Audit Log¶
The audit log lists all operations that are relevant for the usage of private key material or important steps (as approvals) that lead to a signature using the CA key.
Categories¶
The audit log is divided into several categories. The given items are actions logged by the standard configuration but are not exhaustive. The name in brackets is the name of the logger category used by the logger.
CA Key Usage (cakey)¶
- certificate issued
- crl issued
Entity Key Usage (key)¶
- key generated
- key exported
- key destroyed
Certificate (entity)¶
- request received
- request fully approved
- issued
- revoked
Approval (approval)¶
- operator approval given via ui
- automated approval derived from backend checks
ACL (acl)¶
- access to workflow
- access to api
System (system)¶
- start/stop of system
- import/activation of tokens
- import of certificates
Application¶
- Application specific logging
Parameters¶
Each log message consists of a fixed string describing the event plus a list of normalized parameters which are appended as key/value pairs to the message, so it is easy to search the log for certain or feed it to a log analysis program like logstash.
- cakey/key: subject key identifier of the used key
- certid: certificate identifier
- wfid: id of the workflow
- action: name of a workflow action or called API method
- token: alias name of the token/key, e.g., “ca-signer-1”
- pki_realm: name of the pki realm
Example (line breaks are for verbosity, logfile is one line):
certificate signed|
cakey=28:B9:6D:51:EC:EB:6D:C9:4A:71:7C:B4:C0:67:F7:E9:C1:BD:63:7A|
certid=FW2Hq52uTcthhyhrrvTjRub66M0|
key=D6:14:BB:E2:90:12:F4:FF:64:B4:0F:F3:F6:3A:FD:17:02:C9:06:C8|
pki_realm=democa