Worker Log

Worker Loggers log each transaction handled by a worker and can be configured per worker.

By default, the All Fields Worker Logger is used, which logs all the available fields one after another, separated by semicolons.

To configure the Worker Logger, set the WORKERLOGGER property to the fully qualified class name of the Worker Logger implementation in the respective worker configuration.

All Fields Worker Logger

The All Fields Worker Logger is the default worker logger for most Workers.

Fully qualified class name: org.signserver.server.log.AllFieldsWorkerLogger

The All Fields Worker Logger be used during testing to find which fields a Worker logs, and may then be changed to the Pattern Worker Logger to only log fields that are of interest.

The LOGLEVEL_DEFAULT sets the level of the log output. The log levels are specified as the standard Log4j levels (FATAL, ERROR, WARNING, INFO, DEBUG, and TRACE) and default to the log level INFO if not set.

Example Configuration

WORKERLOGGER=org.signserver.server.log.AllFieldsWorkerLogger
LOGLEVEL_DEFAULT=INFO

Security Events Worker Logger

The Security Events Worker Logger uses the CESeCore Security Events Log and includes all fields in the additionalDetails fields in the audit log, except for the worker ID, which is mapped to searchDetail2. See CESeCore Security Events Log.

Fully qualified class name: org.signserver.server.log.SecurityEventsWorkerLogger

The properties LOGINCLUDEFIELDS and LOGEXCLUDEFIELDS can be used to restrict the fields included in additionalDetails by explicitly setting a comma-separated list of field names.

Example Configurations

WORKERLOGGER=org.signserver.server.log.SecurityEventsWorkerLogger
LOGINCLUDEFIELDS=PROCESS_SUCCESS,WORKER_NAME,CLIENT_IP,XFORWARDEDFOR,CLIENT_AUTHORIZED,AUTHORIZED_USERNAME,REQUEST_LENGTH,EXCEPTION

WORKERLOGGER=org.signserver.server.log.SecurityEventsWorkerLogger
LOGEXCLUDEFIELDS=RESPONSE_ENCODED,SIGNER_CERT_ISSUERDN

Pattern Worker Logger

The LOGLEVEL_DEFAULT property has the same behavior as the All Fields Worker Logger.

Fully qualified class name: org.signserver.server.log.PatternWorkerLogger

WORKERLOGGER=org.signserver.server.log.PatternWorkerLogger
LOGTIMEZONE=GMT
LOGDATEFORMAT=yyyy-MM-dd:HH:mm:ss:z
LOGPATTERN=\$\{(.+?)\}
LOGORDER=AUDIT; LOG_ID: ${LOG_ID}; CLIENT_IP: ${CLIENT_IP}; REQUEST_FULLURL: ${REQUEST_FULLURL}; RequestTime: ${LOG_TIME}; ResponseTime: ${REPLY_TIME}; EXCEPTION: ${EXCEPTION};
LOGLEVEL_DEFAULT=INFO

Default Timestamp Logger

Pattern logger with a default log order suitable for logging timestamp requests. This logger is the default logger used by the Timestamp Signer.

Fully qualified class name: org.signserver.module.tsa.DefaultTimeStampLogger

Custom Timestamp Logger 1

Worker logger that customizes the logging behavior for Time Stamping Authority (TSA) requests and responses, allowing for tailored audit logs.

Fully qualified class name: org.signserver.module.tsa.CustomTimeStampLogger1

File Worker Logger

Worker logger that writes the log values to a worker-specific log file.

Fully qualified class name: org.signserver.server.log.FileWorkerLogger

This logger logs all fields, similar to the AllFieldsWorkerLogger, and is mainly intended for use by unit tests, and is not thread safe.

Example Configuration

WORKERLOGGER=org.signserver.server.log.FileWorkerLogger
LOG_FILE_PATH=/path/to/logfile

Null Worker Logger

Worker logger that does not log anything.

Fully qualified class name: org.signserver.server.log.NullWorkerLogger

Available Log Fields

The following lists some of the available log fields and is not a complete listing of all log events.