KRA Audit Events
From Dogtag
Contents
Overview
This document describes KRA audit events.
log.instance.SignedAudit.events=\ AUDIT_LOG_STARTUP,\ AUDIT_LOG_SHUTDOWN,\ ROLE_ASSUME,\ CONFIG_CERT_POLICY,\ CONFIG_CERT_PROFILE,\ CONFIG_CRL_PROFILE,\ CONFIG_OCSP_PROFILE,\ CONFIG_AUTH,\ CONFIG_ROLE,CONFIG_ACL,\ CONFIG_SIGNED_AUDIT,\ CONFIG_ENCRYPTION,\ CONFIG_TRUSTED_PUBLIC_KEY,\ CONFIG_DRM,SELFTESTS_EXECUTION,\ AUDIT_LOG_DELETE,\ LOG_PATH_CHANGE,\ PRIVATE_KEY_ARCHIVE_REQUEST,\ PRIVATE_KEY_ARCHIVE_REQUEST_PROCESSED,\ PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS,\ PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE,\ KEY_RECOVERY_REQUEST,\ KEY_RECOVERY_REQUEST_ASYNC,\ KEY_RECOVERY_AGENT_LOGIN,\ KEY_RECOVERY_REQUEST_PROCESSED,\ KEY_RECOVERY_REQUEST_PROCESSED_ASYNC,\ KEY_GEN_ASYMMETRIC,\ NON_PROFILE_CERT_REQUEST,\ PROFILE_CERT_REQUEST,\ CERT_REQUEST_PROCESSED,\ CERT_STATUS_CHANGE_REQUEST,\ CERT_STATUS_CHANGE_REQUEST_PROCESSED,\ AUTHZ_SUCCESS,\ AUTHZ_FAIL,\ INTER_BOUNDARY,\ AUTH_FAIL,\ AUTH_SUCCESS,\ CERT_PROFILE_APPROVAL,\ PROOF_OF_POSSESSION,\ CRL_RETRIEVAL,\ CRL_VALIDATION,\ CMC_SIGNED_REQUEST_SIG_VERIFY,\ SERVER_SIDE_KEYGEN_REQUEST_PROCESSED_FAILURE,\ SERVER_SIDE_KEYGEN_REQUEST_PROCESSED_SUCCESS,\ SERVER_SIDE_KEYGEN_REQUEST,\ COMPUTE_SESSION_KEY_REQUEST,\ COMPUTE_SESSION_KEY_REQUEST_PROCESSED_SUCCESS,\ COMPUTE_SESSION_KEY_REQUEST_PROCESSED_FAILURE,\ DIVERSIFY_KEY_REQUEST,\ DIVERSIFY_KEY_REQUEST_PROCESSED_SUCCESS,\ DIVERSIFY_KEY_REQUEST_PROCESSED_FAILURE,\ ENCRYPT_DATA_REQUEST,\ ENCRYPT_DATA_REQUEST_PROCESSED_SUCCESS,\ ENCRYPT_DATA_REQUEST_PROCESSED_FAILURE,\ OCSP_ADD_CA_REQUEST,\ OCSP_ADD_CA_REQUEST_PROCESSED,\ OCSP_REMOVE_CA_REQUEST,\ OCSP_REMOVE_CA_REQUEST_PROCESSED_SUCCESS,\ OCSP_REMOVE_CA_REQUEST_PROCESSED_FAILURE,\ COMPUTE_RANDOM_DATA_REQUEST,\ COMPUTE_RANDOM_DATA_REQUEST_PROCESSED_SUCCESS,\ COMPUTE_RANDOM_DATA_REQUEST_PROCESSED_FAILURE,\ CIMC_CERT_VERIFICATION,\ CONFIG_SERIAL_NUMBER,\ SECURITY_DATA_ARCHIVAL_REQUEST,\ SECURITY_DATA_ARCHIVAL_REQUEST_PROCESSED,\ SECURITY_DATA_RECOVERY_REQUEST,\ SECURITY_DATA_RECOVERY_REQUEST_PROCESSED,\ SECURITY_DATA_RECOVERY_REQUEST_STATE_CHANGE,\ SECURITY_DATA_RETRIEVE_KEY,SYMKEY_GENERATION_REQUEST,\ SYMKEY_GENERATION_REQUEST_PROCESSED,\ ASYMKEY_GENERATION_REQUEST,\ ASYMKEY_GENERATION_REQUEST_PROCESSED,\ SECURITY_DATA_RETRIEVE_KEY,\ KEY_STATUS_CHANGE,\ ACCESS_SESSION_ESTABLISH_FAILURE,\ ACCESS_SESSION_ESTABLISH_SUCCESS,\ ACCESS_SESSION_TERMINATED
Key Archival Events
SECURITY_DATA_ARCHIVAL_REQUEST, SECURITY_DATA_ARCHIVAL_REQUEST_PROCESSED
This event is triggered when an archival request is received through the REST interface or from the CA. For example, use the PKI CLI to archive a passphrase:
pki -d ./alias/ -c redhat123 -n "PKI Administrator for example.com" key-archive --clientKeyID "my_pass1" --passphrase "goodbye cruel world!"
