Worker Log

Worker Loggers log each transaction handled by a worker and can be configured per worker.

By default, the worker logger AllFieldsWorkerLogger is used, which logs all the available fields one after another, separated by semi colons.

To configure the Worker Logger, set the WORKERLOGGER property to the full class name of the IWorkerLogger implementation in the respective worker configuration.

AllFieldsWorkerLogger

The default worker logger for most workers. Can be used during testing to find which fields a worker logs, and may then be changed to the PatternWorkerLogger to only log fields that are of interest.

The LOGLEVEL_DEFAULT sets the level of the log output. The log levels are specified as the standard Log4J levels (FATAL, ERROR, WARNING, INFO, DEBUG, and TRACE) and default to the log level INFO if not set.

WORKERLOGGER=org.signserver.server.log.AllFieldsWorkerLogger
LOGLEVEL_DEFAULT=INFO

SecurityEventsWorkerLogger

The SecurityEventsWorkerLogger worker logger uses the CESeCore security events logger and includes all fields in the additionalDetails fields in the audit log, except for the worker ID, which is mapped to searchDetail2.

The properties LOGINCLUDEFIELDS and LOGEXCLUDEFIELDS can be used to restrict the fields included in additionalDetails by explicitly setting a comma-separated list of field names.

Note that only one of these options can be set at a time.

WORKERLOGGER=org.signserver.server.log.SecurityEventsWorkerLogger

PatternWorkerLogger

The LOGLEVEL_DEFAULT property has the same behavior as the AllFieldsWorkerLogger.

WORKERLOGGER=org.signserver.server.log.PatternWorkerLogger
LOGTIMEZONE=GMT
LOGDATEFORMAT=yyyy-MM-dd:HH:mm:ss:z
LOGPATTERN=\$\{(.+?)\}
LOGORDER=AUDIT; LOG_ID: ${LOG_ID}; CLIENT_IP: ${CLIENT_IP}; REQUEST_FULLURL: ${REQUEST_FULLURL}; RequestTime: ${LOG_TIME}; ResponseTime: ${REPLY_TIME}; EXCEPTION: ${EXCEPTION};
LOGLEVEL_DEFAULT=INFO

DefaultTimeStampLogger

Pattern logger with a default log order suitable for logging time-stamp requests. This logger is the default logger used by the TimeStampSigner.

WORKERLOGGER=org.signserver.module.tsa.DefaultTimeStampLogger

NullWorkerLogger

Worker logger that does not log anything.

WORKERLOGGER=org.signserver.server.log.NullWorkerLogger

CustomTimeStampLogger1

WORKERLOGGER=org.signserver.module.tsa.CustomTimeStampLogger1

FileWorkerLogger

Worker logger that writes the log values to a worker-specific log file. This logger logs all fields, similar to the AllFieldsWorkerLogger, and is mainly intended for use by unit tests, and is not thread safe.

WORKERLOGGER=org.signserver.server.log.FileWorkerLogger
LOG_FILE_PATH=/path/to/logfile

Available Log Fields

The following lists some of the available log fields and is not a complete listing of all log events.

Generic

PROCESS_SUCCESS

Contains the value "true" if the request succeeded.

WORKER_ID

ID of the worker that processed the request.

REQUEST_ID

ID of the request (usually a random number).

LOG_ID

A longer ID for the request (random number with dashes).

EXCEPTION

Included only in case of a failure processing the request and in that case could contain an error message.

Signers

CRYPTOTOKEN

Name of the associated crypto worker which held the crypto token used when processing the request.

Other

XCUSTOM1

Included if the HTTP request header X-SignServer-Custom-1 is specified.