Difference between revisions of "KRA Audit Events"

From Dogtag
Jump to: navigation, search
m (Overview)
(Overview)
Line 81: Line 81:
 
ACCESS_SESSION_ESTABLISH_SUCCESS,\
 
ACCESS_SESSION_ESTABLISH_SUCCESS,\
 
ACCESS_SESSION_TERMINATED
 
ACCESS_SESSION_TERMINATED
 +
</pre>
 +
 +
= Key Archival Events =
 +
 +
== SECURITY_DATA_ARCHIVAL_REQUEST, SECURITY_DATA_ARCHIVAL_REQUEST_PROCESSED ==
 +
 +
This event is triggered when an archival request is received through the REST interface or from the CA.
 +
For example, use the PKI CLI to archive a passphrase:
 +
 +
<pre>
 +
pki -d ./alias/ -c redhat123 -n "PKI Administrator for example.com" key-archive --clientKeyID "my_pass1" --passphrase  "goodbye cruel world!"
 +
</pre>
 +
 +
<pre>
 +
[AuditEvent=ACCESS_SESSION_ESTABLISH_SUCCESS][ClientIP=192.168.0.2][ServerIP=192.168.0.2][SubjectID=CN=PKI Administrator,E=caadmin@example.com,OU=pki-tomcat,O=example.com Security Domain][Outcome=Success] access session establish success
 +
[AuditEvent=AUTH_SUCCESS][SubjectID=kraadmin][Outcome=Success][AuthMgr=certUserDBAuthMgr] authentication success
 +
[AuditEvent=AUTHZ_SUCCESS][SubjectID=kraadmin][Outcome=Success][aclResource=certServer.kra.account][Op=login][Info=AccountResource.login] authorization success
 +
[AuditEvent=ACCESS_SESSION_TERMINATED][ClientIP=192.168.0.2][ServerIP=192.168.0.2][SubjectID=CN=PKI Administrator,E=caadmin@example.com,OU=pki-tomcat,O=example.com Security Domain][Outcome=Success][Info=CLOSE_NOTIFY] access session terminated
 +
[AuditEvent=AUTHZ_SUCCESS][SubjectID=$Unidentified$][Outcome=Success][aclResource=null][Op=null][Info=ACL mapping not found; OK:SystemCertResource.getTransportCert] authorization success
 +
[AuditEvent=ACCESS_SESSION_ESTABLISH_SUCCESS][ClientIP=192.168.0.2][ServerIP=192.168.0.2][SubjectID=CN=PKI Administrator,E=caadmin@example.com,OU=pki-tomcat,O=example.com Security Domain][Outcome=Success] access session establish success
 +
[AuditEvent=AUTHZ_SUCCESS][SubjectID=kraadmin][Outcome=Success][aclResource=certServer.kra.keyrequests][Op=execute][Info=KeyRequestResource.submitRequest] authorization success
 +
<font color="red"/>[AuditEvent=SECURITY_DATA_ARCHIVAL_REQUEST][SubjectID=kraadmin][Outcome=Success][ArchivalRequestID=314][ClientKeyID=my_pass1] security data archival request made
 +
[AuditEvent=SECURITY_DATA_ARCHIVAL_REQUEST_PROCESSED][SubjectID=kraadmin][Outcome=Success][ArchivalRequestID=314][ClientKeyID=my_pass1][KeyID=156][FailureReason=None][PubKey=null] security data archival request processed </font>
 +
[AuditEvent=SECURITY_DATA_ARCHIVAL_REQUEST][SubjectID=kraadmin][Outcome=Success][ArchivalRequestID=314][ClientKeyID=my_pass1] security data archival request made
 +
[AuditEvent=ACCESS_SESSION_TERMINATED][ClientIP=192.168.0.2][ServerIP=192.168.0.2][SubjectID=CN=PKI Administrator,E=caadmin@example.com,OU=pki-tomcat,O=example.com Security Domain][Outcome=Success][Info=CLOSE_NOTIFY] access session terminated
 +
[AuditEvent=ACCESS_SESSION_ESTABLISH_SUCCESS][ClientIP=192.168.0.2][ServerIP=192.168.0.2][SubjectID=CN=PKI Administrator,E=caadmin@example.com,OU=pki-tomcat,O=example.com Security Domain][Outcome=Success] access session establish success
 +
[AuditEvent=AUTHZ_SUCCESS][SubjectID=kraadmin][Outcome=Success][aclResource=certServer.kra.account][Op=logout][Info=AccountResource.logout] authorization success
 +
[AuditEvent=ACCESS_SESSION_TERMINATED][ClientIP=192.168.0.2][ServerIP=192.168.0.2][SubjectID=CN=PKI Administrator,E=caadmin@example.com,OU=pki-tomcat,O=example.com Security Domain][Outcome=Success][Info=CLOSE_NOTIFY] access session terminated
 
