diff options
| author | Christina Fu <cfu@redhat.com> | 2016-03-24 16:23:05 -0700 |
|---|---|---|
| committer | Christina Fu <cfu@redhat.com> | 2016-03-28 15:46:43 -0700 |
| commit | 41a99a5938c6881a978199fe10b0c392eb27d569 (patch) | |
| tree | 9de46099b3cc73cd5f691848bba9aa2b523c10aa /base/server/cmsbundle/src/LogMessages.properties | |
| parent | 93179af9333197cbdce843f16c02107b8d1db17e (diff) | |
| download | pki-41a99a5938c6881a978199fe10b0c392eb27d569.tar.gz pki-41a99a5938c6881a978199fe10b0c392eb27d569.tar.xz pki-41a99a5938c6881a978199fe10b0c392eb27d569.zip | |
Ticket #1006 Audit logging for TPS REST operations
This patch adds audit logging to TPS REST wrote-specific operations.
The read-specific operations are already captured by AuditEvent=AUTHZ_*
The affected (new or modified) log messages include:
LOGGING_SIGNED_AUDIT_CONFIG_TOKEN_GENERAL_5
LOGGING_SIGNED_AUDIT_CONFIG_TOKEN_PROFILE_6
LOGGING_SIGNED_AUDIT_CONFIG_TOKEN_MAPPING_RESOLVER_6
LOGGING_SIGNED_AUDIT_CONFIG_TOKEN_AUTHENTICATOR_6
LOGGING_SIGNED_AUDIT_CONFIG_TOKEN_CONNECTOR_6
LOGGING_SIGNED_AUDIT_CONFIG_TOKEN_RECORD_6
LOGGING_SIGNED_AUDIT_TOKEN_STATE_CHANGE_8
Diffstat (limited to 'base/server/cmsbundle/src/LogMessages.properties')
| -rw-r--r-- | base/server/cmsbundle/src/LogMessages.properties | 55 |
1 files changed, 52 insertions, 3 deletions
diff --git a/base/server/cmsbundle/src/LogMessages.properties b/base/server/cmsbundle/src/LogMessages.properties index 5f9432e28..433797cbe 100644 --- a/base/server/cmsbundle/src/LogMessages.properties +++ b/base/server/cmsbundle/src/LogMessages.properties @@ -2638,22 +2638,71 @@ LOGGING_SIGNED_AUDIT_TOKEN_AUTH_SUCCESS_9=<type=TOKEN_AUTH_SUCCESS>:[AuditEvent= # (where name and value are separated by the delimiter ;;) # separated by + (if more than one name;;value pair) of config params changed # --- secret component (password) MUST NOT be logged --- +# - info in general is used for caturing error info for failed cases # -LOGGING_SIGNED_AUDIT_CONFIG_TOKEN_GENERAL_3=<type=CONFIG_TOKEN_GENERAL>:[AuditEvent=CONFIG_TOKEN_GENERAL][SubjectID={0}][Outcome={1}][ParamNameValPairs={2}] TPS token configuration parameter(s) change +LOGGING_SIGNED_AUDIT_CONFIG_TOKEN_GENERAL_5=<type=CONFIG_TOKEN_GENERAL>:[AuditEvent=CONFIG_TOKEN_GENERAL][SubjectID={0}][Outcome={1}][Service={2}][ParamNameValPairs={3}][Info={4}] TPS token configuration parameter(s) change # # LOGGING_SIGNED_AUDIT_CONFIG_TOKEN_PROFILE # - used when configuring token profile +# Service can be any of the methods offered # ParamNameValPairs must be a name;;value pair # (where name and value are separated by the delimiter ;;) # separated by + (if more than one name;;value pair) of config params changed # --- secret component (password) MUST NOT be logged --- +# - info in general is used for caturing error info for failed cases # -LOGGING_SIGNED_AUDIT_CONFIG_TOKEN_PROFILE_3=<type=CONFIG_TOKEN_PROFILE>:[AuditEvent=CONFIG_TOKEN_PROFILE][SubjectID={0}][Outcome={1}][ParamNameValPairs={2}] token profile configuration parameter(s) change +LOGGING_SIGNED_AUDIT_CONFIG_TOKEN_PROFILE_6=<type=CONFIG_TOKEN_PROFILE>:[AuditEvent=CONFIG_TOKEN_PROFILE][SubjectID={0}][Outcome={1}][Service={2}][ProfileID={3}][ParamNameValPairs={4}][Info={5}] token profile configuration parameter(s) change +# +# LOGGING_SIGNED_AUDIT_CONFIG_TOKEN_MAPPING_RESOLVER +# ParamNameValPairs must be a name;;value pair +# (where name and value are separated by the delimiter ;;) +# separated by + (if