Audit Log

The audit log lists all operations that are relevant for the usage of private key material or important steps (as approvals) that lead to a signature using the CA key.

Categories

The audit log is divided into several categories. The given items are actions logged by the standard configuration but are not exhaustive. The name in brackets is the name of the logger category used by the logger.

CA Key Usage (cakey)

  • certificate issued
  • crl issued

Entity Key Usage (key)

  • key generated
  • key exported
  • key destroyed

Certificate (entity)

  • request received
  • request fully approved
  • issued
  • revoked

Approval (approval)

  • operator approval given via ui
  • automated approval derived from backend checks

ACL (acl)

  • access to workflow
  • access to api

System (system)

  • start/stop of system
  • import/activation of tokens
  • import of certificates

Application

  • Application specific logging

Parameters

Each log message consists of a fixed string describing the event plus a list of normalized parameters which are appended as key/value pairs to the message, so it is easy to search the log for certain or feed it to a log analysis program like logstash.

  • cakey/key: subject key identifier of the used key
  • certid: certificate identifier
  • wfid: id of the workflow
  • action: name of a workflow action or called API method
  • token: alias name of the token/key, e.g., “ca-signer-1”
  • pki_realm: name of the pki realm

Example (line breaks are for verbosity, logfile is one line):

certificate signed|
  cakey=28:B9:6D:51:EC:EB:6D:C9:4A:71:7C:B4:C0:67:F7:E9:C1:BD:63:7A|
  certid=FW2Hq52uTcthhyhrrvTjRub66M0|
  key=D6:14:BB:E2:90:12:F4:FF:64:B4:0F:F3:F6:3A:FD:17:02:C9:06:C8|
  pki_realm=democa