Connect:Direct Secure Plus Parameters File Auditing
The Secure+ Admin Tool and the Connect:Direct® Secure Plus Command Line Interface log changes made to the parameters file.
- Application Startup
- Init Parmfile
- Open Parmfile
- Sync Netmap
- Rekey Parmfile
- Create Node
- Update Node
- Delete Node
The parameters file logging feature has the following operational characteristics:
The logging feature is always enabled and cannot be disabled.
If errors occur when the log is being updated, the application terminates.
Each log entry contains a timestamp, user ID, and a description of the action/event.
When an existing node is updated, any changed fields are reported.
When a node is created or deleted, the values of all non-empty fields are reported.
Any commands that modify a node are logged.
Note: The certificates used by Connect:Direct Secure Plus are individual files that can be stored anywhere on the system. As a result, the logging feature cannot detect when existing certificate files are modified. Connect:Direct Secure Plus only stores the certificate path name and detects changes to this field only.
Accessing Parameters File Audit Logs
The parameters file audit logs are stored in a dedicated directory, ..\secure+\log. The log file naming convention is SP[YYYY][MM][DD].001 (using local time), and the contents of a log file are limited to a single calendar date. You can view these log files using any text editor. Log files are not deleted by Connect:Direct Secure Plus.
Parameters File Audit Log Entries
|
|
Field Name | Description |
---|---|
Name | Name of the node |
BaseRecord | Name of the base record |
Type | Record type of local, remote, or alias |
Protocol | Enables Connect:Direct Secure Plus protocol |
Override | Enables overriding the current node |
AuthTimeOut | Authentication timeout |
SslTlsTrustedRootCertFile | Pathname to trusted roots file |
SslTlsCertFile | Pathname to key certificate file |
SslTlsCertPassphrase | Key certificate passphrase (masked) |
SslTlsEnableClientAuth | Enable client authentication |
SslTlsCertCommonName | Common name of the remote certificate to verify |
SslTlsEnableCipher | List of SSL/TLS cipher suites |
SslTlsSeaEnable | Enable external authentication |
SslTlsSeaCacheEnable | Enable caching External Authentication Server certificate validation response. |
SeaCacheValidityTime | Time duration during which the local cache entry is valid for certificates |
SeaGraceValidityTime | Number of hours when the local cache entry of certificate expires and External Authentication Server is unavailable such that Connect:Direct Secure Plus can accept it from its cache. |
SeaCertValDef | External authentication validation definition |
SeaHost | External authentication host name |
SeaPort | External Authentication port number |
Parameters File Audit Log Error Reporting
Errors are reported for the following logging functions: open log, write log, and lock log. If an error occurs during one of these functions, an error message is displayed and the application is terminated. The lock function times out after 30 seconds. Typically, Secure+ Admin Tool or the CLI hold the lock for less than one second per update.