The audit logs are row oriented, which means that every log entry is contained in one single row. Every timestamp service has its own audit log.
Each row is formatted as follows:
Log entry in audit log
<date>T<time><timezone> <level>: <tId> <sId> <operation> <who> <message> <hLn> <hCh>
See this table for a description of the fields:
Field | Description |
---|
<date> | The date format is YYYY-MM-DD |
<time> | The time format is hh:mm:ss.ms |
<timezone> | Offset compared to UTC, e.g. +0200 |
<level> | Always INFO |
<tId> | Formatted as TId: <transactionId> , where transactionId is a hex number identifying the transaction. Several log entries belonging to the same transaction are grouped together using the transaction ID. |
<sId> | Formatted as SId: <serviceId> , where serviceId is the name of the current service. |
<operation> | Should be Create Timestamp or failure if the operation could not be determined due to an error. |
<who> | Who is using this. If nobody is authenticated it will be presenting Unknown . |
<message> | The actual log message. |
<hLn> | The hash of this audit line. SHA-1 is used and the hash is calculated from the information of tId , sId , operation , who , and message fields. |
<hCh> | The hash of this and previous audit line. SHA-1 is used and the hash is calculated from the data of the previous line hashvalue (hLn ) and this line hashvalue (hLn ). |
There is a terminal-based tool (called Verify Audit File) included in the Nexus Timestamp Server installation used to verify that the hashline and hash chain are correct. The tool uses a file as input and verifies it. The file can be a part of an audit log or the whole file.
Enter this command in the command line:
VerifyAuditFile audit.txt
The tool will return OK or a message saying which line that is not correct depending on the input file.