Difference between revisions of "KRA Audit Events"

From Dogtag
Jump to: navigation, search
(CRMF related events)
m (Overview)
Line 1: Line 1:
 
= Overview =
 
= Overview =
  
This document describes KRA audit events.
+
The following KRA audit events are enabled by default:
  
<pre>
+
* ACCESS_SESSION_ESTABLISH
log.instance.SignedAudit.events=\
+
* ACCESS_SESSION_TERMINATED
AUDIT_LOG_STARTUP,\
+
* AUDIT_LOG_DELETE
AUDIT_LOG_SHUTDOWN,\
+
* AUTH
ROLE_ASSUME,\
+
* AUTHORITY_CONFIG
CONFIG_CERT_POLICY,\
+
* AUTHZ
CONFIG_CERT_PROFILE,\
+
* CONFIG_AUTH
CONFIG_CRL_PROFILE,\
+
* CONFIG_CERT_POLICY
CONFIG_OCSP_PROFILE,\
+
* CONFIG_DRM
CONFIG_AUTH,\
+
* CONFIG_ENCRYPTION
CONFIG_ROLE,CONFIG_ACL,\
+
* CONFIG_ROLE
CONFIG_SIGNED_AUDIT,\
+
* CONFIG_SERIAL_NUMBER
CONFIG_ENCRYPTION,\
+
* CONFIG_SIGNED_AUDIT
CONFIG_TRUSTED_PUBLIC_KEY,\
+
* CONFIG_TOKEN_AUTHENTICATOR
CONFIG_DRM,SELFTESTS_EXECUTION,\
+
* CONFIG_TOKEN_CONNECTOR
AUDIT_LOG_DELETE,\
+
* CONFIG_TOKEN_MAPPING_RESOLVER
LOG_PATH_CHANGE,\
+
* CONFIG_TOKEN_RECORD
PRIVATE_KEY_ARCHIVE_REQUEST,\
+
* CONFIG_TRUSTED_PUBLIC_KEY
PRIVATE_KEY_ARCHIVE_REQUEST_PROCESSED,\
+
* LOG_EXPIRATION_CHANGE
PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS,\
+
* LOG_PATH_CHANGE
PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE,\
+
* RANDOM_GENERATION (failure)
KEY_RECOVERY_REQUEST,\
+
* ROLE_ASSUME
KEY_RECOVERY_REQUEST_ASYNC,\
+
* SECURITY_DOMAIN_UPDATE
KEY_RECOVERY_AGENT_LOGIN,\
+
* SELFTESTS_EXECUTION (failure)
KEY_RECOVERY_REQUEST_PROCESSED,\
+
 
KEY_RECOVERY_REQUEST_PROCESSED_ASYNC,\
+
The audit events can be configured in log.instance.SignedAudit.events property.
KEY_GEN_ASYMMETRIC,\
 
NON_PROFILE_CERT_REQUEST,\
 
PROFILE_CERT_REQUEST,\
 
CERT_REQUEST_PROCESSED,\
 
CERT_STATUS_CHANGE_REQUEST,\
 
CERT_STATUS_CHANGE_REQUEST_PROCESSED,\
 
AUTHZ_SUCCESS,\
 
AUTHZ_FAIL,\
 
INTER_BOUNDARY,\
 
AUTH_FAIL,\
 
AUTH_SUCCESS,\
 
CERT_PROFILE_APPROVAL,\
 
PROOF_OF_POSSESSION,\
 
CRL_RETRIEVAL,\
 
CRL_VALIDATION,\
 
CMC_SIGNED_REQUEST_SIG_VERIFY,\
 
SERVER_SIDE_KEYGEN_REQUEST_PROCESSED_FAILURE,\
 
SERVER_SIDE_KEYGEN_REQUEST_PROCESSED_SUCCESS,\
 
SERVER_SIDE_KEYGEN_REQUEST,\
 
COMPUTE_SESSION_KEY_REQUEST,\
 
COMPUTE_SESSION_KEY_REQUEST_PROCESSED_SUCCESS,\
 
COMPUTE_SESSION_KEY_REQUEST_PROCESSED_FAILURE,\
 
DIVERSIFY_KEY_REQUEST,\
 
DIVERSIFY_KEY_REQUEST_PROCESSED_SUCCESS,\
 
DIVERSIFY_KEY_REQUEST_PROCESSED_FAILURE,\
 
ENCRYPT_DATA_REQUEST,\
 
ENCRYPT_DATA_REQUEST_PROCESSED_SUCCESS,\
 
ENCRYPT_DATA_REQUEST_PROCESSED_FAILURE,\
 
OCSP_ADD_CA_REQUEST,\
 
OCSP_ADD_CA_REQUEST_PROCESSED,\
 
OCSP_REMOVE_CA_REQUEST,\
 
OCSP_REMOVE_CA_REQUEST_PROCESSED_SUCCESS,\
 
OCSP_REMOVE_CA_REQUEST_PROCESSED_FAILURE,\
 
COMPUTE_RANDOM_DATA_REQUEST,\
 
COMPUTE_RANDOM_DATA_REQUEST_PROCESSED_SUCCESS,\
 
COMPUTE_RANDOM_DATA_REQUEST_PROCESSED_FAILURE,\
 
CIMC_CERT_VERIFICATION,\
 
CONFIG_SERIAL_NUMBER,\
 
SECURITY_DATA_ARCHIVAL_REQUEST,\
 
SECURITY_DATA_ARCHIVAL_REQUEST_PROCESSED,\
 
SECURITY_DATA_RECOVERY_REQUEST,\
 
SECURITY_DATA_RECOVERY_REQUEST_PROCESSED,\
 
SECURITY_DATA_RECOVERY_REQUEST_STATE_CHANGE,\
 
SECURITY_DATA_RETRIEVE_KEY,SYMKEY_GENERATION_REQUEST,\
 
SYMKEY_GENERATION_REQUEST_PROCESSED,\
 
ASYMKEY_GENERATION_REQUEST,\
 
ASYMKEY_GENERATION_REQUEST_PROCESSED,\
 
SECURITY_DATA_RETRIEVE_KEY,\
 
KEY_STATUS_CHANGE,\
 
ACCESS_SESSION_ESTABLISH_FAILURE,\
 
ACCESS_SESSION_ESTABLISH_SUCCESS,\
 
ACCESS_SESSION_TERMINATED
 
</pre>
 
  
 
= Key Archival Events =
 
= Key Archival Events =

Revision as of 21:52, 23 January 2018

Overview

The following KRA audit events are enabled by default:

  • ACCESS_SESSION_ESTABLISH
  • ACCESS_SESSION_TERMINATED
  • AUDIT_LOG_DELETE
  • AUTH
  • AUTHORITY_CONFIG
  • AUTHZ
  • CONFIG_AUTH
  • CONFIG_CERT_POLICY
  • CONFIG_DRM
  • CONFIG_ENCRYPTION
  • CONFIG_ROLE
  • CONFIG_SERIAL_NUMBER
  • CONFIG_SIGNED_AUDIT
  • CONFIG_TOKEN_AUTHENTICATOR
  • CONFIG_TOKEN_CONNECTOR
  • CONFIG_TOKEN_MAPPING_RESOLVER
  • CONFIG_TOKEN_RECORD
  • CONFIG_TRUSTED_PUBLIC_KEY
  • LOG_EXPIRATION_CHANGE
  • LOG_PATH_CHANGE
  • RANDOM_GENERATION (failure)
  • ROLE_ASSUME
  • SECURITY_DOMAIN_UPDATE
  • SELFTESTS_EXECUTION (failure)

The audit events can be configured in log.instance.SignedAudit.events property.

