Hi Martin, Martin Bartosch wrote:
I think we have several logging classes within the OpenCA system:
a. system operations log, e. g.:
- daemon startup/shutdown
- client connect/disconnect
b. system monitoring events
- infrastructure availability status (database, HSMs, cluster peers...)
- data monitoring (e. g. remaining validity of existing CRLs and
maybe some important certificates)
- (critical or fatal) system errors
- security violations
c. object manipulation audit trail
- authentication events
- any object manipulation as induced by users or admins
- (private key usage counter?)
(d. debug information)
I use now Log::Log4perl. I wrote an own appender to use OpenCA::DBI for logging. We can log now to file, syslog and DBI. Priorities are debug, info, warn, error and fatal. Categories are audit, system, monitor and auth.
Actually OpenCA::AC and OpenCA::DBI are logging. You can find the configuration in log.conf. DBI is automatically configured.
Some examples are in the attachment. Michael -- _______________________________________________________________ Michael Bell Humboldt-Universitaet zu Berlin Tel.: +49 (0)30-2093 2482 ZE Computer- und Medienservice Fax: +49 (0)30-2093 2704 Unter den Linden 6 [EMAIL PROTECTED] D-10099 Berlin _______________________________________________________________
syslog: tail -f /var/log/messages Jun 23 13:59:23 bellus ./openca_start: 2005/06/23 13:59:23 openca.auth.INFO [OpenCA::AC (/home/michael/OpenCA/Test/test_SQLite/modules/perl5/OpenCA/AC.pm:432)] Login succeeded. user::=root role::=ca operator logintype::=passwd session::=6b882bab68ce8ad1d647532adbe17b9e Jun 23 13:59:35 bellus ./openca_start: 2005/06/23 13:59:35 openca.auth.INFO [OpenCA::AC (/home/michael/OpenCA/Test/test_SQLite/modules/perl5/OpenCA/AC.pm:444)] Logout in progress. user::=root role::=ca operator logintype::=passwd session::=6b882bab68ce8ad1d647532adbe17b9e Jun 23 13:59:35 bellus ./openca_start: 2005/06/23 13:59:35 openca.audit.WARN [OpenCA::DBI (/home/michael/OpenCA/Test/test_SQLite/modules/perl5/OpenCA/DBI.pm:2871)] Rollback performed. session=90acc70f034b3d0e71db634ed7ef9fe1 file: tail -f var/log/stderr.log 2005/06/23 13:59:23 openca.auth.INFO [OpenCA::AC (/home/michael/OpenCA/Test/test_SQLite/modules/perl5/OpenCA/AC.pm:432)] Login succeeded. user::=root role::=ca operator logintype::=passwd session::=6b882bab68ce8ad1d647532adbe17b9e 2005/06/23 13:59:35 openca.auth.INFO [OpenCA::AC (/home/michael/OpenCA/Test/test_SQLite/modules/perl5/OpenCA/AC.pm:444)] Logout in progress. user::=root role::=ca operator logintype::=passwd session::=6b882bab68ce8ad1d647532adbe17b9e DBI: dbish DBI:SQLite:dbname=var/db/sqlite.db @DBI:SQLite:dbname=../Test/test_SQLite/OpenCA/var/db/sqlite.db> select * from audittrail/ ... 158208,'external_ca_1',undef,undef,'openca.auth','INFO','openca.auth.INFO - [OpenCA::AC (/home/michael/OpenCA/Test/test_SQLite/modules/perl5/OpenCA/AC.pm:432)] Login succeeded. user::=root role::=ca operator logintype::=passwd session::=6b882bab68ce8ad1d647532adbe17b9e ' 158720,'external_ca_1',undef,undef,'openca.auth','INFO','openca.auth.INFO - [OpenCA::AC (/home/michael/OpenCA/Test/test_SQLite/modules/perl5/OpenCA/AC.pm:444)] Logout in progress. user::=root role::=ca operator logintype::=passwd session::=6b882bab68ce8ad1d647532adbe17b9e ' 159232,'external_ca_1',undef,undef,'openca.audit','WARN','openca.audit.WARN - [OpenCA::DBI (/home/michael/OpenCA/Test/test_SQLite/modules/perl5/OpenCA/DBI.pm:2871)] Rollback performed. session=90acc70f034b3d0e71db634ed7ef9fe1 ' [311 rows of 7 fields returned]
smime.p7s
Description: S/MIME Cryptographic Signature