[AuditEvent=ACCESS_SESSION_ESTABLISH_SUCCESS][ClientIP=192.168.0.2][ServerIP=192.168.0.2][SubjectID=CN=PKI Administrator,E=caadmin@example.com,OU=pki-tomcat,O=example.com Security Domain][Outcome=Success] access session establish success [AuditEvent=AUTH_SUCCESS][SubjectID=kraadmin][Outcome=Success][AuthMgr=certUserDBAuthMgr] authentication success [AuditEvent=AUTHZ_SUCCESS][SubjectID=kraadmin][Outcome=Success][aclResource=certServer.kra.account][Op=login][Info=AccountResource.login] authorization success [AuditEvent=ACCESS_SESSION_TERMINATED][ClientIP=192.168.0.2][ServerIP=192.168.0.2][SubjectID=CN=PKI Administrator,E=caadmin@example.com,OU=pki-tomcat,O=example.com Security Domain][Outcome=Success][Info=CLOSE_NOTIFY] access session terminated [AuditEvent=AUTHZ_SUCCESS][SubjectID=$Unidentified$][Outcome=Success][aclResource=null][Op=null][Info=ACL mapping not found; OK:SystemCertResource.getTransportCert] authorization success [AuditEvent=ACCESS_SESSION_ESTABLISH_SUCCESS][ClientIP=192.168.0.2][ServerIP=192.168.0.2][SubjectID=CN=PKI Administrator,E=caadmin@example.com,OU=pki-tomcat,O=example.com Security Domain][Outcome=Success] access session establish success [AuditEvent=AUTHZ_SUCCESS][SubjectID=kraadmin][Outcome=Success][aclResource=certServer.kra.keyrequests][Op=execute][Info=KeyRequestResource.submitRequest] authorization success <font color="red"/>[AuditEvent=SECURITY_DATA_ARCHIVAL_REQUEST][SubjectID=kraadmin][Outcome=Success][ArchivalRequestID=314][ClientKeyID=my_pass1] security data archival request made [AuditEvent=SECURITY_DATA_ARCHIVAL_REQUEST_PROCESSED][SubjectID=kraadmin][Outcome=Success][ArchivalRequestID=314][ClientKeyID=my_pass1][KeyID=156][FailureReason=None][PubKey=null] security data archival request processed </font> [AuditEvent=SECURITY_DATA_ARCHIVAL_REQUEST][SubjectID=kraadmin][Outcome=Success][ArchivalRequestID=314][ClientKeyID=my_pass1] security data archival request made [AuditEvent=ACCESS_SESSION_TERMINATED][ClientIP=192.168.0.2][ServerIP=192.168.0.2][SubjectID=CN=PKI Administrator,E=caadmin@example.com,OU=pki-tomcat,O=example.com Security Domain][Outcome=Success][Info=CLOSE_NOTIFY] access session terminated [AuditEvent=ACCESS_SESSION_ESTABLISH_SUCCESS][ClientIP=192.168.0.2][ServerIP=192.168.0.2][SubjectID=CN=PKI Administrator,E=caadmin@example.com,OU=pki-tomcat,O=example.com Security Domain][Outcome=Success] access session establish success [AuditEvent=AUTHZ_SUCCESS][SubjectID=kraadmin][Outcome=Success][aclResource=certServer.kra.account][Op=logout][Info=AccountResource.logout] authorization success [AuditEvent=ACCESS_SESSION_TERMINATED][ClientIP=192.168.0.2][ServerIP=192.168.0.2][SubjectID=CN=PKI Administrator,E=caadmin@example.com,OU=pki-tomcat,O=example.com Security Domain][Outcome=Success][Info=CLOSE_NOTIFY] access session terminated