Key Archival Events

SECURITY_DATA_ARCHIVAL_REQUEST, SECURITY_DATA_ARCHIVAL_REQUEST_PROCESSED

These events are triggered when an archival request is received through the REST interface or from the CA. Because they are generated by different threads, they may be created in reversed order.

Properties: (SECURITY_DATA_ARCHIVAL_REQUEST):

  • SubjectID: UID of agent that initiated the request
  • Outcome: success or failure
  • ArchivalRequestID: The identifier used to track the audit logs. In the case of the CA-KRA connector, this is the certificate request ID in the CA. For requests coming from the REST API, this is not currently set.
  • RequestId: ID for the archival request created in the KRA (could be ephemeral)
  • ClientKeyID: The client key ID that was passed in by the client to identify the secret.

Properties: (SECURITY_DATA_ARCHIVAL_REQUEST_PROCESSED):

  • SubjectID: UID of agent that initiated the request
  • Outcome: success or failure
  • ArchivalRequestID: The identifier used to track the audit logs. In the case of the CA-KRA connector, this is the certificate request ID in the CA. For requests coming from the REST API, this is not currently set.
  • RequestId: ID for the archival request created in the KRA (could be ephemeral)
  • ClientKeyID: The client key ID that was passed in by the client to identify the secret.
  • KeyID: Key record that was created for the archival
  • FailureReason: reason for failure (or None if success)
  • PubKey: public key associated with the archival

Pubkey is only relevant when archiving a private key, and will only be set when the key is archived through the CA connector.

For example, use the PKI CLI to archive a passphrase:

pki -d ./alias/ -c redhat123 -n "PKI Administrator for example.com" key-archive --clientKeyID "my_pass4" --passphrase  "goodbye cruel world!"
 [AuditEvent=ACCESS_SESSION_ESTABLISH_SUCCESS][ClientIP=192.168.0.2][ServerIP=192.168.0.2][SubjectID=CN=PKI Administrator,E=caadmin@example.com,OU=pki-tomcat,O=example.com Security Domain][Outcome=Success] access session establish success
 [AuditEvent=AUTH_SUCCESS][SubjectID=kraadmin][Outcome=Success][AuthMgr=certUserDBAuthMgr] authentication success
 [AuditEvent=AUTHZ_SUCCESS][SubjectID=kraadmin][Outcome=Success][aclResource=certServer.kra.account][Op=login][Info=AccountResource.login] authorization success
 [AuditEvent=ACCESS_SESSION_TERMINATED][ClientIP=192.168.0.2][ServerIP=192.168.0.2][SubjectID=CN=PKI Administrator,E=caadmin@example.com,OU=pki-tomcat,O=example.com Security Domain][Outcome=Success][Info=CLOSE_NOTIFY] access session terminated
 [AuditEvent=AUTHZ_SUCCESS][SubjectID=$Unidentified$][Outcome=Success][aclResource=null][Op=null][Info=ACL mapping not found; OK:SystemCertResource.getTransportCert] authorization success
 [AuditEvent=ACCESS_SESSION_ESTABLISH_SUCCESS][ClientIP=192.168.0.2][ServerIP=192.168.0.2][SubjectID=CN=PKI Administrator,E=caadmin@example.com,OU=pki-tomcat,O=example.com Security Domain][Outcome=Success] access session establish success
 [AuditEvent=AUTHZ_SUCCESS][SubjectID=kraadmin][Outcome=Success][aclResource=certServer.kra.keyrequests][Op=execute][Info=KeyRequestResource.submitRequest] authorization success
 [AuditEvent=SECURITY_DATA_ARCHIVAL_REQUEST_PROCESSED][SubjectID=kraadmin][Outcome=Success][ArchivalRequestID=null][RequestId=1495][ClientKeyID=my_pass4][KeyID=162][FailureReason=None][PubKey=null] security data archival request processed
 [AuditEvent=SECURITY_DATA_ARCHIVAL_REQUEST][SubjectID=kraadmin][Outcome=Success][ArchivalRequestID=null][RequestId=1495][ClientKeyID=my_pass4] security data archival request made
 [AuditEvent=ACCESS_SESSION_TERMINATED][ClientIP=192.168.0.2][ServerIP=192.168.0.2][SubjectID=CN=PKI Administrator,E=caadmin@example.com,OU=pki-tomcat,O=example.com Security Domain][Outcome=Success][Info=CLOSE_NOTIFY] access session terminated
 [AuditEvent=ACCESS_SESSION_ESTABLISH_SUCCESS][ClientIP=192.168.0.2][ServerIP=192.168.0.2][SubjectID=CN=PKI Administrator,E=caadmin@example.com,OU=pki-tomcat,O=example.com Security Domain][Outcome=Success] access session establish success
 [AuditEvent=AUTHZ_SUCCESS][SubjectID=kraadmin][Outcome=Success][aclResource=certServer.kra.account][Op=logout][Info=AccountResource.logout] authorization success
 [AuditEvent=ACCESS_SESSION_TERMINATED][ClientIP=192.168.0.2][ServerIP=192.168.0.2][SubjectID=CN=PKI Administrator,E=caadmin@example.com,OU=pki-tomcat,O=example.com Security Domain][Outcome=Success][Info=CLOSE_NOTIFY] access session terminated

CRMF related events

There are additional events that are generated when keys are archived from the CA, when CRMF requests are submitted to the CA. In particular, the CA request ID is passed through and logged to allow the audit flow through the CA -> KRA to be tracked.