</pre>
 
</pre>
  

Revision as of 16:55, 22 May 2017

Overview

This document describes KRA audit events.

log.instance.SignedAudit.events=\
AUDIT_LOG_STARTUP,\
AUDIT_LOG_SHUTDOWN,\
ROLE_ASSUME,\
CONFIG_CERT_POLICY,\
CONFIG_CERT_PROFILE,\
CONFIG_CRL_PROFILE,\
CONFIG_OCSP_PROFILE,\
CONFIG_AUTH,\
CONFIG_ROLE,CONFIG_ACL,\
CONFIG_SIGNED_AUDIT,\
CONFIG_ENCRYPTION,\
CONFIG_TRUSTED_PUBLIC_KEY,\
CONFIG_DRM,SELFTESTS_EXECUTION,\
AUDIT_LOG_DELETE,\
LOG_PATH_CHANGE,\
PRIVATE_KEY_ARCHIVE_REQUEST,\
PRIVATE_KEY_ARCHIVE_REQUEST_PROCESSED,\
PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS,\
PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE,\
KEY_RECOVERY_REQUEST,\
KEY_RECOVERY_REQUEST_ASYNC,\
KEY_RECOVERY_AGENT_LOGIN,\
KEY_RECOVERY_REQUEST_PROCESSED,\
KEY_RECOVERY_REQUEST_PROCESSED_ASYNC,\
KEY_GEN_ASYMMETRIC,\
NON_PROFILE_CERT_REQUEST,\
PROFILE_CERT_REQUEST,\
CERT_REQUEST_PROCESSED,\
CERT_STATUS_CHANGE_REQUEST,\
CERT_STATUS_CHANGE_REQUEST_PROCESSED,\
AUTHZ_SUCCESS,\
AUTHZ_FAIL,\
INTER_BOUNDARY,\
AUTH_FAIL,\
AUTH_SUCCESS,\
CERT_PROFILE_APPROVAL,\
PROOF_OF_POSSESSION,\
CRL_RETRIEVAL,\
CRL_VALIDATION,\
CMC_SIGNED_REQUEST_SIG_VERIFY,\
SERVER_SIDE_KEYGEN_REQUEST_PROCESSED_FAILURE,\
SERVER_SIDE_KEYGEN_REQUEST_PROCESSED_SUCCESS,\
SERVER_SIDE_KEYGEN_REQUEST,\
COMPUTE_SESSION_KEY_REQUEST,\
COMPUTE_SESSION_KEY_REQUEST_PROCESSED_SUCCESS,\
COMPUTE_SESSION_KEY_REQUEST_PROCESSED_FAILURE,\
DIVERSIFY_KEY_REQUEST,\
DIVERSIFY_KEY_REQUEST_PROCESSED_SUCCESS,\
DIVERSIFY_KEY_REQUEST_PROCESSED_FAILURE,\
ENCRYPT_DATA_REQUEST,\
ENCRYPT_DATA_REQUEST_PROCESSED_SUCCESS,\
ENCRYPT_DATA_REQUEST_PROCESSED_FAILURE,\
OCSP_ADD_CA_REQUEST,\
OCSP_ADD_CA_REQUEST_PROCESSED,\
OCSP_REMOVE_CA_REQUEST,\
OCSP_REMOVE_CA_REQUEST_PROCESSED_SUCCESS,\
OCSP_REMOVE_CA_REQUEST_PROCESSED_FAILURE,\
COMPUTE_RANDOM_DATA_REQUEST,\
COMPUTE_RANDOM_DATA_REQUEST_PROCESSED_SUCCESS,\
COMPUTE_RANDOM_DATA_REQUEST_PROCESSED_FAILURE,\
CIMC_CERT_VERIFICATION,\
CONFIG_SERIAL_NUMBER,\
SECURITY_DATA_ARCHIVAL_REQUEST,\
SECURITY_DATA_ARCHIVAL_REQUEST_PROCESSED,\
SECURITY_DATA_RECOVERY_REQUEST,\
SECURITY_DATA_RECOVERY_REQUEST_PROCESSED,\
SECURITY_DATA_RECOVERY_REQUEST_STATE_CHANGE,\
SECURITY_DATA_RETRIEVE_KEY,SYMKEY_GENERATION_REQUEST,\
SYMKEY_GENERATION_REQUEST_PROCESSED,\
ASYMKEY_GENERATION_REQUEST,\
ASYMKEY_GENERATION_REQUEST_PROCESSED,\
SECURITY_DATA_RETRIEVE_KEY,\
KEY_STATUS_CHANGE,\
ACCESS_SESSION_ESTABLISH_FAILURE,\
ACCESS_SESSION_ESTABLISH_SUCCESS,\
ACCESS_SESSION_TERMINATED

