions Log Viewer displays following screen:

By default few columns are in the "Selected Columns" list. In order to hide a column move the required column to "Available Columns" list

Each log record within the database is protected with an HMAC checksum to detect any intentional or accidental modification of records. Clicking the Verify Integrity button checks the log integrity and generates a report as shown below:



Click on the Export logs button to export the request/response to a network file.

The transaction logs are not exported according to the applied filter/search, they are exported as a complete zip file.

 
Clicking the Fix HMAC Errors button will re-calculate the HMAC for tampered transaction logs records for this module.

Note: This option will not detect the unauthorized deleted records but it will only fix the unauthorized modifications and/or ambiguous records for which HMAC value is not present/incorrect.

The Verify Integrity feature is available for the transactions log of all services within ADSS Server.


Clicking on the View link for Request/Response displays the XKMS request and response sent or received during this transaction as shown below.



Click on the Export Request/Export Response button to export the Decryption request/response on the physical drive.


See also

Configuring the Decryption Service
Logs Archiving
Alerts

Decryption Interface URLs