The additional events are:

PROFILE_CERT_REQUEST

  • subjectID: userID for the agent initiating the request. This is the user (trusted agent) mapped to the CA subsystem cert in the KRA.
  • outcome: success/failure
  • ReqID: the enrollment request in the CA. This is used to track the request and link it to the CA audit logs.
  • ProfileID: set to kraConnector
  • CertSubject: subject name of the certificate request

PROFILE_CERT_REQUEST

  • subjectID: userID for the agent initiating the request. This is the user (trusted agent) mapped to the CA subsystem cert in the KRA.
  • outcome: success/failure
  • ReqID: the enrollment request in the CA
  • ProfileID: set to kraConnector
  • CertSubject: subject name of the certificate request


For example, archive a private key from the CA:

pki -d ./alias/ -c redhat123 client-cert-request uid=testuser --profile caDualCert --type crmf --transport transport.pem
(TODO) add pki command to approve cert request
 [AuditEvent=ACCESS_SESSION_ESTABLISH_SUCCESS][ClientIP=192.168.0.2][ServerIP=192.168.0.2][SubjectID=][Outcome=Success] access session establish success
 [AuditEvent=AUTHZ_SUCCESS][SubjectID=$Unidentified$][Outcome=Success][aclResource=null][Op=null][Info=ACL mapping not found; OK:KRAInfoResource.getInfo] authorization success
 [AuditEvent=ACCESS_SESSION_ESTABLISH_SUCCESS][ClientIP=192.168.0.2][ServerIP=192.168.0.2][SubjectID=CN=PKI Administrator,E=caadmin@example.com,OU=pki-tomcat,O=example.com Security Domain][Outcome=Success] access session establish success
 [AuditEvent=ACCESS_SESSION_ESTABLISH_SUCCESS][ClientIP=192.168.0.2][ServerIP=192.168.0.2][SubjectID=CN=PKI Administrator,E=caadmin@example.com,OU=pki-tomcat,O=example.com Security Domain][Outcome=Success] access session establish success
 [AuditEvent=ACCESS_SESSION_ESTABLISH_SUCCESS][ClientIP=192.168.0.2][ServerIP=192.168.0.2][SubjectID=CN=PKI Administrator,E=caadmin@example.com,OU=pki-tomcat,O=example.com Security Domain][Outcome=Success] access session establish success
 [AuditEvent=ACCESS_SESSION_ESTABLISH_SUCCESS][ClientIP=192.168.0.2][ServerIP=192.168.0.2][SubjectID=CN=PKI Administrator,E=caadmin@example.com,OU=pki-tomcat,O=example.com Security Domain][Outcome=Success] access session establish success
 [AuditEvent=ACCESS_SESSION_ESTABLISH_SUCCESS][ClientIP=192.168.0.2][ServerIP=192.168.0.2][SubjectID=CN=PKI Administrator,E=caadmin@example.com,OU=pki-tomcat,O=example.com Security Domain][Outcome=Success] access session establish success
 [AuditEvent=ACCESS_SESSION_ESTABLISH_SUCCESS][ClientIP=192.168.0.2][ServerIP=192.168.0.2][SubjectID=CN=PKI Administrator,E=caadmin@example.com,OU=pki-tomcat,O=example.com Security Domain][Outcome=Success] access session establish success
 [AuditEvent=ACCESS_SESSION_ESTABLISH_SUCCESS][ClientIP=192.168.0.2][ServerIP=192.168.0.2][SubjectID=][Outcome=Success] access session establish success
 [AuditEvent=ACCESS_SESSION_ESTABLISH_SUCCESS][ClientIP=192.168.0.2][ServerIP=192.168.0.2][SubjectID=CN=Subsystem Certificate,OU=pki-tomcat,O=example.com Security Domain][Outcome=Success] access session establish success
 [AuditEvent=AUTH_SUCCESS][SubjectID=CA-aleelaptop.example.com-8443][Outcome=Success][AuthMgr=certUserDBAuthMgr] authentication success
 [AuditEvent=AUTHZ_SUCCESS][SubjectID=CA-aleelaptop.example.com-8443][Outcome=Success][aclResource=certServer.kra.connector][Op=submit] authorization success
 [AuditEvent=ROLE_ASSUME][SubjectID=CA-aleelaptop.example.com-8443][Outcome=Success][Role=Data Recovery Manager Agents, Trusted Managers] assume privileged role
 [AuditEvent=PROFILE_CERT_REQUEST][SubjectID=CA-aleelaptop.example.com-8443][Outcome=Success][ReqID=38][ProfileID=kraConnector][CertSubject=UID=testuser] certificate request made with certificate profiles
 [AuditEvent=SECURITY_DATA_ARCHIVAL_REQUEST][SubjectID=CA-aleelaptop.example.com-8443][Outcome=Success][ArchivalRequestID=38][RequestId=325][ClientKeyID=null] security data archival request made
 [AuditEvent=SECURITY_DATA_ARCHIVAL_REQUEST_PROCESSED][SubjectID=CA-aleelaptop.example.com-8443][Outcome=Success][ArchivalRequestID=38][RequestId=325][ClientKeyID=null][KeyID=161][FailureReason=null][PubKey=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDPwOzhpNANr4KdmRJ341Rp5k15xHWdTYQ3r5gf8Xx+ugQRmx7m4q1ot2X4AGbru0K3WIuIb04liSup8fuTPslGngS/vLcfHo1rdZBOz/DWMV/tW/5uURNVZCbwiiV+b97gRxpoKb+TJfp2qU9S35oUkAx11dwPZzRzpl4j1Gb7uQIDAQAB] security data archival request processed
 [AuditEvent=CERT_REQUEST_PROCESSED][SubjectID=CA-aleelaptop.example.com-8443][Outcome=Success][ReqID=38][InfoName=certificate][InfoValue=<null>] certificate request processed
 [AuditEvent=INTER_BOUNDARY][SubjectID=CA-aleelaptop.example.com-8443][Outcome=Success][ProtectionMethod=ssl][ReqType=enrollment][ReqID=38] inter-CIMC_Boundary communication (data exchange)      
 [AuditEvent=ACCESS_SESSION_TERMINATED][ClientIP=192.168.0.2][ServerIP=192.168.0.2][SubjectID=CN=Subsystem Certificate,OU=pki-tomcat,O=example.com Security Domain][Outcome=Success][Info=CLOSE_NOTIFY] access session terminated
 [AuditEvent=ACCESS_SESSION_TERMINATED][ClientIP=192.168.0.2][ServerIP=192.168.0.2][SubjectID=][Outcome=Success][Info=CLOSE_NOTIFY] access session terminated

Key Recovery Events

SECURITY_DATA_RECOVERY_REQUEST

These events occur when a recovery request is created, either through the Web UI or through the CLI.

Properties: SubjectID: UID of agent that is generating request Outcome: success/failure Recovery ID: ID of recovery request DataID: Key that needs to be recovered PubKey: public key associated with the key to be recovered.