Key Archival Events

SECURITY_DATA_ARCHIVAL_REQUEST, SECURITY_DATA_ARCHIVAL_REQUEST_PROCESSED

This event is triggered when an archival request is received through the REST interface or from the CA. For example, use the PKI CLI to archive a passphrase:

pki -d ./alias/ -c redhat123 -n "PKI Administrator for example.com" key-archive --clientKeyID "my_pass1" --passphrase  "goodbye cruel world!"
[AuditEvent=ACCESS_SESSION_ESTABLISH_SUCCESS][ClientIP=192.168.0.2][ServerIP=192.168.0.2][SubjectID=CN=PKI Administrator,E=caadmin@example.com,OU=pki-tomcat,O=example.com Security Domain][Outcome=Success] access session establish success
[AuditEvent=AUTH_SUCCESS][SubjectID=kraadmin][Outcome=Success][AuthMgr=certUserDBAuthMgr] authentication success
[AuditEvent=AUTHZ_SUCCESS][SubjectID=kraadmin][Outcome=Success][aclResource=certServer.kra.account][Op=login][Info=AccountResource.login] authorization success
[AuditEvent=ACCESS_SESSION_TERMINATED][ClientIP=192.168.0.2][ServerIP=192.168.0.2][SubjectID=CN=PKI Administrator,E=caadmin@example.com,OU=pki-tomcat,O=example.com Security Domain][Outcome=Success][Info=CLOSE_NOTIFY] access session terminated
[AuditEvent=AUTHZ_SUCCESS][SubjectID=$Unidentified$][Outcome=Success][aclResource=null][Op=null][Info=ACL mapping not found; OK:SystemCertResource.getTransportCert] authorization success
[AuditEvent=ACCESS_SESSION_ESTABLISH_SUCCESS][ClientIP=192.168.0.2][ServerIP=192.168.0.2][SubjectID=CN=PKI Administrator,E=caadmin@example.com,OU=pki-tomcat,O=example.com Security Domain][Outcome=Success] access session establish success
[AuditEvent=AUTHZ_SUCCESS][SubjectID=kraadmin][Outcome=Success][aclResource=certServer.kra.keyrequests][Op=execute][Info=KeyRequestResource.submitRequest] authorization success
<font color="red"/>[AuditEvent=SECURITY_DATA_ARCHIVAL_REQUEST][SubjectID=kraadmin][Outcome=Success][ArchivalRequestID=314][ClientKeyID=my_pass1] security data archival request made
[AuditEvent=SECURITY_DATA_ARCHIVAL_REQUEST_PROCESSED][SubjectID=kraadmin][Outcome=Success][ArchivalRequestID=314][ClientKeyID=my_pass1][KeyID=156][FailureReason=None][PubKey=null] security data archival request processed </font>
[AuditEvent=SECURITY_DATA_ARCHIVAL_REQUEST][SubjectID=kraadmin][Outcome=Success][ArchivalRequestID=314][ClientKeyID=my_pass1] security data archival request made
[AuditEvent=ACCESS_SESSION_TERMINATED][ClientIP=192.168.0.2][ServerIP=192.168.0.2][SubjectID=CN=PKI Administrator,E=caadmin@example.com,OU=pki-tomcat,O=example.com Security Domain][Outcome=Success][Info=CLOSE_NOTIFY] access session terminated
[AuditEvent=ACCESS_SESSION_ESTABLISH_SUCCESS][ClientIP=192.168.0.2][ServerIP=192.168.0.2][SubjectID=CN=PKI Administrator,E=caadmin@example.com,OU=pki-tomcat,O=example.com Security Domain][Outcome=Success] access session establish success
[AuditEvent=AUTHZ_SUCCESS][SubjectID=kraadmin][Outcome=Success][aclResource=certServer.kra.account][Op=logout][Info=AccountResource.logout] authorization success
[AuditEvent=ACCESS_SESSION_TERMINATED][ClientIP=192.168.0.2][ServerIP=192.168.0.2][SubjectID=CN=PKI Administrator,E=caadmin@example.com,OU=pki-tomcat,O=example.com Security Domain][Outcome=Success][Info=CLOSE_NOTIFY] access session terminated

References