Logging in Nexus Timestamp Server

This article describes the format for logging in Nexus Timestamp Server.

By default, Nexus Timestamp Server logs to one main log, and one audit log per timestamp service.

The main log mainly logs error conditions that might need administrator attention, startup and shutdown information as well as debugging entries. See Log settings in Nexus Timestamp Server for how to control different log levels etc.

The audit log logs important timestamp events specific to a certain timestamp service.

Log files location

By default, log files reside under the directory <var>/logs/<year>-<month>- <day>/, where

<year> is a two-digit year indication
<month> is a two digit month indication
<day> is a day-in-month indication

Log files are rotated once a day.

It is recommended that rotated log files (that is, log files no longer active) are deleted or moved to another disk on a regular basis in order to avoid server disk exhaustion.

The main log

Name

The main log is named timestamp.log.

Format

Each log entry is formatted as follows:

Log entry in main log

<date>T<time><timezone> <loglevel>: <message>

See this table for a description of the fields:

Field	Description
`<date>`	The date format is YYYY-MM-DD.
`<time>`	The time format is hh:mm:ss.ms.
`<timezone>`	Offset compared to UTC, for example, +0200.
`<loglevel>`	The entry level. One of SEVERE, WARNING, INFO, FINE, FINER or FINEST. See Log settings in Nexus Timestamp Server for more details.
`<message>`	The log message. When an error occurs and an error code is sent to the application, a corresponding ERROR level entry will be appended to the log. Such an entry will be prefixed with “`Code: <error code>`.”, where `<error code>` is the same error code number as sent to the application.

Entry messages on level SEVERE, WARNING and INFO are single row messages whereas FINE, FINER or FINEST messages might be multiple row messages.

Example

Example of a main log entry:

Example: Main log entry

2020-10-10T14:13:19.800+0200 NEGATIVE: Code: 200. Internal server error

List of error codes

Error code		Explanation
	100	RESULT OK
	101	RESULT VALIDATION
Internal server error codes	200	INTERNAL ERROR
Internal server error codes	201	CONFIG ERROR
Certificate error codes	210	CERTIFICATE EXPIRED
	211	CERTIFICATE SIGNATUREINVALID
	212	CA ERROR
	213	CERTIFICATE REVOKED
	214	ISSUER UNKNOWN
	215	CERTIFICATE MISSING
	216	CERTIFICATE NOT YET VALID
Timestamp decode/encode error codes	230	TIMESTAMP DECODING ERROR
Timestamp decode/encode error codes	231	TIMESTAMP FILE READ ERROR
NTP manager exception error codes	300	NTP GENERAL ERROR
	301	NTP NO REFERENCE CLOCK
	302	NTP NO TIMESTAMP CLOCK

Audit log format

The audit logs are row oriented, which means that every log entry is contained in one single row. Every timestamp service has its own audit log.

Each row is formatted as follows:

Log entry in audit log

<date>T<time><timezone> <level>: <tId> <sId> <operation> <who> <message> <hLn> <hCh>

See this table for a description of the fields:

Field	Description
`<date>`	The date format is YYYY-MM-DD
`<time>`	The time format is hh:mm:ss.ms
`<timezone>`	Offset compared to UTC, e.g. +0200
`<level>`	Always INFO
`<tId>`	Formatted as `TId: <transactionId>`, where `transactionId` is a hex number identifying the transaction. Several log entries belonging to the same transaction are grouped together using the transaction ID.
`<sId>`	Formatted as `SId: <serviceId>`, where `serviceId` is the name of the current service.
`<operation>`	Should be `Create Timestamp` or failure if the operation could not be determined due to an error.
`<who>`	Who is using this. If nobody is authenticated it will be presenting `Unknown`.
`<message>`	The actual log message.
`<hLn>`	The hash of this audit line. SHA-1 is used and the hash is calculated from the information of `tId`, `sId`, `operation`, `who`, and `message` fields.
`<hCh>`	The hash of this and previous audit line. SHA-1 is used and the hash is calculated from the data of the previous line hashvalue (`hLn`) and this line hashvalue (`hLn`).

There is a terminal-based tool (called Verify Audit File) included in the Nexus Timestamp Server installation used to verify that the hashline and hash chain are correct. The tool uses a file as input and verifies it. The file can be a part of an audit log or the whole file.

Enter this command in the command line:

VerifyAuditFile audit.txt

The tool will return OK or a message saying which line that is not correct depending on the input file.