On this Page
Fields
Attribute Name | Type | Description |
---|---|---|
type | String |
Type of event logged by Virtru Private Keystore (for Virtru Solutions) List of available types:
|
req_id |
String |
Unique id of every request, combination of Date and UUID v4 value e. g. 2019-07-29T09:38:31.739Z-409d2f97-c498-4a43-8a74-2a729ceb4520 |
req_ip |
String |
Contains the remote IP address of the request. Note: in example, you could find ::ffff:172.29.0.4 IP address where:::ffff: is a subnet prefix for IPv4 (32 bit) addresses that are placed inside an IPv6 (128 bit) space. |
method | String | Contains a string corresponding to the HTTP method of the request: GET, POST, PUT, and so on. |
url | String | Request URL string. This contains only the URL that is present in the actual HTTP request. |
headers | Object | Response headers in JSON object format |
Log Example
Container | Timestamp | Process Name | Application Name | Message | Comment |
rsyslog_1 | 2019-07-29T09:37:51.404565+00:00 | 38ec916bd769 | rsyslogd | [origin software="rsyslogd" swVersion="8.9.0" x-pid="6" x-info="http://www.rsyslog.com"] start | rsyslog initialization message |
rsyslog_1 | 2019-07-29T09:37:53+00:00 | setup5_haproxy_1.setup5_default | haproxy[1] | Proxy sslproxy started. | haproxy initialization message |
rsyslog_1 | 2019-07-29T09:37:53.782Z | rsyslog | cks[1] | The organization keys refreshing procedure has been started | Message from CKS container, that notify about the start of fetching public keys from a key provider. This keys will be cached and stored for future operations. The cache lifetime is 60 min. by default or until the user will get pub. keys through "GET /pub-keys" |
rsyslog_1 | 2019-07-29T09:37:53.877Z | rsyslog | cks[1] | The organization keys refreshing procedure completed | Message from CKS container, that notify about the finish of operation. |
rsyslog_1 | 2019-07-29T09:37:53.888Z | rsyslog | cks[1] | { type: 'start', message: 'listening on port 9000' } | Message from CKS container, http server was started successfully |
rsyslog_1 | 2019-07-29T09:38:04+00:00 | setup5_haproxy_1.setup5_default | haproxy[6] | 172.29.0.1:34048 [29/Jul/2019:09:38:04.885] sslproxy/1: SSL handshake failure | Message from haprohy, SSL handshake has failed because we use a self-signed or invalid certificate. |
rsyslog_1 | 2019-07-29T09:38:04+00:00 | setup5_haproxy_1.setup5_default | haproxy[6] | 172.29.0.1:34050 [29/Jul/2019:09:38:04.885] sslproxy/1: SSL handshake failure | Message from haprohy, SSL handshake has failed because we use a self-signed or invalid. |
rsyslog_1 | 2019-07-29T09:38:04.916Z | rsyslog | cks[1] | {"type":"access_start","req_id":"2019-07-29T09:38:04.906Z-bb3d5a4a-aee3-4854-ba2a-6bec9b35e315","req_ip":"::ffff:172.29.0.4","method":"GET","url":"/status","urlParsed":{"protocol":null,"slashes":null,"auth":null,"host":null,"port":null,"hostname":null,"hash":null,"search":null,"query":null,"pathname":"/status","path":"/status","href":"/status"},"headers":{"host":"0.0.0.0","cache-control":"max-age=0","upgrade-insecure-requests":"1","user-agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.100 Safari/537.36","accept":"text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3","accept-encoding":"gzip, deflate, br","accept-language":"uk,uk-UA;q=0.9,ru;q=0.8,en-US;q=0.7,en;q=0.6,fr;q=0.5","x-forwarded-proto":"https"}} | CKS shows information about every request that arrives at CKS (method, query, user-agent, URL, etc). In this case, it shows information about "GET /status" request. |
rsyslog_1 | 2019-07-29T09:38:04+00:00 | setup5_haproxy_1.setup5_default | haproxy[6] | 172.29.0.1:34052 [29/Jul/2019:09:38:04.894] sslproxy~ cksserver/server1 0/0/1/34/36 200 325 - - ---- 1/1/0/1/0 0/0 "GET /status HTTP/1.1" | Haproxy show information about request (method, url, protocol) |
rsyslog_1 | 2019-07-29T09:38:04.935Z | rsyslog | cks[1] | {"req_ip":"::ffff:172.29.0.4","req_id":"2019-07-29T09:38:04.906Z-bb3d5a4a-aee3-4854-ba2a-6bec9b35e315","headers": {"host":"0.0.0.0","cache-control":"max-age=0","upgrade-insecure-requests":"1","user-agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.100 Safari/537.36","accept":"text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3","accept-encoding":"gzip, deflate, br","accept-language":"uk,uk-UA;q=0.9,ru;q=0.8,en-US;q=0.7,en;q=0.6,fr;q=0.5","x-forwarded-proto":"https"},"method":"GET","url":"/status","http_v":"1.1","res_status":"200","res_bytes":"36","referrer":"-","req_ms":"13.663","type":"access"} | Same as above but with information about the response (status, request time, response size, etc) |
