CRDP Logging
Logs contain information about the events happening inside your application. Logs can be very helpful when trying to troubleshoot a problem. The CRDP logging framework is designed in such a way that it can be integrated with most of the third-party external loggers such as Splunk and Datadog. The CRDP logs are captured on the console. Users are free to choose any logging agent that works with the containerized solutions. A logging agent fetches the logs from the CRDP console and pushes them to the user configured environment.
CRDP generates two types of logs:
Application logs: Capture implementation level details required by the developer to understand what happened or how the application responded during a specific event. The application logs are printed in text format. Click here to know more.
Audit logs: Capture activities of user. Refer to Audit Logging for details.
Refer to View logs in Kubernetes environment for commands to view logs based on your deployment.
Log Level
Log level specifies the level of logging to be performed by the application. Following table describes the supported log levels with their description. These settings are configurable and can be changed from the CipherTrust Manager UI.
| Log Level | Description |
|---|---|
| INFO | Records error messages, warnings, and informational messages. |
| WARN | Records error messages and warnings. |
| ERROR | Records only error messages. |
| DEBUG | Records diagnostic information. |
Format of Application Log
The log format determines how the contents of a log should be interpreted. Below is the sample of an application log:
time="2023-01-18T08:20:07Z" level=info msg="going to initialize shield"
time="2023-01-18T08:20:07Z" level=info msg="registerClient: Going to register the client"
time="2023-01-18T08:20:07Z" level=info msg="sendRequestToKM sending request to key manager, url: https://localhost:443/api/v1/data-protection/clients, methodType: POST"
time="2023-01-18T08:20:08Z" level=info msg="registerClient: Register the client successfully"
Audit Logs
CRDP writes audit logs that record information about who has accessed the CRDP application and which APIs have been called within a given period of time. Audit logs can be viewed on the console. Audit logs are recorded in JSON format. Audit logs can't be disabled. Audit logs capture details about:
When: Date and time of the transaction.
Where: Name of the application.
Who: Details of user who called the CRDP APIs.
What: What actions were performed by the user.
Result: Status of transaction. In case of a failed transaction, details are added to the log.
Format of Audit Logs
Below are some examples of audit logs.
Audit log for successful protect operation
{
"app_name": "crdp",
"audit": true,
"client_id": "4c009f32-6ee1-4e32-84d1-c496920eb38e",
"endpoint": "/v1/protect",
"method": "POST",
"key_version": "0",
"key_name": "crdp_key",
"protection_policy_name": "crdp_pp",
"protection_policy_version": "1",
"source_ip": "x.x.x.x",
"status": "Success/Error",
"jwt_username": "",
"level": "info",
"msg": "",
"time": "Fri, 14 Jul 2023 07:28:17 +0000"
}
Audit log for successful reveal operation
{
"level": "info",
"time": "Mon, 08 Jul 2024 06:49:38 +0000",
"msg": "",
"access_policy_name": "crdp_ap",
"access_policy_version": "2",
"app_name": "crdp",
"audit": true,
"client_id": "4cf5e81d-da0a-4f47-8ea3-b3d1f558bd6b",
"endpoint": "/v1/reveal",
"jwt_username": "",
"method": "POST",
"protection_policy_name": "crdp_pp",
"protection_policy_version": "1",
"reveal_username": "john",
"source_ip": "10.0.2.15",
"status": "Success"
}
Audit log for successful bulk protect operation
{
"app_name": "crdp",
"audit": true,
"client_id": "4c009f32-6ee1-4e32-84d1-c496920eb38e",
"endpoint": "/v1/protectbulk",
"method": "POST",
"key_version": "0",
"key_name": "crdp_key",
"protection_policy_name": "crdp_pp",
"protection_policy_version": "1",
"source_ip": "x.x.x.x",
"status": "Success/Error",
"jwt_username": "",
"level": "info",
"msg": "",
"time": "Fri, 14 Jul 2023 07:28:17 +0000"
}
Audit log for successful bulk reveal operation
{
"level": "info",
"time": "Mon, 08 Jul 2024 07:02:57 +0000",
"msg": "",
"app_name": "crdp",
"audit": true,
"client_id": "4cf5e81d-da0a-4f47-8ea3-b3d1f558bd6b",
"endpoint": "/v1/revealbulk",
"jwt_username": "",
"method": "POST",
"protection_policy_name": "crdp_pp",
"records_details": [
{
"access_policy_name": "crdp_ap",
"access_policy_version": "2",
"key_name": "",
"key_version": "",
"error": ""
}
],
"reveal_username": "john",
"source_ip": "10.0.2.15",
"status": "Success"
}
Every audit log entry contains the following information:
| Audit log fields | Description |
|---|---|
| AppName | Name of the application to be protected by CRDP. |
| Audit | The AUDIT: true field can be used to filter audit logs from the application logs. |
| ClientID | ID of the client registered on the application. |
| EndPoint | API called by the user. |
| Method | HTTP method. |
| access_policy_name | Name of the access policy associated with the protection policy. |
| access_policy_version | Version of the access policy. |
| key_version | Version of the key used in protect/reveal operation. |
| key_name | Name of the key used for protect/reveal. |
| protection_policy_name | Name of the protection policy used in protect/reveal operation. |
| protection_policy_version | Version of the protection policy used in protect/reveal operation. |
| source_ip | IP address of the request origin. |
| status | Status of the request. Possible options are Success or Error. |
| jwt_username | The user in the JWT authorization token. It includes the sub field for username in the claim. |
| reveal_username | The user for which reveal operation is to be performed. |
| level | Level of logging to be performed. If there is any error, the level is set to error. For successful execution, the level is set to info. |
| msg | Logs any error that occurs at the time of processing APIs. This field will remain blank if there is no error. |
| time | The time (in UTC format) when a particular action was performed. |
