Hi Martin, Martin Bartosch wrote:
I think we have several logging classes within the OpenCA system: a. system operations log, e. g.: - daemon startup/shutdown - client connect/disconnect b. system monitoring events - infrastructure availability status (database, HSMs, cluster peers...) - data monitoring (e. g. remaining validity of existing CRLs and maybe some important certificates) - (critical or fatal) system errors - security violations c. object manipulation audit trail - authentication events - any object manipulation as induced by users or admins - (private key usage counter?) (d. debug information)
I use now Log::Log4perl. I wrote an own appender to use OpenCA::DBI for logging. We can log now to file, syslog and DBI. Priorities are debug, info, warn, error and fatal. Categories are audit, system, monitor and auth.
Actually OpenCA::AC and OpenCA::DBI are logging. You can find the configuration in log.conf. DBI is automatically configured.
Some examples are in the attachment. Michael -- _______________________________________________________________ Michael Bell Humboldt-Universitaet zu Berlin Tel.: +49 (0)30-2093 2482 ZE Computer- und Medienservice Fax: +49 (0)30-2093 2704 Unter den Linden 6 [EMAIL PROTECTED] D-10099 Berlin _______________________________________________________________
syslog: tail -f /var/log/messages Jun 23 13:59:23 bellus ./openca_start: 2005/06/23 13:59:23 openca.auth.INFO [OpenCA::AC (/home/michael/OpenCA/Test/test_SQLite/modules/perl5/OpenCA/AC.pm:432)] Login succeeded. user::=root role::=ca operator logintype::=passwd session::=6b882bab68ce8ad1d647532adbe17b9e Jun 23 13:59:35 bellus ./openca_start: 2005/06/23 13:59:35 openca.auth.INFO [OpenCA::AC (/home/michael/OpenCA/Test/test_SQLite/modules/perl5/OpenCA/AC.pm:444)] Logout in progress. user::=root role::=ca operator logintype::=passwd session::=6b882bab68ce8ad1d647532adbe17b9e Jun 23 13:59:35 bellus ./openca_start: 2005/06/23 13:59:35 openca.audit.WARN [OpenCA::DBI (/home/michael/OpenCA/Test/test_SQLite/modules/perl5/OpenCA/DBI.pm:2871)] Rollback performed. session=90acc70f034b3d0e71db634ed7ef9fe1 file: tail -f var/log/stderr.log 2005/06/23 13:59:23 openca.auth.INFO [OpenCA::AC (/home/michael/OpenCA/Test/test_SQLite/modules/perl5/OpenCA/AC.pm:432)] Login succeeded. user::=root role::=ca operator logintype::=passwd session::=6b882bab68ce8ad1d647532adbe17b9e 2005/06/23 13:59:35 openca.auth.INFO [OpenCA::AC (/home/michael/OpenCA/Test/test_SQLite/modules/perl5/OpenCA/AC.pm:444)] Logout in progress. user::=root role::=ca operator logintype::=passwd session::=6b882bab68ce8ad1d647532adbe17b9e DBI: dbish DBI:SQLite:dbname=var/db/sqlite.db @DBI:SQLite:dbname=../Test/test_SQLite/OpenCA/var/db/sqlite.db> select * from audittrail/ ... 158208,'external_ca_1',undef,undef,'openca.auth','INFO','openca.auth.INFO - [OpenCA::AC (/home/michael/OpenCA/Test/test_SQLite/modules/perl5/OpenCA/AC.pm:432)] Login succeeded. user::=root role::=ca operator logintype::=passwd session::=6b882bab68ce8ad1d647532adbe17b9e ' 158720,'external_ca_1',undef,undef,'openca.auth','INFO','openca.auth.INFO - [OpenCA::AC (/home/michael/OpenCA/Test/test_SQLite/modules/perl5/OpenCA/AC.pm:444)] Logout in progress. user::=root role::=ca operator logintype::=passwd session::=6b882bab68ce8ad1d647532adbe17b9e ' 159232,'external_ca_1',undef,undef,'openca.audit','WARN','openca.audit.WARN - [OpenCA::DBI (/home/michael/OpenCA/Test/test_SQLite/modules/perl5/OpenCA/DBI.pm:2871)] Rollback performed. session=90acc70f034b3d0e71db634ed7ef9fe1 ' [311 rows of 7 fields returned]
smime.p7s
Description: S/MIME Cryptographic Signature