Connect:Direct Secure Plus Parameters File Auditing

The Secure+ Admin Tool and the Connect:Direct® Secure Plus Command Line Interface log changes made to the parameters file.

The following events are logged:
  • Application Startup
  • Init Parmfile
  • Open Parmfile
  • Sync Netmap
  • Rekey Parmfile
  • Create Node
  • Update Node
  • Delete Node

The parameters file logging feature has the following operational characteristics:

  • The logging feature is always enabled and cannot be disabled.

  • If errors occur when the log is being updated, the application terminates.

  • Each log entry contains a timestamp, user ID, and a description of the action/event.

  • When an existing node is updated, any changed fields are reported.

  • When a node is created or deleted, the values of all non-empty fields are reported.

  • Any commands that modify a node are logged.

    Note: The certificates used by Connect:Direct Secure Plus are individual files that can be stored anywhere on the system. As a result, the logging feature cannot detect when existing certificate files are modified. Connect:Direct Secure Plus only stores the certificate path name and detects changes to this field only.

Accessing Parameters File Audit Logs

The parameters file audit logs are stored in a dedicated directory, ..\secure+\log. The log file naming convention is SP[YYYY][MM][DD].001 (using local time), and the contents of a log file are limited to a single calendar date. You can view these log files using any text editor. Log files are not deleted by Connect:Direct Secure Plus.

Parameters File Audit Log Entries

Each audit log has the following header:
[YYYYMMDD][HH:MM:SS:mmm][userid]
When a parameter file is created or opened, an ID is generated that associates the change with the node being updated, as shown in the following:
[YYYYMMDD][HH:MM:SS:mmm][userid][ParmFileID]
The following fields may appear in a create, update, or delete audit record.
Field Name Description
Name Name of the node
BaseRecord Name of the base record
Type Record type of local, remote, or alias
Protocol Enables Connect:Direct Secure Plus protocol
Override Enables overriding the current node
AuthTimeOut Authentication timeout
SslTlsTrustedRootCertFile Pathname to trusted roots file
SslTlsCertFile Pathname to key certificate file
SslTlsCertPassphrase Key certificate passphrase (masked)
SslTlsEnableClientAuth Enable client authentication
SslTlsCertCommonName Common name of the remote certificate to verify
SslTlsEnableCipher List of SSL/TLS cipher suites
SslTlsSeaEnable Enable external authentication
SslTlsSeaCacheEnable Enable caching External Authentication Server certificate validation response.
SeaCacheValidityTime Time duration during which the local cache entry is valid for certificates
SeaGraceValidityTime Number of hours when the local cache entry of certificate expires and External Authentication Server is unavailable such that Connect:Direct Secure Plus can accept it from its cache.
SeaCertValDef External authentication validation definition
SeaHost External authentication host name
SeaPort External Authentication port number

Parameters File Audit Log Error Reporting

Errors are reported for the following logging functions: open log, write log, and lock log. If an error occurs during one of these functions, an error message is displayed and the application is terminated. The lock function times out after 30 seconds. Typically, Secure+ Admin Tool or the CLI hold the lock for less than one second per update.