System Log

The purpose of the system log is to log events concerning the SignServer application but not necessarily related to any signing transaction (that is covered by the Worker Log). The audit log covers key and certificate management events, status properties updates (for instance for the status of the time source) and to some extent also configuration changes. For details see the table of events below.

From version 3.4.0 SignServer uses the CESeCore library to perform audit logging.

Available log events

Services
SIGNSERVER_STARTUP	Logged at startup of the SignServer application. VERSION: The version of SignServer. Example: `EVENT: SIGNSERVER_STARTUP; MODULE: SERVICE; ADMINISTRATOR: null; ISSUER: null; SERIAL_NUMBER: null; WORKER_ID: null; VERSION: SignServer 3.3.0alpha12; REPLY_TIME:1350562045545`
SIGNSERVER_SHUTDOWN	Logged at shutdown of the SignServer application. VERSION: The version of SignServer. Example: `EVENT: SIGNSERVER_SHUTDOWN; MODULE: SERVICE; ADMINISTRATOR: null; ISSUER: null; SERIAL_NUMBER: null; WORKER_ID: null; VERSION: SignServer 3.3.0alpha12; REPLY_TIME:1350562045545`
Global configuration
SET_GLOBAL_PROPERTY	Logged when a global configuration property was updated. GLOBALCONFIG_PROPERTY: The property that was updated. GLOBALCONFIG_VALUE: The new value of the property. Example: `EVENT: SET_GLOBAL_PROPERTY; MODULE: GLOBAL_CONFIG; ADMINISTRATOR: null; ISSUER: null; SERIAL_NUMBER: null; WORKER_ID: null; GLOBALCONFIG_VALUE: TESTVALUE47; GLOBALCONFIG_PROPERTY: GLOB.TESTPROPERTY47; REPLY_TIME:1350657202153`
REMOVE_GLOBAL_PROPERTY	Logged when a global configuration property was removed. GLOBALCONFIG_PROPERTY: The property that was removed. Example: `EVENT: REMOVE_GLOBAL_PROPERTY; MODULE: GLOBAL_CONFIG; ADMINISTRATOR: null; ISSUER: null; SERIAL_NUMBER: null; WORKER_ID: null; GLOBALCONFIG_PROPERTY: GLOB.TESTPROPERTY47; REPLY_TIME:1350657202444`
GLOBAL_CONFIG_RELOAD	Logged when the global configuration was reloaded from the database. Example: `EVENT: GLOBAL_CONFIG_RELOAD; MODULE: GLOBAL_CONFIG; ADMINISTRATOR: null; ISSUER: null; SERIAL_NUMBER: null; WORKER_ID: null; REPLY_TIME:1350657202593`
GLOBAL_CONFIG_RESYNC	Logged when the resync command was executed. Example: `EVENT: GLOBAL_CONFIG_RESYNC; MODULE: GLOBAL_CONFIG; ADMINISTRATOR: null; ISSUER: null; SERIAL_NUMBER: null; WORKER_ID: null; REPLY_TIME:1350894343902`
Worker configuration