rsyslog_1 | 2019-07-29T09:38:31.651Z | rsyslog | cks[1] | {"type":"access_start","req_id":"2019-07-29T09:38:31.650Z-bdc93d9f-386c-4d76-ab66-a4e0c32db070","req_ip":"::ffff:172.29.0.4","method":"GET","url":"/public-keys","urlParsed":{"protocol":null,"slashes":null,"auth":null,"host":null,"port":null,"hostname":null,"hash":null,"search":null,"query":null,"pathname":"/public-keys","path":"/public-keys","href":"/public-keys"},"headers":{"content-type":"application/json","host":"https://0.0.0.0","x-auth-signedheaders":"content-type","authorization":"HMAC test-token@tokens.company.com:f62bb68c89a4c168d81aa626b04b87344525de9caab776926fd6fe8a0cfcc213","connection":"close","x-forwarded-proto":"https"}} | CKS show information about "GET /public-keys" request |
rsyslog_1 | 2019-07-29T09:38:31.661Z | rsyslog | cks[1] | The organization keys refreshing procedure has been started | Was mentioned above |
rsyslog_1 | 2019-07-29T09:38:31.676Z | rsyslog | cks[1] | The organization keys refreshing procedure completed | Was mentioned above |
rsyslog_1 | 2019-07-29T09:38:31+00:00 | setup5_haproxy_1.setup5_default | haproxy[6] | 172.29.0.1:34056 [29/Jul/2019:09:38:31.647] sslproxy~ cksserver/server1 0/0/1/30/31 200 835 - - ---- 1/1/0/0/0 0/0 "GET /public-keys HTTP/1.1" | Haproxy show information about request (method, url, protocol) |
rsyslog_1 | 2019-07-29T09:38:31.680Z | rsyslog | cks[1] | {"req_ip":"::ffff:172.29.0.4","req_id":"2019-07-29T09:38:31.650Z-bdc93d9f-356c-4d76-ab66-a4d0c32db070","headers": {"content-type":"application/json","host":"https://0.0.0.0","x-auth-signedheaders":"content-type","connection":"close","x-forwarded-proto":"https","authorization":"HMAC test-token@tokens.company.com:f62bb68c89a4c168d81aa626b04b87344525de9caab776926fd6fe8a0cfcc213"},"method":"GET","url":"/public-keys","http_v":"1.1","res_status":"200","res_bytes":"549","referrer":"-","req_ms":"27.469","type":"access"} | CKS show information about "GET /public-keys" response |
rsyslog_1 | 2019-07-29T09:38:31.739Z | rsyslog | cks[1] | {"type":"access_start","req_id":"2019-07-29T09:38:31.739Z-409d2f97-c498-4a43-8a74-2a729ceb4520","req_ip":"::ffff:172.29.0.4","method":"POST","url":"/rewrap","urlParsed":{"protocol":null,"slashes":null,"auth":null,"host":null,"port":null,"hostname":null,"hash":null,"search":null,"query":null,"pathname":"/rewrap","path":"/rewrap","href":"/rewrap"},"headers":{"content-length":"952","content-type":"application/json","authorization":"HMAC test-token@tokens.company.com:004c52e8210cf5cf06a954ddd144006abf75d78c505d9dbdd955666dc9179f41","x-auth-signedheaders":"content-type","host":"0.0.0.0","user-agent":"ApacheBench/2.3","accept":"*/*","x-forwarded-proto":"https"}} | CKS show information about "POST /rewrap" request |
rsyslog_1 | 2019-07-29T09:38:31.785Z | rsyslog | cks[1] | {"type":"rewrap","req_id":"2019-07-29T09:38:31.739Z-409d2f97-c468-4a43-8a74-2a729ceb4520","req_ip":"::ffff:172.29.0.4","method":"POST","url":"/rewrap","urlParsed":{"protocol":null,"slashes":null,"auth":null,"host":null,"port":null,"hostname":null,"hash":null,"search":null,"query":null,"pathname":"/rewrap","path":"/rewrap","href":"/rewrap"},"user_id":"foo@example.com","request_public_key":{"type":"rsa","payload":"-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCA…\n-----END PUBLIC KEY-----\n"},"request_public_key_fingerprint":"invalid_public_key","local_public_key_fingerprint":"mMxpfbYtq6ZRDgponD3uCpY_KwqAmJJeeNqGLHwngqI"} | CKS show "POST /rewrap" request body |
rsyslog_1 | 2019-07-29T09:38:31+00:00 | setup5_haproxy_1.setup5_default | haproxy[6] | 172.29.0.1:34060 [29/Jul/2019:09:38:31.737] sslproxy~ cksserver/server1 0/0/1/52/53 200 651 - - ---- 1/1/0/0/0 0/0 "POST /rewrap HTTP/1.0" | Haproxy show information about request (method, url, protocol) |
rsyslog_1 | 2019-07-29T09:38:31.791Z | rsyslog | cks[1] | {"req_ip":"::ffff:172.29.0.4","req_id":"2019-07-29T09:38:31.739Z-409d2f97-c468-4a43-8a74-2a729ceb4520","headers": {"content-length":"952","content-type":"application/json","x-auth-signedheaders":"content-type","host":"0.0.0.0","user-agent":"ApacheBench/2.3","accept":"*/*","x-forwarded-proto":"https","authorization":"HMAC test-token@tokens.company.com:004c52e8210cf5cf06a954ddd144006abf75d78c505d9dbdd955666dc9179f41"},"method":"POST","url":"/rewrap","http_v":"1.0","res_status":"200","res_bytes":"365","referrer":"-","req_ms":"50.618","type":"access"} | CKS show information about "POST /rewrap" response |