more than one name;;value pair) of config params changed +# --- secret component (password) MUST NOT be logged --- +# - info in general is used for caturing error info for failed cases +# +LOGGING_SIGNED_AUDIT_CONFIG_TOKEN_MAPPING_RESOLVER_6=<type=CONFIG_TOKEN_MAPPING_RESOLVER>:[AuditEvent=CONFIG_TOKEN_MAPPING_RESOLVER][SubjectID={0}][Outcome={1}][Service={2}][MappingResolverID={3}][ParamNameValPairs={4}][Info={5}] token mapping resolver configuration parameter(s) change +# +# LOGGING_SIGNED_AUDIT_CONFIG_TOKEN_AUTHENTICATOR +# - used when configuring token authenticators +# Service can be any of the methods offered +# ParamNameValPairs must be a name;;value pair +# (where name and value are separated by the delimiter ;;) +# separated by + (if more than one name;;value pair) of config params changed +# --- secret component (password) MUST NOT be logged --- +# - info in general is used for caturing error info for failed cases +# +LOGGING_SIGNED_AUDIT_CONFIG_TOKEN_AUTHENTICATOR_6=<type=CONFIG_TOKEN_AUTHENTICATOR>:[AuditEvent=CONFIG_TOKEN_AUTHENTICATOR][SubjectID={0}][Outcome={1}][OP={2}][Authenticator={3}][ParamNameValPairs={4}][Info={5}] token authenticator configuration parameter(s) change +# +# LOGGING_SIGNED_AUDIT_CONFIG_TOKEN_CONNECTOR +# - used when configuring token connectors +# Service can be any of the methods offered +# ParamNameValPairs must be a name;;value pair +# (where name and value are separated by the delimiter ;;) +# separated by + (if more than one name;;value pair) of config params changed +# --- secret component (password) MUST NOT be logged --- +# - info in general is used for caturing error info for failed cases +# +LOGGING_SIGNED_AUDIT_CONFIG_TOKEN_CONNECTOR_6=<type=CONFIG_TOKEN_CONNECTOR>:[AuditEvent=CONFIG_TOKEN_CONNECTOR][SubjectID={0}][Outcome={1}][Service={2}][Connector={3}][ParamNameValPairs={4}][Info={5}] token connector configuration parameter(s) change +# +# LOGGING_SIGNED_AUDIT_CONFIG_TOKEN_RECORD +# - used when token state changed +# ParamNameValPairs must be a name;;value pair +# (where name and value are separated by the delimiter ;;) +# separated by + (if more than one name;;value pair) of config params changed +# --- secret component (password) MUST NOT be logged --- +# - info in general is used for caturing error info for failed cases +# +LOGGING_SIGNED_AUDIT_CONFIG_TOKEN_RECORD_6=<type=CONFIG_TOKEN_RECORD>:[AuditEvent=CONFIG_TOKEN_RECORD][SubjectID={0}][Outcome={1}][OP={2}][TokenID={3}][ParamNameValPairs={4}][Info={5}] token record configuration parameter(s) change # # LOGGING_SIGNED_AUDIT_TOKEN_STATE_CHANGE # - used when token state changed +# ParamNameValPairs must be a name;;value pair +# (where name and value are separated by the delimiter ;;) +# separated by + (if more than one name;;value pair) of config params changed +# --- secret component (password) MUST NOT be logged --- +# - info in general is used for caturing error info for failed cases # -LOGGING_SIGNED_AUDIT_TOKEN_STATE_CHANGE_5=<type=TOKEN_STATE_CHANGE>:[AuditEvent=TOKEN_STATE_CHANGE][SubjectID={0}][Outcome={1}][CUID={2}][oldState={3}][newState={4}] token state changed +LOGGING_SIGNED_AUDIT_TOKEN_STATE_CHANGE_8=<type=TOKEN_STATE_CHANGE>:[AuditEvent=TOKEN_STATE_CHANGE][SubjectID={0}][Outcome={1}][oldState={2}][oldReason={3}][newState={4}][newReason={5}][ParamNameValPairs={6}][Info={7}] token state changed # # LOGGING_SIGNED_AUDIT_AUTHORITY_CONFIG # - used when configuring lightweight authorities |