SET_WORKER_CONFIG	Logged when a worker's configuration was updated by adding and/or removing and/or changing any values. WORKER_ID: The ID of the worker. Changes in worker properties are logged with prefixes added/changed/removed followed by a colon and the property name a colon and the property value. Several property changes can occur in one log line (see examples below). Authorized clients are shown as a property with the name authorized_client. Example: `EVENT: SET_WORKER_CONFIG; MODULE: WORKER_CONFIG; ADMINISTRATOR: null; ISSUER: null; SERIAL_NUMBER: null; WORKER_ID: 100; added:FOO: bar; REPLY_TIME:1350657202773` `EVENT: SET_WORKER_CONFIG; MODULE: WORKER_CONFIG; ADMINISTRATOR: null; ISSUER: null; SERIAL_NUMBER: null; WORKER_ID: 100; changed:FOO: newvalue; REPLY_TIME:1350657202873` `EVENT: SET_WORKER_CONFIG; MODULE: WORKER_CONFIG; ADMINISTRATOR: null; ISSUER: null; SERIAL_NUMBER: null; WORKER_ID: 100; removed:FOO: newvalue; REPLY_TIME:1350657202873` `EVENT: SET_WORKER_CONFIG; MODULE: WORKER_CONFIG; ADMINISTRATOR: null; ISSUER: null; SERIAL_NUMBER: null; WORKER_ID: 100; added:FOO: bar; changed:BAR: newvalue; REPLY_TIME:1350657202873` `EVENT: SET_WORKER_CONFIG; MODULE: WORKER_CONFIG; ADMINISTRATOR: null; ISSUER: null; SERIAL_NUMBER: null; WORKER_ID: 100; added:authorized_client: SN: 1234567890, issuer DN: CN=Test; REPLY_TIME:1350657202873`
CERTINSTALLED	Logged when a certificate was uploaded to the worker configuration. WORKER_ID: The ID of the worker. CERTIFICATE: The certificate in PEM format. SCOPE: If the setting was at GLOBAL or NODE scope. NODE: The ID of the node if the setting was at NODE scope, otherwise not available. Example: `EVENT: CERTINSTALLED; MODULE: WORKER_CONFIG; ADMINISTRATOR: null; ISSUER: null; SERIAL_NUMBER: null; WORKER_ID: 100; CERTIFICATE: Subject: CN=Anyone Issuer: CN=Anyone` `-----BEGIN CERTIFICATE-----` `MIIBnTCCAQagAwIBAgIIWWNYSOeuN+swDQYJKoZIhvcNAQEFBQAwETEPMA0GA1UE` `AwwGQW55b25lMB4XDTEyMTAxOTE0MzMyM1oXDTEzMTAxOTE0MzMyM1owETEPMA0G` `A1UEAwwGQW55b25lMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCDE9GElbJd` `e74WmIpPSsIF9r5vv0oH6WWo7n31goR1zMIHJPC9V1mpwQZ6C0uCHCV2ZvqQIIAE` `ZQM7mgbPfxjCF74RqKzScZlOSaHnvdf7zCWpYraVrIDt9Wg3HMxye0/L3cCImmkY` `FkFtabtoa5UuPZObdIt154Yg+GpGB8aPBwIDAQABMA0GCSqGSIb3DQEBBQUAA4GB` `AHm3oAUHwM0KwMcEUwWouE0f4+UK6ZvYvxLAgiCVZQnPImcqX1oBl+iFV59FlsXj` `rqoQYJROxIeV0ByGeyBYXqvgTw1YtdqoR+wKmiymjn/lynmTh1fQMcFoUouGfubX` `EK4rfPBXEl33gKbsO5aeMHd5iF2jtx7RfYMsOuHKoDSe` `-----END CERTIFICATE-----` `; SCOPE: GLOBAL; REPLY_TIME:1350657204367`
CERTCHAININSTALLED	Logged when a certificate chain was uploaded to the worker configuration or imported to a crypto token. With MODULE: WORKER_CONFIG the certificate chain was installed in the configuration: WORKER_ID: The ID of the worker. CERTIFICATECHAIN: The certificates in PEM format. SCOPE: If the setting was at GLOBAL or NODE scope. NODE: The ID of the node if the setting was at NODE scope, otherwise not available. Example: `EVENT: CERTCHAININSTALLED; MODULE: WORKER_CONFIG; ADMINISTRATOR: null; ISSUER: null; SERIAL_NUMBER: null; WORKER_ID: 100; CERTIFICATECHAIN: Subject: CN=Signer,C=SE Issuer: CN=Issuer,C=SE` `-----BEGIN