If the recovery request is made through the UI, then pubkey will be populated. If through the REST API, then the keyID will be populated.

For example, this is creating a recovery request through the UI.

[AuditEvent=SECURITY_DATA_RECOVERY_REQUEST][SubjectID=kraadmin][Outcome=Success][RecoveryID=316][DataID=null][PubKey=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCyElB1jEDpzcP7SI6JmbS/BGGwAVftpxv4pD5AByWt31Buzzj17ujzD+JXAx06On+DN4n1HTwH/vfVpSRd/0NUaQld6m1hvljRNMhOcP6PfsVPQf0SweLWbZM2aRt3GJss5oynKeS4kSsNp3kyLSE7u008vOE8fQrfBdGl/zgLIwIDAQAB] security data recovery request made

And this is through the CLI:

pki -d ./alias/ -c redhat123 -n "PKI Administrator for example.com" key-recover --keyID 0x9c
 [AuditEvent=ACCESS_SESSION_ESTABLISH_SUCCESS][ClientIP=192.168.0.2][ServerIP=192.168.0.2][SubjectID=CN=PKI Administrator,E=caadmin@example.com,OU=pki-tomcat,O=example.com Security Domain][Outcome=Success] access session establish success
 [AuditEvent=AUTH_SUCCESS][SubjectID=kraadmin][Outcome=Success][AuthMgr=certUserDBAuthMgr] authentication success
 [AuditEvent=AUTHZ_SUCCESS][SubjectID=kraadmin][Outcome=Success][aclResource=certServer.kra.account][Op=login][Info=AccountResource.login] authorization success
 [AuditEvent=ACCESS_SESSION_TERMINATED][ClientIP=192.168.0.2][ServerIP=192.168.0.2][SubjectID=CN=PKI Administrator,E=caadmin@example.com,OU=pki-tomcat,O=example.com Security Domain][Outcome=Success][Info=CLOSE_NOTIFY] access session terminated
 [AuditEvent=AUTHZ_SUCCESS][SubjectID=$Unidentified$][Outcome=Success][aclResource=null][Op=null][Info=ACL mapping not found; OK:SystemCertResource.getTransportCert] authorization success
 [AuditEvent=ACCESS_SESSION_ESTABLISH_SUCCESS][ClientIP=192.168.0.2][ServerIP=192.168.0.2][SubjectID=CN=PKI Administrator,E=caadmin@example.com,OU=pki-tomcat,O=example.com Security Domain][Outcome=Success] access session establish success
 [AuditEvent=AUTHZ_SUCCESS][SubjectID=kraadmin][Outcome=Success][aclResource=certServer.kra.keyrequests][Op=execute][Info=KeyRequestResource.submitRequest] authorization success
 [AuditEvent=SECURITY_DATA_RECOVERY_REQUEST][SubjectID=kraadmin][Outcome=Success][RecoveryID=318][DataID=156][PubKey=null] security data recovery request made 
 [AuditEvent=ACCESS_SESSION_TERMINATED][ClientIP=192.168.0.2][ServerIP=192.168.0.2][SubjectID=CN=PKI Administrator,E=caadmin@example.com,OU=pki-tomcat,O=example.com Security Domain][Outcome=Success][Info=CLOSE_NOTIFY] access session terminated
 [AuditEvent=ACCESS_SESSION_ESTABLISH_SUCCESS][ClientIP=192.168.0.2][ServerIP=192.168.0.2][SubjectID=CN=PKI Administrator,E=caadmin@example.com,OU=pki-tomcat,O=example.com Security Domain][Outcome=Success] access session establish success
 [AuditEvent=AUTHZ_SUCCESS][SubjectID=kraadmin][Outcome=Success][aclResource=certServer.kra.account][Op=logout][Info=AccountResource.logout] authorization success
 [AuditEvent=ACCESS_SESSION_TERMINATED][ClientIP=192.168.0.2][ServerIP=192.168.0.2][SubjectID=CN=PKI Administrator,E=caadmin@example.com,OU=pki-tomcat,O=example.com Security Domain][Outcome=Success][Info=CLOSE_NOTIFY] access session terminated

SECURITY_DATA_RECOVERY_REQUEST_STATE_CHANGE

Occurs when the state of a recovery request is changed, for example by having an agent approve the request either through the UI or through the CLI.

Properties:

  • SubjectID: agent who is performing the action
  • Outcome: success/ failure
  • RecoveryID: ID of recovery request
  • Operation: operation (approve, cancel etc.)

For example, approving a request through the CLI.

pki -d ./alias/ -c redhat123 -n "PKI Administrator for example.com" key-request-review --action approve 0x13e
 [AuditEvent=ACCESS_SESSION_ESTABLISH_SUCCESS][ClientIP=192.168.0.2][ServerIP=192.168.0.2][SubjectID=CN=PKI Administrator,E=caadmin@example.com,OU=pki-tomcat,O=example.com Security Domain][Outcome=Success] access session establish success
 [AuditEvent=AUTH_SUCCESS][SubjectID=kraadmin][Outcome=Success][AuthMgr=certUserDBAuthMgr] authentication success
 [AuditEvent=AUTHZ_SUCCESS][SubjectID=kraadmin][Outcome=Success][aclResource=certServer.kra.account][Op=login][Info=AccountResource.login] authorization success
 [AuditEvent=ACCESS_SESSION_TERMINATED][ClientIP=192.168.0.2][ServerIP=192.168.0.2][SubjectID=CN=PKI Administrator,E=caadmin@example.com,OU=pki-tomcat,O=example.com Security Domain][Outcome=Success][Info=CLOSE_NOTIFY] access session terminated
 [AuditEvent=AUTHZ_SUCCESS][SubjectID=$Unidentified$][Outcome=Success][aclResource=null][Op=null][Info=ACL mapping not found; OK:SystemCertResource.getTransportCert] authorization success
 [AuditEvent=ACCESS_SESSION_ESTABLISH_SUCCESS][ClientIP=192.168.0.2][ServerIP=192.168.0.2][SubjectID=CN=PKI Administrator,E=caadmin@example.com,OU=pki-tomcat,O=example.com Security Domain][Outcome=Success] access session establish success
 [AuditEvent=AUTHZ_SUCCESS][SubjectID=kraadmin][Outcome=Success][aclResource=certServer.kra.keyrequests][Op=execute][Info=KeyRequestResource.approveRequest] authorization success
 [AuditEvent=SECURITY_DATA_RECOVERY_REQUEST_STATE_CHANGE][SubjectID=kraadmin][Outcome=Success][RecoveryID=319][Operation=approve] security data recovery request state change
 [AuditEvent=ACCESS_SESSION_TERMINATED][ClientIP=192.168.0.2][ServerIP=192.168.0.2][SubjectID=CN=PKI Administrator,E=caadmin@example.com,OU=pki-tomcat,O=example.com Security Domain][Outcome=Success][Info=CLOSE_NOTIFY] access session terminated
 [AuditEvent=ACCESS_SESSION_ESTABLISH_SUCCESS][ClientIP=192.168.0.2][ServerIP=192.168.0.2][SubjectID=CN=PKI Administrator,E=caadmin@example.com,OU=pki-tomcat,O=example.com Security Domain][Outcome=Success] access session establish success
 [AuditEvent=AUTHZ_SUCCESS][SubjectID=kraadmin][Outcome=Success][aclResource=certServer.kra.keyrequests][Op=execute][Info=KeyRequestResource.getRequestInfo] authorization success
 [AuditEvent=ACCESS_SESSION_TERMINATED][ClientIP=192.168.0.2][ServerIP=192.168.0.2][SubjectID=CN=PKI Administrator,E=caadmin@example.com,OU=pki-tomcat,O=example.com Security Domain][Outcome=Success][Info=CLOSE_NOTIFY] access session terminated
 [AuditEvent=ACCESS_SESSION_ESTABLISH_SUCCESS][ClientIP=192.168.0.2][ServerIP=192.168.0.2][SubjectID=CN=PKI Administrator,E=caadmin@example.com,OU=pki-tomcat,O=example.com Security Domain][Outcome=Success] access session establish success
 [AuditEvent=AUTHZ_SUCCESS][SubjectID=kraadmin][Outcome=Success][aclResource=certServer.kra.account][Op=logout][Info=AccountResource.logout] authorization success
 [AuditEvent=ACCESS_SESSION_TERMINATED][ClientIP=192.168.0.2][ServerIP=192.168.0.2][SubjectID=CN=PKI Administrator,E=caadmin@example.com,OU=pki-tomcat,O=example.com Security Domain][Outcome=Success][Info=CLOSE_NOTIFY] access session terminated

