From 18412763e4ec09f4892c2a7b502d72ebfd9fec2a Mon Sep 17 00:00:00 2001
From: "Endi S. Dewata" <edewata@redhat.com>
Date: Tue, 17 Jan 2017 12:19:52 +0100
Subject: Added audit logs for SSL/TLS events.

The CMSStartServlet has been modified to register an SSL socket
listener called PKIServerSocketListener to TomcatJSS.

The PKIServerSocketListener will receive the alerts generated by
SSL server sockets and generate ACCESS_SESSION_* audit logs.

The CS.cfg for all subsystems have been modified to include
ACCESS_SESSION_* audit events.

https://pagure.io/dogtagpki/issue/2602

Change-Id: If7fb6c1b096ec8c68d1fd08f9132baf099816f11
---
 base/server/cmsbundle/src/LogMessages.properties | 27 ++++++++++++++++++++++++
 1 file changed, 27 insertions(+)

(limited to 'base/server/cmsbundle/src')

diff --git a/base/server/cmsbundle/src/LogMessages.properties b/base/server/cmsbundle/src/LogMessages.properties
index 0bcbcc543..dde53ba73 100644
--- a/base/server/cmsbundle/src/LogMessages.properties
+++ b/base/server/cmsbundle/src/LogMessages.properties
@@ -2711,6 +2711,33 @@ LOGGING_SIGNED_AUDIT_TOKEN_STATE_CHANGE_8=<type=TOKEN_STATE_CHANGE>:[AuditEvent=
 #    separated by + (if more than one name;;value pair) of config params changed
 #
 LOGGING_SIGNED_AUDIT_AUTHORITY_CONFIG_3=<type=AUTHORITY_CONFIG>:[AuditEvent=AUTHORITY_CONFIG][SubjectID={0}][Outcome={1}][ParamNameValPairs={2}] lightweight authority configuration change
+#
+# LOGGING_SIGNED_AUDIT_ACCESS_SESSION_ESTABLISH_FAILURE
+# - used when access session failed to establish
+# ParamNameValPairs must be a name;;value pair
+#    (where name and value are separated by the delimiter ;;)
+#    separated by + (if more than one name;;value pair) of config params changed
+#
+LOGGING_SIGNED_AUDIT_ACCESS_SESSION_ESTABLISH_FAILURE=\
+<type=ACCESS_SESSION_ESTABLISH_FAILURE>:[AuditEvent=ACCESS_SESSION_ESTABLISH_FAILURE][ClientIP={0}][ServerIP={1}][SubjectID={2}][Outcome=Failure][Info={3}] access session establish failure
+#
+# LOGGING_SIGNED_AUDIT_ACCESS_SESSION_ESTABLISH_SUCCESS
+# - used when access session was established successfully
+# ParamNameValPairs must be a name;;value pair
+#    (where name and value are separated by the delimiter ;;)
+#    separated by + (if more than one name;;value pair) of config params changed
+#
+LOGGING_SIGNED_AUDIT_ACCESS_SESSION_ESTABLISH_SUCCESS=\
+<type=ACCESS_SESSION_ESTABLISH_SUCCESS>:[AuditEvent=ACCESS_SESSION_ESTABLISH_SUCCESS][ClientIP={0}][ServerIP={1}][SubjectID={2}][Outcome=Success] access session establish success
+#
+# LOGGING_SIGNED_AUDIT_ACCESS_SESSION_TERMINATED
+# - used when access session was terminated
+# ParamNameValPairs must be a name;;value pair
+#    (where name and value are separated by the delimiter ;;)
+#    separated by + (if more than one name;;value pair) of config params changed
+#
+LOGGING_SIGNED_AUDIT_ACCESS_SESSION_TERMINATED=\
+<type=ACCESS_SESSION_TERMINATED>:[AuditEvent=ACCESS_SESSION_TERMINATED][ClientIP={0}][ServerIP={1}][SubjectID={2}][Outcome=Success] access session terminated
 
 
 ###########################
-- 
cgit