Document toolboxDocument toolbox

Nexus Documentation
CURL vulnerability information (CVE-2023-38545) - Nexus awareness advisory on Microsoft's update KB5014754

Logging in Nexus Timestamp Server

Owned by Ann Base (Deactivated)
Last updated: May 31, 2024 by Ylva AnderssonVersion comment
3 min read

This article includes updates for Nexus Timestamp Server 2.3.0.

This article describes the format for logging in Nexus Timestamp Server.

By default, Nexus Timestamp Server logs to one main log, and one audit log per timestamp service.

  • The main log mainly logs error conditions that might need administrator attention, startup and shutdown information as well as debugging entries. See Log settings in Nexus Timestamp Server for how to control different log levels etc.

  • The audit log logs important timestamp events specific to a certain timestamp service.

Log files location

By default, log files reside under the directory <var>/logs/<year>-<month>- <day>/, where

  • <year> is a two-digit year indication

  • <month> is a two digit month indication

  • <day> is a day-in-month indication

Log files are rotated once a day.

It is recommended that rotated log files (that is, log files no longer active) are deleted or moved to another disk on a regular basis in order to avoid server disk exhaustion.

The main log

Name

The main log is named timestamp.log.

Format

Each log entry is formatted as follows:

Log entry in main log

Log entry in main log

<date>T<time><timezone> <loglevel>: <message>

See this table for a description of the fields:

Field

Description

Field

Description

<date>

The date format is YYYY-MM-DD.

<time>

The time format is hh:mm:ss.ms.

<timezone>

Offset compared to UTC, for example, +0200.

<loglevel>

The entry level. One of SEVERE, WARNING, INFO, FINE, FINER or FINEST. See Log settings in Nexus Timestamp Server for more details.

<message>

The log message. When an error occurs and an error code is sent to the application, a corresponding ERROR level entry will be appended to the log. Such an entry will be prefixed with “Code: <error code>.”, where <error code> is the same error code number as sent to the application.

Entry messages on level SEVERE, WARNING and INFO are single row messages whereas FINE, FINER or FINEST messages might be multiple row messages.

Example

Example of a main log entry:

Example: Main log entry

Example: Main log entry

2020-10-10T14:13:19.800+0200 NEGATIVE: Code: 200. Internal server error

List of error codes

Error code

 

Explanation

Error code

 

Explanation

 

100

RESULT OK

 

101

RESULT VALIDATION

Internal server error codes

200

INTERNAL ERROR

201

CONFIG ERROR

Certificate error codes

 

 

 

 

 

210

CERTIFICATE EXPIRED

211

CERTIFICATE SIGNATUREINVALID

212

CA ERROR

213

CERTIFICATE REVOKED

214

ISSUER UNKNOWN

215

CERTIFICATE MISSING

216

CERTIFICATE NOT YET VALID

Timestamp decode/encode error codes

230

TIMESTAMP DECODING ERROR

231

TIMESTAMP FILE READ ERROR

NTP manager exception error codes

300

NTP GENERAL ERROR

301

NTP NO REFERENCE CLOCK

302

NTP NO TIMESTAMP CLOCK

Audit log format

The audit logs are row oriented, which means that every log entry is contained in one single row. Every timestamp service has its own audit log.

Each row is formatted as follows:

Log entry in audit log

Log entry in audit log

<date>T<time><timezone> <level>: <tId> <sId> <operation> <who> <ipaddress> <message> <hLn> <hCh>

See this table for a description of the fields:

Field

Description

Field

Description

<date>

The date format is YYYY-MM-DD

<time>

The time format is hh:mm:ss.ms

<timezone>

Offset compared to UTC, e.g. +0200

<level>

Always INFO

<tId>

Formatted as TId: <transactionId>, where transactionId is a hex number identifying the transaction. Several log entries belonging to the same transaction are grouped together using the transaction ID.

<sId> 

Formatted as SId: <serviceId>, where serviceId is the name of the current service.

<operation>

Should be Create Timestamp or failure if the operation could not be determined due to an error.

<who>

Who is using this. If nobody is authenticated it will be presenting Unknown.

<ipaddress>

Represents the client IP address.

<message>

The actual log message.

<hLn>

The hash of this audit line. SHA-1 is used and the hash is calculated from the information of tId, sId, operation, who, and message fields.

<hCh> 

The hash of this and previous audit line. SHA-1 is used and the hash is calculated from the data of the previous line hashvalue (hLn) and this line hashvalue (hLn).

There is a terminal-based tool (called Verify Audit File) included in the Nexus Timestamp Server installation used to verify that the hashline and hash chain are correct. The tool uses a file as input and verifies it. The file can be a part of an audit log or the whole file.

Enter this command in the command line:

VerifyAuditFile audit.txt

The tool will return OK or a message saying which line that is not correct depending on the input file.

Copyright 2024 Technology Nexus Secured Business Solutions AB. All rights reserved.
Contact Nexus | https://www.nexusgroup.com | Disclaimer | Terms & Conditions