Administrator History Logs
Most tokenization and detokenization log messages are in the file tokenization.log. You can get this via web download with credentials from the file tokenization.log.
Example:
https://ctshost.vormetric.com/log/tokenization.log
These log messages also go to the syslog with the facility code daemon.
Other log files:
django.request.log- Logs any user request coming from the CipherTrust Vaultless Tokenization Server GUI.uwsgi_cts.log- Debug log.clish.log- CLI activities and events.
Note
Log data added by the server or server framework are not included in the log files.
View the CipherTrust Vaultless Tokenization Server logs by clicking the Logs icon in the CipherTrust Vaultless Tokenization Server GUI. (Audit log messages also go to the syslog with the facility code user).
From here you can:
View audit logs, access logs (login and logout attempts), active sessions, locked accounts, and server CPU usage.
Export the logs.
Viewing Audit Logs
To view the audit logs:
Log in to the CT-VL GUI.
Click Logs in the navigation pane.
Click the Audit Logs tab.
Details are shown for each audited event, including:
Date specifies when the event occurred.
User is the CipherTrust Vaultless Tokenization Server user.
Content Type is the database table that was modified. Tenant involves Group Tokens, Key is encryption keys, user is for users, groups for groups, and so on.
Object Name is the specific database object that was created or changed.
Modification is the action that was performed.
Viewing Access Logs
The access log shows information about all attempts to log in to the server, and all logouts from it. The related informaiton includes the access time, the IP address, username, and user agent (typically, a web browser). By default, all login attempts are listed, but the list can be filtered (by Status) to show only successful or only failed attempts.
To view the access logs:
Log in to the CT-VL GUI.
Navigate to Logs.
Click the Access Logs tab.
Filter the listed results with the Type menu. When viewing the Logins access type, use the additional Status pull-down menu to filter by Successful or Failed login attempts.
Downloading (Export) Access or Audit Logs
To download the history logs for an administrator:
Log in to the CT-VL GUI.
Navigate to Logs.
Click the Audit Logs or Access Logs tab.
Click the Export button for the Audit or Access Logs.
Showing Active Sessions
To see a list of active sessions of users currently logged in to the server:
Log in to the CT-VL GUI.
Click Logs in the navigation pane.
Click the Active Session tab.
To end a user’s session on the GUI, click the End Session button in the row for that user.
Showing Locked Accounts
If a user fails to enter valid credentials more than five times, the user is locked from accessing the CT-VL for 15 minutes. View the details of locked accounts, including when the lock was activated and when it was released. Superusers can unlock an account before the 15 minute time limit is completed.
To view and manage locked accounts:
Log in to the CT-VL GUI.
Click Logs in the navigation pane.
Click the Locked Accounts tab.
Unlock an account by clicking Unlock in the row of the desired user.
System Logging
Audit log messages go to the syslog with the facility code user.
tokenization.log messages go to the syslog with the facility code daemon.
CLI log messages go to the syslog with the facility code local3.
Configuring Syslog Servers
Configure remote syslog servers with the CLI, with the command under the CT-VL category. You can also set up multiple syslog servers with this command, with the --add and --remove commands.
The remotelog command has utilities to check the connection status to the servers, and to send a sample log message to them.