Here are the logs created when a request is approved from the UI.

 [AuditEvent=ACCESS_SESSION_ESTABLISH_SUCCESS][ClientIP=192.168.0.2][ServerIP=192.168.0.2][SubjectID=CN=PKI Administrator,E=caadmin@example.com,OU=pki-tomcat,O=example.com Security Domain][Outcome=Success] access session establish success
 [AuditEvent=AUTH_SUCCESS][SubjectID=kraadmin][Outcome=Success][AuthMgr=certUserDBAuthMgr] authentication success
 [AuditEvent=AUTHZ_SUCCESS][SubjectID=kraadmin][Outcome=Success][aclResource=certServer.kra.request][Op=read] authorization success
 [AuditEvent=ROLE_ASSUME][SubjectID=kraadmin][Outcome=Success][Role=Data Recovery Manager Agents, Administrators] assume privileged role
 [AuditEvent=AUTH_SUCCESS][SubjectID=kraadmin][Outcome=Success][AuthMgr=certUserDBAuthMgr] authentication success
 [AuditEvent=AUTHZ_SUCCESS][SubjectID=kraadmin][Outcome=Success][aclResource=certServer.kra.key][Op=recover] authorization success
 [AuditEvent=ROLE_ASSUME][SubjectID=kraadmin][Outcome=Success][Role=Data Recovery Manager Agents, Administrators] assume privileged role
 [AuditEvent=SECURITY_DATA_RECOVERY_REQUEST_STATE_CHANGE][SubjectID=kraadmin][Outcome=Success][RecoveryID=324][Operation=approve] security data recovery request state change

SECURITY_DATA_RECOVERY_REQUEST_PROCESSED, SECURITY_DATA_EXPORT_KEY

These events occur when an approved key recovery request is processed and the key is retrieved, wrapped appropriately and returned to the client.

Properties: (SECURITY_DATA_RECOVERY_REQUEST_PROCESSED)

  • SubjectID: UID of agent that is recovering the key
  • Outcome: Success/ Failure
  • RecoveryID=: ID of recovery request
  • KeyID: ID of key being retrieved.
  • FailureReason: Null if successful.
  • RecoveryAgents: list of agents who have approved the recovery request.

Properties: (SECURITY_DATA_EXPORT_KEY)

  • SubjectID: UID of agent that is retrieving the key/secret
  • Outcome: Success/ Failure
  • RecoveryID: ID of recovery request
  • Info: Information about the request, including failure reason if the request fails.
  • PukKey: public key associated with the export

If the key is recovered from the UI, info will not be populated (except for failure cases). For a request through the REST API, info such as the following may be seen: Info=KeyService.getKey:;keyID=156;requestID=319;synchronous=false;ephemeral=false

For example, these are the logs created when the key is retrieved as a pk12 file from the KRA UI.

 [AuditEvent=ACCESS_SESSION_ESTABLISH_SUCCESS][ClientIP=192.168.0.2][ServerIP=192.168.0.2][SubjectID=CN=PKI Administrator,E=caadmin@example.com,OU=pki-tomcat,O=example.com Security Domain][Outcome=Success] access session establish success
 [AuditEvent=AUTH_SUCCESS][SubjectID=kraadmin][Outcome=Success][AuthMgr=certUserDBAuthMgr] authentication success
 [AuditEvent=AUTHZ_SUCCESS][SubjectID=kraadmin][Outcome=Success][aclResource=certServer.kra.request][Op=read] authorization success
 [AuditEvent=ROLE_ASSUME][SubjectID=kraadmin][Outcome=Success][Role=Data Recovery Manager Agents, Administrators] assume privileged role
 [AuditEvent=AUTH_SUCCESS][SubjectID=kraadmin][Outcome=Success][AuthMgr=certUserDBAuthMgr] authentication success
 [AuditEvent=AUTHZ_SUCCESS][SubjectID=kraadmin][Outcome=Success][aclResource=certServer.kra.key][Op=download] authorization success
 [AuditEvent=ROLE_ASSUME][SubjectID=kraadmin][Outcome=Success][Role=Data Recovery Manager Agents, Administrators] assume privileged role
 [AuditEvent=SECURITY_DATA_RECOVERY_REQUEST_PROCESSED][SubjectID=kraadmin][Outcome=Success][RecoveryID=316][KeyID=157][FailureReason=null][RecoveryAgents=kraadmin,kraadmin] security data recovery request processed
 [AuditEvent=SECURITY_DATA_EXPORT_KEY][SubjectID=kraadmin][Outcome=Success][RecoveryID=316][KeyID=null][Info=null][PubKey=null] security data retrieval request

These are the logs when a secret is retrieved from the KRA CLI.

