Hi Martin,

Martin Bartosch wrote:

I think we have several logging classes within the OpenCA system:

a. system operations log, e. g.:
   - daemon startup/shutdown
   - client connect/disconnect
b. system monitoring events
   - infrastructure availability status (database, HSMs, cluster peers...)
   - data monitoring (e. g. remaining validity of existing CRLs and
       maybe some important certificates)
   - (critical or fatal) system errors
   - security violations
c. object manipulation audit trail
   - authentication events
   - any object manipulation as induced by users or admins
   - (private key usage counter?)
(d. debug information)

I use now Log::Log4perl. I wrote an own appender to use OpenCA::DBI for logging. We can log now to file, syslog and DBI. Priorities are debug, info, warn, error and fatal. Categories are audit, system, monitor and auth.

Actually OpenCA::AC and OpenCA::DBI are logging. You can find the configuration in log.conf. DBI is automatically configured.

Some examples are in the attachment.

Michael
--
_______________________________________________________________

Michael Bell                    Humboldt-Universitaet zu Berlin

Tel.: +49 (0)30-2093 2482       ZE Computer- und Medienservice
Fax:  +49 (0)30-2093 2704       Unter den Linden 6
[EMAIL PROTECTED]   D-10099 Berlin
_______________________________________________________________
syslog: tail -f /var/log/messages

Jun 23 13:59:23 bellus ./openca_start: 2005/06/23 13:59:23 openca.auth.INFO 
[OpenCA::AC 
(/home/michael/OpenCA/Test/test_SQLite/modules/perl5/OpenCA/AC.pm:432)] Login 
succeeded. user::=root role::=ca operator logintype::=passwd 
session::=6b882bab68ce8ad1d647532adbe17b9e
Jun 23 13:59:35 bellus ./openca_start: 2005/06/23 13:59:35 openca.auth.INFO 
[OpenCA::AC 
(/home/michael/OpenCA/Test/test_SQLite/modules/perl5/OpenCA/AC.pm:444)] Logout 
in progress. user::=root role::=ca operator logintype::=passwd 
session::=6b882bab68ce8ad1d647532adbe17b9e
Jun 23 13:59:35 bellus ./openca_start: 2005/06/23 13:59:35 openca.audit.WARN 
[OpenCA::DBI 
(/home/michael/OpenCA/Test/test_SQLite/modules/perl5/OpenCA/DBI.pm:2871)] 
Rollback performed. session=90acc70f034b3d0e71db634ed7ef9fe1

file: tail -f var/log/stderr.log

2005/06/23 13:59:23 openca.auth.INFO [OpenCA::AC 
(/home/michael/OpenCA/Test/test_SQLite/modules/perl5/OpenCA/AC.pm:432)] Login 
succeeded.
user::=root
role::=ca operator
logintype::=passwd
session::=6b882bab68ce8ad1d647532adbe17b9e
2005/06/23 13:59:35 openca.auth.INFO [OpenCA::AC 
(/home/michael/OpenCA/Test/test_SQLite/modules/perl5/OpenCA/AC.pm:444)] Logout 
in progress.
user::=root
role::=ca operator
logintype::=passwd
session::=6b882bab68ce8ad1d647532adbe17b9e

DBI: dbish DBI:SQLite:dbname=var/db/sqlite.db

@DBI:SQLite:dbname=../Test/test_SQLite/OpenCA/var/db/sqlite.db> select * from 
audittrail/
...
158208,'external_ca_1',undef,undef,'openca.auth','INFO','openca.auth.INFO - 
[OpenCA::AC 
(/home/michael/OpenCA/Test/test_SQLite/modules/perl5/OpenCA/AC.pm:432)] Login 
succeeded. user::=root role::=ca operator logintype::=passwd 
session::=6b882bab68ce8ad1d647532adbe17b9e  '
158720,'external_ca_1',undef,undef,'openca.auth','INFO','openca.auth.INFO - 
[OpenCA::AC 
(/home/michael/OpenCA/Test/test_SQLite/modules/perl5/OpenCA/AC.pm:444)] Logout 
in progress. user::=root role::=ca operator logintype::=passwd 
session::=6b882bab68ce8ad1d647532adbe17b9e  '
159232,'external_ca_1',undef,undef,'openca.audit','WARN','openca.audit.WARN - 
[OpenCA::DBI 
(/home/michael/OpenCA/Test/test_SQLite/modules/perl5/OpenCA/DBI.pm:2871)] 
Rollback performed. session=90acc70f034b3d0e71db634ed7ef9fe1  '
[311 rows of 7 fields returned]

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

Reply via email to