CERTIFICATE-----` `MIIBdjCCASCgAwIBAgIIE+fXOs/SAwMwDQYJKoZIhvcNAQEFBQAwHjEPMA0GA1UE` `AwwGSXNzdWVyMQswCQYDVQQGEwJTRTAeFw0xMjEwMjIwNzQ1MDZaFw0xMzEwMjIw` `NzQ1MDZaMB4xDzANBgNVBAMMBlNpZ25lcjELMAkGA1UEBhMCU0UwgZ8wDQYJKoZI` `hvcNAQEBBQADgY0AMIGJAoGBAKpX5psdaL5CHAKSxoOvB12Ie8iUb/mX6ikF8jfu` `zrbwVgf6bX0RCUnD+v+t9vY7byz+nN32KnmGluNGdBFdM1Ug9Oc+64ZNBbgZi9mi` `cHnKMDLLSECBY2Nux62PZejp5SwtzpjFymt3TMCtRr4UHGu3zkuqLLCHFlGRdvdo` `MPQ9AgMBAAEwDQYJKoZIhvcNAQEFBQADQQADlInGm9AujZfL+1kM7ehaKyKKencF` `fp6YGElOpGEplxxIwgmVc0iYKv4rCkfUAysYL6l3AC+VLK1asxkpEJc1` `-----END CERTIFICATE-----` `Subject: CN=Issuer,C=SE` `Issuer: CN=Issuer,C=SE` `-----BEGIN CERTIFICATE-----` `MIIBMTCB3KADAgECAggbfKZHs8ttKDANBgkqhkiG9w0BAQUFADAeMQ8wDQYDVQQD` `DAZJc3N1ZXIxCzAJBgNVBAYTAlNFMB4XDTEyMTAyMjA3NDUwNloXDTEzMTAyMjA3` `NDUwNlowHjEPMA0GA1UEAwwGSXNzdWVyMQswCQYDVQQGEwJTRTBcMA0GCSqGSIb3` `DQEBAQUAA0sAMEgCQQCpgzxJ6r6D1cP8v1AB88pJsCwi0SJdeRSGYydYYBOafJk0` `fpqxJCwaiFS3tt9OkWUAXzcixv5+sItkEuEOpmp7AgMBAAEwDQYJKoZIhvcNAQEF` `BQADQQCC5NG3eWx/mXXKZmePOvZEIwyqWHOwzsBB174gkzlyhOdiOr3YwVihyebI` `VAfkEktRrO04Hi5eLR+AxW7EVz6l` `-----END CERTIFICATE-----` `; SCOPE: GLOBAL; REPLY_TIME:1350891906417` With MODULE: KEY_MANAGEMENT the certificate chain was imported to the token: WORKER_ID: The ID of the worker. CERTIFICATECHAIN: The certificates in PEM format. KEYALIAS: The alias of the entry in the token. CRYPTOTOKEN: Name of the configured crypto worker or the name or ID of the current worker if no separate crypto worker is used. Example: `EVENT: CERTCHAININSTALLED; MODULE: KEY_MANAGEMENT; ADMINISTRATOR: CLI user; ISSUER: null; SERIAL_NUMBER: null; WORKER_ID: 5801; KEYALIAS: testkeyalias10; CRYPTOTOKEN: HSMCryptoToken1; CERTIFICATECHAIN: Subject: CN=testkeyalias10,C=SE` `Issuer: CN=Issuer,C=SE` `-----BEGIN CERTIFICATE-----` `MIIBMjCB3aADAgECAgEBMA0GCSqGSIb3DQEBCwUAMB4xDzANBgNVBAMMBklzc3Vl` `cjELMAkGA1UEBhMCU0UwHhcNMTUwNTI5MTEzMTAyWhcNMTYwNTI4MTEzMTAyWjAm` `MRcwFQYDVQQDDA50ZXN0a2V5YWxpYXMxMDELMAkGA1UEBhMCU0UwXDANBgkqhkiG` `9w0BAQEFAANLADBIAkEAggmuPO78M3hhwh4MrxYzt0LM6vLmI4IWjLxO8EK8R0FV` `cDu5Rruxc/a51LCt8J8dOxm34h0RakqzObbFYZxwZwIDAQABMA0GCSqGSIb3DQEB` `CwUAA0EAYR/N98UTyjnkFMnRmd1dQfsD6cih7Dt6NTi+qxFeMbbuzVA9HhRcXwQn` `NChSJMtvJ9sKslfhlfqwZGPChSFg3g==` `-----END CERTIFICATE-----` `Subject: CN=Issuer,C=SE` `Issuer: CN=Issuer,C=SE` `-----BEGIN CERTIFICATE-----` `MIIBMTCB3KADAgECAghQdZlXUcZalTANBgkqhkiG9w0BAQUFADAeMQ8wDQYDVQQD` `DAZJc3N1ZXIxCzAJBgNVBAYTAlNFMB4XDTE1MDUyOTExMzEwMloXDTE2MDUyODEx` `MzEwMlowHjEPMA0GA1UEAwwGSXNzdWVyMQswCQYDVQQGEwJTRTBcMA0GCSqGSIb3` `DQEBAQUAA0sAMEgCQQCa35ZZru5A2DigDNyOdsZL789dVVlUTXch/Fa0e82X+FLc` `kuMoRqAuxrEw/5+uG1Xi7EkysdgyRPbdYHmv3hBlAgMBAAEwDQYJKoZIhvcNAQEF` `BQADQQAS3us4jsjHRSooeNuaaAdWjrA7b/nVnkhRjEmHUCORJXGwnHykUGB2idj6` `d3UejoxEJ78E+EAYWO2JvKbhV0ku` `-----END CERTIFICATE-----` `; REPLY_TIME:1432899062650`