pki -d ./alias/ -c redhat123 -n "PKI Administrator for example.com" key-retrieve --requestID  0x13f
[AuditEvent=ACCESS_SESSION_ESTABLISH_SUCCESS][ClientIP=192.168.0.2][ServerIP=192.168.0.2][SubjectID=CN=PKI Administrator,E=caadmin@example.com,OU=pki-tomcat,O=example.com Security Domain][Outcome=Success] access session establish success
 [AuditEvent=AUTH_SUCCESS][SubjectID=kraadmin][Outcome=Success][AuthMgr=certUserDBAuthMgr] authentication success
 [AuditEvent=AUTHZ_SUCCESS][SubjectID=kraadmin][Outcome=Success][aclResource=certServer.kra.account][Op=login][Info=AccountResource.login] authorization success
 [AuditEvent=ACCESS_SESSION_TERMINATED][ClientIP=192.168.0.2][ServerIP=192.168.0.2][SubjectID=CN=PKI Administrator,E=caadmin@example.com,OU=pki-tomcat,O=example.com Security Domain][Outcome=Success][Info=CLOSE_NOTIFY] access session terminated
 [AuditEvent=AUTHZ_SUCCESS][SubjectID=$Unidentified$][Outcome=Success][aclResource=null][Op=null][Info=ACL mapping not found; OK:SystemCertResource.getTransportCert] authorization success
 [AuditEvent=ACCESS_SESSION_ESTABLISH_SUCCESS][ClientIP=192.168.0.2][ServerIP=192.168.0.2][SubjectID=CN=PKI Administrator,E=caadmin@example.com,OU=pki-tomcat,O=example.com Security Domain][Outcome=Success] access session establish success
 [AuditEvent=AUTHZ_SUCCESS][SubjectID=kraadmin][Outcome=Success][aclResource=certServer.kra.keys][Op=execute][Info=KeyResource.retrieveKey] authorization success
 [AuditEvent=SECURITY_DATA_RECOVERY_REQUEST_PROCESSED][SubjectID=kraadmin][Outcome=Success][RecoveryID=319][KeyID=156][FailureReason=KeyService.getKey:;keyID=156;requestID=319;synchronous=false;ephemeral=false][RecoveryAgents=kraadmin,kraadmin] security data recovery request processed
 [AuditEvent=SECURITY_DATA_EXPORT_KEY][SubjectID=kraadmin][Outcome=Success][RecoveryID=319][KeyID=156][Info=KeyService.getKey:;keyID=156;requestID=319;synchronous=false;ephemeral=false][PubKey=null] security data retrieval request 
 [AuditEvent=ACCESS_SESSION_TERMINATED][ClientIP=192.168.0.2][ServerIP=192.168.0.2][SubjectID=CN=PKI Administrator,E=caadmin@example.com,OU=pki-tomcat,O=example.com Security Domain][Outcome=Success][Info=CLOSE_NOTIFY] access session terminated
 [AuditEvent=ACCESS_SESSION_ESTABLISH_SUCCESS][ClientIP=192.168.0.2][ServerIP=192.168.0.2][SubjectID=CN=PKI Administrator,E=caadmin@example.com,OU=pki-tomcat,O=example.com Security Domain][Outcome=Success] access session establish success
 [AuditEvent=AUTHZ_SUCCESS][SubjectID=kraadmin][Outcome=Success][aclResource=certServer.kra.account][Op=logout][Info=AccountResource.logout] authorization success
 [AuditEvent=ACCESS_SESSION_TERMINATED][ClientIP=192.168.0.2][ServerIP=192.168.0.2][SubjectID=CN=PKI Administrator,E=caadmin@example.com,OU=pki-tomcat,O=example.com Security Domain][Outcome=Success][Info=CLOSE_NOTIFY] access session terminated

Another example of a key being retrieved with the CLI, showing all the above events:

pki -d ./alias/ -c redhat123 -n "PKI Administrator for example.com" key-retrieve --keyID 0x9c
 [AuditEvent=ACCESS_SESSION_ESTABLISH_SUCCESS][ClientIP=192.168.0.2][ServerIP=192.168.0.2][SubjectID=CN=PKI Administrator,E=caadmin@example.com,OU=pki-tomcat,O=example.com Security Domain][Outcome=Success] access session establish success
 [AuditEvent=AUTH_SUCCESS][SubjectID=kraadmin][Outcome=Success][AuthMgr=certUserDBAuthMgr] authentication success
 [AuditEvent=AUTHZ_SUCCESS][SubjectID=kraadmin][Outcome=Success][aclResource=certServer.kra.account][Op=login][Info=AccountResource.login] authorization success
 [AuditEvent=ACCESS_SESSION_TERMINATED][ClientIP=192.168.0.2][ServerIP=192.168.0.2][SubjectID=CN=PKI Administrator,E=caadmin@example.com,OU=pki-tomcat,O=example.com Security Domain][Outcome=Success][Info=CLOSE_NOTIFY] access session terminated
 [AuditEvent=AUTHZ_SUCCESS][SubjectID=$Unidentified$][Outcome=Success][aclResource=null][Op=null][Info=ACL mapping not found; OK:SystemCertResource.getTransportCert] authorization success
 [AuditEvent=ACCESS_SESSION_ESTABLISH_SUCCESS][ClientIP=192.168.0.2][ServerIP=192.168.0.2][SubjectID=CN=PKI Administrator,E=caadmin@example.com,OU=pki-tomcat,O=example.com Security Domain][Outcome=Success] access session establish success
 [AuditEvent=AUTHZ_SUCCESS][SubjectID=kraadmin][Outcome=Success][aclResource=certServer.kra.keys][Op=execute][Info=KeyResource.retrieveKey] authorization success
 [AuditEvent=SECURITY_DATA_RECOVERY_REQUEST][SubjectID=kraadmin][Outcome=Success][RecoveryID=320][DataID=156][PubKey=null] security data recovery request made
 [AuditEvent=SECURITY_DATA_RECOVERY_REQUEST_PROCESSED][SubjectID=kraadmin][Outcome=Success][RecoveryID=320][KeyID=156][FailureReason=KeyService.getKey:;keyID=156;requestID=320;synchronous=true;ephemeral=false][RecoveryAgents=kraadmin] security data recovery request processed
 [AuditEvent=SECURITY_DATA_EXPORT_KEY][SubjectID=kraadmin][Outcome=Success][RecoveryID=320][KeyID=156][Info=KeyService.getKey:;keyID=156;requestID=320;synchronous=true;ephemeral=false][PubKey=null] security data retrieval request
 [AuditEvent=ACCESS_SESSION_TERMINATED][ClientIP=192.168.0.2][ServerIP=192.168.0.2][SubjectID=CN=PKI Administrator,E=caadmin@example.com,OU=pki-tomcat,O=example.com Security Domain][Outcome=Success][Info=CLOSE_NOTIFY] access session terminated
 [AuditEvent=ACCESS_SESSION_ESTABLISH_SUCCESS][ClientIP=192.168.0.2][ServerIP=192.168.0.2][SubjectID=CN=PKI Administrator,E=caadmin@example.com,OU=pki-tomcat,O=example.com Security Domain][Outcome=Success] access session establish success
 [AuditEvent=AUTHZ_SUCCESS][SubjectID=kraadmin][Outcome=Success][aclResource=certServer.kra.account][Op=logout][Info=AccountResource.logout] authorization success
 [AuditEvent=ACCESS_SESSION_TERMINATED][ClientIP=192.168.0.2][ServerIP=192.168.0.2][SubjectID=CN=PKI Administrator,E=caadmin@example.com,OU=pki-tomcat,O=example.com Security Domain][Outcome=Success][Info=CLOSE_NOTIFY] access session terminated

Same example - this time with ephemeral requests enabled.

