summaryrefslogtreecommitdiffstats
path: root/base/server/cmsbundle/src
diff options
context:
space:
mode:
authorEndi S. Dewata <edewata@redhat.com>2017-01-17 12:19:52 +0100
committerEndi S. Dewata <edewata@redhat.com>2017-03-28 00:37:55 +0200
commit18412763e4ec09f4892c2a7b502d72ebfd9fec2a (patch)
treee2360a5e9848c42c2d2ee7c1e5a3beb0155b63ea /base/server/cmsbundle/src
parent8cf4c5fadd2d5a154c99430be9898f37163bdac7 (diff)
downloadpki-18412763e4ec09f4892c2a7b502d72ebfd9fec2a.tar.gz
pki-18412763e4ec09f4892c2a7b502d72ebfd9fec2a.tar.xz
pki-18412763e4ec09f4892c2a7b502d72ebfd9fec2a.zip
Added audit logs for SSL/TLS events.
The CMSStartServlet has been modified to register an SSL socket listener called PKIServerSocketListener to TomcatJSS. The PKIServerSocketListener will receive the alerts generated by SSL server sockets and generate ACCESS_SESSION_* audit logs. The CS.cfg for all subsystems have been modified to include ACCESS_SESSION_* audit events. https://pagure.io/dogtagpki/issue/2602 Change-Id: If7fb6c1b096ec8c68d1fd08f9132baf099816f11
Diffstat (limited to 'base/server/cmsbundle/src')
-rw-r--r--base/server/cmsbundle/src/LogMessages.properties27
1 files changed, 27 insertions, 0 deletions
diff --git a/base/server/cmsbundle/src/LogMessages.properties b/base/server/cmsbundle/src/LogMessages.properties
index 0bcbcc543..dde53ba73 100644
--- a/base/server/cmsbundle/src/LogMessages.properties
+++ b/base/server/cmsbundle/src/LogMessages.properties
@@ -2711,6 +2711,33 @@ LOGGING_SIGNED_AUDIT_TOKEN_STATE_CHANGE_8=<type=TOKEN_STATE_CHANGE>:[AuditEvent=
# separated by + (if more than one name;;value pair) of config params changed
#
LOGGING_SIGNED_AUDIT_AUTHORITY_CONFIG_3=<type=AUTHORITY_CONFIG>:[AuditEvent=AUTHORITY_CONFIG][SubjectID={0}][Outcome={1}][ParamNameValPairs={2}] lightweight authority configuration change
+#
+# LOGGING_SIGNED_AUDIT_ACCESS_SESSION_ESTABLISH_FAILURE
+# - used when access session failed to establish
+# ParamNameValPairs must be a name;;value pair
+# (where name and value are separated by the delimiter ;;)
+# separated by + (if more than one name;;value pair) of config params changed
+#
+LOGGING_SIGNED_AUDIT_ACCESS_SESSION_ESTABLISH_FAILURE=\
+<type=ACCESS_SESSION_ESTABLISH_FAILURE>:[AuditEvent=ACCESS_SESSION_ESTABLISH_FAILURE][ClientIP={0}][ServerIP={1}][SubjectID={2}][Outcome=Failure][Info={3}] access session establish failure
+#
+# LOGGING_SIGNED_AUDIT_ACCESS_SESSION_ESTABLISH_SUCCESS
+# - used when access session was established successfully
+# ParamNameValPairs must be a name;;value pair
+# (where name and value are separated by the delimiter ;;)
+# separated by + (if more than one name;;value pair) of config params changed
+#
+LOGGING_SIGNED_AUDIT_ACCESS_SESSION_ESTABLISH_SUCCESS=\
+<type=ACCESS_SESSION_ESTABLISH_SUCCESS>:[AuditEvent=ACCESS_SESSION_ESTABLISH_SUCCESS][ClientIP={0}][ServerIP={1}][SubjectID={2}][Outcome=Success] access session establish success
+#
+# LOGGING_SIGNED_AUDIT_ACCESS_SESSION_TERMINATED
+# - used when access session was terminated
+# ParamNameValPairs must be a name;;value pair
+# (where name and value are separated by the delimiter ;;)
+# separated by + (if more than one name;;value pair) of config params changed
+#
+LOGGING_SIGNED_AUDIT_ACCESS_SESSION_TERMINATED=\
+<type=ACCESS_SESSION_TERMINATED>:[AuditEvent=ACCESS_SESSION_TERMINATED][ClientIP={0}][ServerIP={1}][SubjectID={2}][Outcome=Success] access session terminated
###########################
generated by cgit (git 2.34.1) at 2026-01-08 17:36:10 +0000