KEYSELECTED	Logged when the key-pair to use was selected by changing the value of the DEFAULTKEY worker property. WORKER_ID: The ID of the worker. KEYALIAS: The new key alias. CRYPTOTOKEN: Name of the configured crypto worker or the name or ID of the current worker if no separate crypto worker is used. SCOPE: If the setting was at GLOBAL or NODE scope. NODE: The ID of the node if the setting was at NODE scope, otherwise not available. Example: `EVENT: KEYSELECTED; MODULE: WORKER_CONFIG; ADMINISTRATOR: null; ISSUER: null; SERIAL_NUMBER: null; WORKER_ID: 100; KEYALIAS: ts_key00002; CRYPTOTOKEN: TestSigner6000; SCOPE: GLOBAL; REPLY_TIME:1350891907048`
Key management
KEYGEN	Logged when a new key-pair was generated using the built-in key generation command. WORKER_ID: The ID of the worker. KEYALIAS: The new key alias. CRYPTOTOKEN: Name of the configured crypto worker or the name or ID of the current worker if no separate crypto worker is used. KEYSPEC: The key specification (i.e. RSA bit length or EC curve). KEYALG: The key algorithm. Example: `EVENT: KEYGEN; MODULE: KEY_MANAGEMENT; ADMINISTRATOR: null; ISSUER: null; SERIAL_NUMBER: null; WORKER_ID: 5676; KEYALIAS: ts_key00004; CRYPTOTOKEN: HSMCryptoToken0; KEYSPEC: 2048; KEYALG: RSA; REPLY_TIME:135089190791`
KEYTEST	Logged when the key test command was executed and a test signing with either the specified key or all keys in the slot if that was specified. WORKER_ID: The ID of the worker. KEYALIAS: Alias of the the key to test or "all" to test all available keys in the slot. CRYPTOTOKEN: Name of the configured crypto worker or the name or ID of the current worker if no separate crypto worker is used. TESTRESULTS: The test report with an entry for each tested key. Example: `EVENT: KEYTEST; MODULE: KEY_MANAGEMENT; ADMINISTRATOR: null; ISSUER: null; SERIAL_NUMBER: null; WORKER_ID: 47; KEYALIAS: all; CRYPTOTOKEN: HSMCryptoToken1; TESTRESULTS: KeyTestResult{alias=tsu47_key00005, success=true, status=, publicKeyHash=979359e5261112b11fac341962bec1e7e6052d9e}` `KeyTestResult{alias=key5, success=true, status=, publicKeyHash=46b264e4892ef2e4fd9616e4927534ca3597fd9c}` `KeyTestResult{alias=key3, success=true, status=, publicKeyHash=ae64792f1f50e23eb54bf79d46d819bc07db2d79}` `KeyTestResult{alias=key2, success=true, status=, publicKeyHash=b1317f363e6124a8e15bba8c1adb9f20b2f4ef59}` `KeyTestResult{alias=TS Signer 1, success=true, status=, publicKeyHash=8f6dfccdcea931d4deee9466f43c0eb0e7f4d8b1}` `; REPLY_TIME:1350564289165`