 [AuditEvent=ACCESS_SESSION_ESTABLISH_SUCCESS][ClientIP=192.168.0.2][ServerIP=192.168.0.2][SubjectID=CN=PKI Administrator,E=caadmin@example.com,OU=pki-tomcat,O=example.com Security Domain][Outcome=Success] access session establish success
 [AuditEvent=AUTH_SUCCESS][SubjectID=kraadmin][Outcome=Success][AuthMgr=certUserDBAuthMgr] authentication success
[AuditEvent=AUTHZ_SUCCESS][SubjectID=kraadmin][Outcome=Success][aclResource=certServer.kra.account][Op=login][Info=AccountResource.login] authorization success
 [AuditEvent=ACCESS_SESSION_TERMINATED][ClientIP=192.168.0.2][ServerIP=192.168.0.2][SubjectID=CN=PKI Administrator,E=caadmin@example.com,OU=pki-tomcat,O=example.com Security Domain][Outcome=Success][Info=CLOSE_NOTIFY] access session terminated
 [AuditEvent=AUTHZ_SUCCESS][SubjectID=$Unidentified$][Outcome=Success][aclResource=null][Op=null][Info=ACL mapping not found; OK:SystemCertResource.getTransportCert] authorization success
 [AuditEvent=ACCESS_SESSION_ESTABLISH_SUCCESS][ClientIP=192.168.0.2][ServerIP=192.168.0.2][SubjectID=CN=PKI Administrator,E=caadmin@example.com,OU=pki-tomcat,O=example.com Security Domain][Outcome=Success] access session establish success
 [AuditEvent=AUTHZ_SUCCESS][SubjectID=kraadmin][Outcome=Success][aclResource=certServer.kra.keys][Op=execute][Info=KeyResource.retrieveKey] authorization success
 [AuditEvent=SECURITY_DATA_RECOVERY_REQUEST][SubjectID=kraadmin][Outcome=Success][RecoveryID=14954844711196918][DataID=156][PubKey=null] security data recovery request made
 [AuditEvent=SECURITY_DATA_RECOVERY_REQUEST_PROCESSED][SubjectID=kraadmin][Outcome=Success][RecoveryID=14954844711196918][KeyID=156][FailureReason=KeyService.getKey:;keyID=156;requestID=14954844711196918;synchronous=true;ephemeral=true][RecoveryAgents=kraadmin] security data recovery request processed
 [AuditEvent=SECURITY_DATA_EXPORT_KEY][SubjectID=kraadmin][Outcome=Success][RecoveryID=14954844711196918][KeyID=156][Info=KeyService.getKey:;keyID=156;requestID=14954844711196918;synchronous=true;ephemeral=true][PubKey=null] security data retrieval request
 [AuditEvent=ACCESS_SESSION_TERMINATED][ClientIP=192.168.0.2][ServerIP=192.168.0.2][SubjectID=CN=PKI Administrator,E=caadmin@example.com,OU=pki-tomcat,O=example.com Security Domain][Outcome=Success][Info=CLOSE_NOTIFY] access session terminated
 [AuditEvent=ACCESS_SESSION_ESTABLISH_SUCCESS][ClientIP=192.168.0.2][ServerIP=192.168.0.2][SubjectID=CN=PKI Administrator,E=caadmin@example.com,OU=pki-tomcat,O=example.com Security Domain][Outcome=Success] access session establish success
 [AuditEvent=AUTHZ_SUCCESS][SubjectID=kraadmin][Outcome=Success][aclResource=certServer.kra.account][Op=logout][Info=AccountResource.logout] authorization success
 [AuditEvent=ACCESS_SESSION_TERMINATED][ClientIP=192.168.0.2][ServerIP=192.168.0.2][SubjectID=CN=PKI Administrator,E=caadmin@example.com,OU=pki-tomcat,O=example.com Security Domain][Outcome=Success][Info=CLOSE_NOTIFY] access session terminated

Key Generation Events

Symmetric Keys: REST API

Generated when a symmetric key is requested to be generated from the CLI.

SYMKEY_GENERATION_REQUEST:

  • SubjectID: UID of user requesting the key generation
  • Outcome: success/failure
  • GenerationRequestID: ID of request on KRA request queue
  • ClientKeyID: user provided client key identifier

SYMKEY_GENERATION_REQUEST:

  • SubjectID: UID of user requesting the key generation
  • Outcome: success/failure
  • GenerationRequestID: ID of request on KRA request queue
  • ClientKeyID: user provided client key identifier
  • KeyID: ID of the key generated
  • FailureReason: reason for failure (if failed)

For example:

