Audit and Logging

CASPClosedUnbound’s Crypto Asset Security Platform (“CASP”) provides the advanced technology and the architecture to secure crypto asset transactions. and CORE have log files to help monitor the system status and operations.

CASP Log Files

CASPClosedUnbound’s Crypto Asset Security Platform (“CASP”) provides the advanced technology and the architecture to secure crypto asset transactions. has two log files, casp.log and casp-trace.log.

casp.log

casp-trace.log

Note
This file is only created if you enable trace logging as described in Configure Log4j.

CASP Built-in Wallet Logs

The CASPClosedUnbound’s Crypto Asset Security Platform (“CASP”) provides the advanced technology and the architecture to secure crypto asset transactions. built-in wallets have their own associated log files. These log files use the winston framework for logging.

Three log transports are supported, which can be configured in config/production.yaml:

  • DailyRotateFile - daily rotated file. Turned on by default. The log file is stored in /var/log/unbound/wallets. The log file is configured in config/production.yaml, which has these parameters (along with sample data):

    • level: info

    • dirname: '/var/log/unbound/wallets'

    • filename: 'wallets-%DATE%.log'

    • datePattern: 'YYYY-MM-DD-HH'

    • zippedArchive: true

    • maxSize: '20m'

    • maxFiles: '14d'

    • options:

    • mode: 0640

    Descriptions of the configuration parameters can be found in the DailyRotateFile documentation.

    Note
    Over time, you may have many log files in the output directory. To view the latest one, you can use a command such as:
    tail -f $(ls -t *.log | head -1)

  • console - turned off by default.
  • file - single log file. Turned off by default.

Configure Log4j

If you want to enable trace logging:

  1. Edit /etc/unbound/log4j/casp.xml.
  2. Find the following line:

    3. <Logger name="TRACE" additivity="false" level="off">

  3. Change it to:

    4. <Logger name="TRACE" additivity="false" level="debug">

Connecting CASP to Syslog

CASPClosedUnbound’s Crypto Asset Security Platform (“CASP”) provides the advanced technology and the architecture to secure crypto asset transactions. logs can be forwarded to a specified syslog server for further analysis.

To forward CASPClosedUnbound’s Crypto Asset Security Platform (“CASP”) provides the advanced technology and the architecture to secure crypto asset transactions. logs to a syslog server, perform the following steps on the CASPClosedUnbound’s Crypto Asset Security Platform (“CASP”) provides the advanced technology and the architecture to secure crypto asset transactions. server:

  1. Obtain the following info regarding the syslog server:

    • The hostname/IP address of the syslog server.
    • The type of IP protocol used to deliver the messages (UDP/TCP).
    • The syslog service port number.

    Troubleshooting
    To check that the connection is not blocked, telnet to the designated destination/port. For example, telnet syslog.server.ip 514.

  2. Locate and open the log4j.xml file (refer to Configure Log4j) and add the following line before the </Appenders> tag:

    <Syslog name="log" host="syslog.server.ip" protocol="TCP" port="514" newLine="true"/>

    The following is an example of the complete file log4j file:

    <?xml version="1.0" encoding="UTF-8" ?>

<Configuration status="warn" name="CASP" packages="">
    <Properties>
        <Property name="baseDir">/var/log/unbound</Property>
    </Properties>
    <Appenders>
        <RollingFile name="log" fileName="${baseDir}/casp.log"
                     filePattern="${baseDir}/$${date:yyyy-MM}/casp.%d{yyyy-MM-dd}.log.gz">
            <PatternLayout pattern="%d %-5level %m %throwable %n"/>
            <CronTriggeringPolicy schedule="0 0 0 * * ?"/>
            <DefaultRolloverStrategy>
                <Delete basePath="${baseDir}" maxDepth="2">
                    <IfFileName glob="*/casp.*.log.gz"/>
                    <IfLastModified age="60d"/>
                </Delete>
            </DefaultRolloverStrategy>
        </RollingFile>

        <Syslog name="log" host="syslog.server.ip" protocol="TCP" port="514" newLine="true"/>
    </Appenders>

    <Loggers>
        <Logger name="AUDIT" additivity="false" level="info">
            <AppenderRef ref="log"/>
        </Logger>

    </Loggers>
</Configuration>

    Note
    The name field must match the corresponding ref name, such as: <AppenderRef ref="log">

  3. Replace the syslog.server.ip string with the syslog server IP address or hostname.

  4. As needed, change the default protocol (TCP) and the default port (514).

  5. Restart CASPClosedUnbound’s Crypto Asset Security Platform (“CASP”) provides the advanced technology and the architecture to secure crypto asset transactions., which is with this command:

    sudo service casp.tomcat restart

  6. Check that the syslog server captures the log message generated during the CASPClosedUnbound’s Crypto Asset Security Platform (“CASP”) provides the advanced technology and the architecture to secure crypto asset transactions. restart.

    Tip

    By default, a syslog server uses the /var/log/messages file to store logs.

CORE Log Files

Descriptions of the log files for CORE can be found in the CORE Maintenance Guide.

Troubleshooting Audit Logs

500 Error

If you try and verify an audit log and receive a 500 error, it may be due to a problem with a table in the database. Audit verification can be done through these methods:

The response is similar to the following error:

{
"type": "/mng/errors/data-verification-failed",
"title": "Validation of audit data failed",
"details": "Row 24 verification failed",
"status": 500
}

This issue can be fixed, either for all audit logs or for a specific type of audit log.

Note
It is recommended to backup the database before running the following procedure.

To reset all audit data:

  1. Remove all audit data by running these commands on the database.

    2. delete from casp_audit_signs;
    delete from casp_audit_pools;
    delete from casp_audit_accounts;
    delete from casp_audit_trusted_systems;
    delete from casp_audit_users;
    delete from casp_audit_vaults;
    delete from casp_audit_data_collectors;

  2. Run casp_delete_ukc_secrets utility, found in the casp-service/bin directory. On success, you see:

    Deleting CASP audit secrets from UKC succeeded

  3. Restart the CASPClosedUnbound’s Crypto Asset Security Platform (“CASP”) provides the advanced technology and the architecture to secure crypto asset transactions. server.

To reset audit data for a specific type of log, such as accounts:

  1. Remove the audit data by running the command below on the database, corresponding to the type of log.

    2. delete from casp_audit_signs;
    delete from casp_audit_pools;
    delete from casp_audit_accounts;
    delete from casp_audit_trusted_systems;
    delete from casp_audit_users;
    delete from casp_audit_vaults;
    delete from casp_audit_data_collectors;

  2. Log into the CORE user interface.

  3. Access the Secrets screen.

  4. Delete the two secrets (first-parent-hash and last-hash) corresponding to the type of log that you are resetting. Secret names are in this format:

    casp-audit-<LOG TYPE>-first-parent-hash
    casp-audit-<LOG TYPE>-last-hash

  5. Restart the CASPClosedUnbound’s Crypto Asset Security Platform (“CASP”) provides the advanced technology and the architecture to secure crypto asset transactions. server.