GENCSR	Logged when a certificate signing request (CSR) was generated. WORKER_ID: The ID of the worker. KEYALIAS: The key alias of the key used to generate the CSR. FOR_DEFAULTKEY: True if the "default key" was requested. CRYPTOTOKEN: Name of the configured crypto worker or the name or ID of the current worker if no separate crypto worker is used. CSR: Base64 encoded CSR (typically in PKCS#10 format). Example: `EVENT: GENCSR; MODULE: KEY_MANAGEMENT; ADMINISTRATOR:` `null; ISSUER:` `null; SERIAL_NUMBER:` `null; WORKER_ID:` `5676; KEYALIAS: ts_key00004; CRYPTOTOKEN: HSMCryptoToken0; CSR: MIIBYDCBygIBADAjMRQwEgYDVQQDDAtUUyBTaWduZXIgMTELMAkGA1UEBhMCU0Uw` `gZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAJt8F51wD+QcX+WLyIxjWu3at3q+` `IiJrL5jIenmggUhjOLHGHOStoNOiYEQAaiiTZ623m9y7O3zhqFdAdWZg+JrfsHQJ` `pjKV9RgvJznl6yk/K54BWOBgqjvbloAUGtn8y8Hf+5DYJUJNFqrzvRLcmCQ9JU0H` `mgSmEIqgOIwBL3oBAgMBAAEwDQYJKoZIhvcNAQEFBQADgYEAer5hr/cUYx4jy0XO` `N4U8sP/2gSFppytx9dn5BamVBLjDkcML8B3c9u9omDPebd+LEsCU+HCmYN9xHkSS` `Ei8lcAqyVv+SDLEmvE8gnrPFR/J7uADCRayLVQumW6/YpVO/sFEGuM6rgnn8ZJmW` `X2lhvJ4V1UhlkEAeyIQ861U3IgE=; REPLY_TIME:1350891907981`
KEYREMOVE	Logged when a key was removed or an removal attempt was performed. WORKER_ID: The ID of the worker. KEYALIAS: The key alias of the key removed. CRYPTOTOKEN: Name of the configured crypto worker or the name or ID of the current worker if no separate crypto worker is used. SUCCESS: True if the key was removed or false if the removal failed or if removal was not supported by the token. Example: `EVENT: KEYREMOVE; MODULE: KEY_MANAGEMENT; ADMINISTRATOR: CLI user; ISSUER: null; SERIAL_NUMBER: null; WORKER_ID: 20003; KEYALIAS: signKey000002; CRYPTOTOKEN: HSMCryptoToken1; SUCCESS: true; REPLY_TIME:1391008847962`
Status Repository
SET_STATUS_PROPERTY	Logged when a status property was updated. STATUSREPO_PROPERTY: The updated property. STATUSREPO_VALUE: The new property value. STATUSREPO_EXPIRATION: Expiration time for the status property (timestamp), if any. Example: `EVENT: SET_STATUS_PROPERTY; MODULE: STATUS_REPOSITORY; ADMINISTRATOR: null; ISSUER: null; SERIAL_NUMBER: null; WORKER_ID: null; STATUSREPO_EXPIRATION: 1350891909366; STATUSREPO_PROPERTY: TEST_PROPERTY1; STATUSREPO_VALUE: TESTVALUE47; REPLY_TIME:1350891908372`
Worker processing
PROCESS	Logged for events regarding worker processing but when a worker logger can not be used because the requested worker does not exist etc. WORKER_ID: The ID of the worker or empty in case of non existing worker. Worker logger fields: All fields available to the worker logger. Example: `EVENT: PROCESS; MODULE: WORKER; ADMINISTRATOR: null; ISSUER: null; SERIAL_NUMBER: null; WORKER_ID: null; LOG_ID: db517726-ff0d-40dd-8f2b-2297925cb4d3; CLIENT_IP: 127.0.0.1; PROCESS_SUCCESS: false; REQUEST_LENGTH: 0; XFORWARDEDFOR: null; FILENAME: noname.dat;` `REQUEST_FULLURL:` `http://localhost:8080/signserver/process?null;` `LOG_TIME: 1350628977410; WORKER_ID: 0; EXCEPTION: No such worker: 0; REPLY_TIME:1350628977411`