pki -d ./alias/ -c redhat123 -n "PKI Administrator for example.com" key-generate "my_symkey9" --key-algorithm AES --key-size 128 --usages encrypt,decrypt
 [AuditEvent=ACCESS_SESSION_ESTABLISH_SUCCESS][ClientIP=192.168.0.2][ServerIP=192.168.0.2][SubjectID=CN=PKI Administrator,E=caadmin@example.com,OU=pki-tomcat,O=example.com Security Domain][Outcome=Success] access session establish success
 [AuditEvent=AUTH_SUCCESS][SubjectID=kraadmin][Outcome=Success][AuthMgr=certUserDBAuthMgr] authentication success
 [AuditEvent=AUTHZ_SUCCESS][SubjectID=kraadmin][Outcome=Success][aclResource=certServer.kra.account][Op=login][Info=AccountResource.login] authorization success
 [AuditEvent=ACCESS_SESSION_TERMINATED][ClientIP=192.168.0.2][ServerIP=192.168.0.2][SubjectID=CN=PKI Administrator,E=caadmin@example.com,OU=pki-tomcat,O=example.com Security Domain][Outcome=Success][Info=CLOSE_NOTIFY] access session terminated
 [AuditEvent=AUTHZ_SUCCESS][SubjectID=$Unidentified$][Outcome=Success][aclResource=null][Op=null][Info=ACL mapping not found; OK:SystemCertResource.getTransportCert] authorization success
 [AuditEvent=ACCESS_SESSION_ESTABLISH_SUCCESS][ClientIP=192.168.0.2][ServerIP=192.168.0.2][SubjectID=CN=PKI Administrator,E=caadmin@example.com,OU=pki-tomcat,O=example.com Security Domain][Outcome=Success] access session establish success
 [AuditEvent=AUTHZ_SUCCESS][SubjectID=kraadmin][Outcome=Success][aclResource=certServer.kra.keyrequests][Op=execute][Info=KeyRequestResource.submitRequest] authorization success
 [AuditEvent=SYMKEY_GENERATION_REQUEST_PROCESSED][SubjectID=kraadmin][Outcome=Success][GenerationRequestID=330][ClientKeyID=my_symkey9][KeyID=164][FailureReason=None] symkey generation request processed
 [AuditEvent=SYMKEY_GENERATION_REQUEST][SubjectID=kraadmin][Outcome=Success][GenerationRequestID=330][ClientKeyID=my_symkey9] symkey generation request made 
 [AuditEvent=ACCESS_SESSION_TERMINATED][ClientIP=192.168.0.2][ServerIP=192.168.0.2][SubjectID=CN=PKI Administrator,E=caadmin@example.com,OU=pki-tomcat,O=example.com Security Domain][Outcome=Success][Info=CLOSE_NOTIFY] access session terminated
 [AuditEvent=ACCESS_SESSION_ESTABLISH_SUCCESS][ClientIP=192.168.0.2][ServerIP=192.168.0.2][SubjectID=CN=PKI Administrator,E=caadmin@example.com,OU=pki-tomcat,O=example.com Security Domain][Outcome=Success] access session establish success
 [AuditEvent=AUTHZ_SUCCESS][SubjectID=kraadmin][Outcome=Success][aclResource=certServer.kra.account][Op=logout][Info=AccountResource.logout] authorization success
 [AuditEvent=ACCESS_SESSION_TERMINATED][ClientIP=192.168.0.2][ServerIP=192.168.0.2][SubjectID=CN=PKI Administrator,E=caadmin@example.com,OU=pki-tomcat,O=example.com Security Domain][Outcome=Success][Info=CLOSE_NOTIFY] access session terminated

Asymmetric Keys: REST API

Generated when an asymmetric key is requested to be generated from the CLI.

ASYMKEY_GENERATION_REQUEST:

  • SubjectID: UID of user requesting the key generation
  • Outcome: success/failure
  • GenerationRequestID: ID of request on KRA request queue
  • ClientKeyID: user provided client key identifier

ASYMKEY_GENERATION_REQUEST:

  • SubjectID: UID of user requesting the key generation
  • Outcome: success/failure
  • GenerationRequestID: ID of request on KRA request queue
  • ClientKeyID: user provided client key identifier
  • KeyID: ID of the key generated
  • FailureReason: reason for failure (if failed)

For example:

pki -d ./alias/ -c redhat123 -n "PKI Administrator for example.com" key-generate "my_symkey9" --key-algorithm AES --key-size 128 --usages encrypt,decrypt
 [AuditEvent=ACCESS_SESSION_ESTABLISH_SUCCESS][ClientIP=192.168.0.2][ServerIP=192.168.0.2][SubjectID=CN=PKI Administrator,E=caadmin@example.com,OU=pki-tomcat,O=example.com Security Domain][Outcome=Success] access session establish success
 [AuditEvent=AUTH_SUCCESS][SubjectID=kraadmin][Outcome=Success][AuthMgr=certUserDBAuthMgr] authentication success
 [AuditEvent=AUTHZ_SUCCESS][SubjectID=kraadmin][Outcome=Success][aclResource=certServer.kra.account][Op=login][Info=AccountResource.login] authorization success
 [AuditEvent=ACCESS_SESSION_TERMINATED][ClientIP=192.168.0.2][ServerIP=192.168.0.2][SubjectID=CN=PKI Administrator,E=caadmin@example.com,OU=pki-tomcat,O=example.com Security Domain][Outcome=Success][Info=CLOSE_NOTIFY] access session terminated
 [AuditEvent=AUTHZ_SUCCESS][SubjectID=$Unidentified$][Outcome=Success][aclResource=null][Op=null][Info=ACL mapping not found; OK:SystemCertResource.getTransportCert] authorization success
 [AuditEvent=ACCESS_SESSION_ESTABLISH_SUCCESS][ClientIP=192.168.0.2][ServerIP=192.168.0.2][SubjectID=CN=PKI Administrator,E=caadmin@example.com,OU=pki-tomcat,O=example.com Security Domain][Outcome=Success] access session establish success
 [AuditEvent=AUTHZ_SUCCESS][SubjectID=kraadmin][Outcome=Success][aclResource=certServer.kra.keyrequests][Op=execute][Info=KeyRequestResource.submitRequest] authorization success
 [AuditEvent=ASYMKEY_GENERATION_REQUEST_PROCESSED][SubjectID=kraadmin][Outcome=Success][GenerationRequestID=332][ClientKeyID=my_asymkey10][KeyID=166][FailureReason=None] Asymkey generation request processed
 [AuditEvent=ASYMKEY_GENERATION_REQUEST][SubjectID=kraadmin][Outcome=Success][GenerationRequestID=332][ClientKeyID=my_asymkey10] Asymkey generation request made 
 [AuditEvent=ACCESS_SESSION_TERMINATED][ClientIP=192.168.0.2][ServerIP=192.168.0.2][SubjectID=CN=PKI Administrator,E=caadmin@example.com,OU=pki-tomcat,O=example.com Security Domain][Outcome=Success][Info=CLOSE_NOTIFY] access session terminated
 [AuditEvent=ACCESS_SESSION_ESTABLISH_SUCCESS][ClientIP=192.168.0.2][ServerIP=192.168.0.2][SubjectID=CN=PKI Administrator,E=caadmin@example.com,OU=pki-tomcat,O=example.com Security Domain][Outcome=Success] access session establish success
 [AuditEvent=AUTHZ_SUCCESS][SubjectID=kraadmin][Outcome=Success][aclResource=certServer.kra.account][Op=logout][Info=AccountResource.logout] authorization success
 [AuditEvent=ACCESS_SESSION_TERMINATED][ClientIP=192.168.0.2][ServerIP=192.168.0.2][SubjectID=CN=PKI Administrator,E=caadmin@example.com,OU=pki-tomcat,O=example.com Security Domain][Outcome=Success][Info=CLOSE_NOTIFY] access session terminated

References