vSEC:CMS Transaction Logs

Ellen Thoren - Versasec
Ellen Thoren - Versasec
  • Updated

Introduction

vSEC:CMS logs all operations performed when managing credentials. This article will describe some of the more common transactions logged which can be useful when performing audits and troubleshooting issues in relation to a credential.

Understanding Credential Logs

The best way to understand and see the history for the lifecycle operations performed on a managed credential is to select a credential from Repository - Smart Cards. Once selected then you should click the Trans. Log(s) button. This will open the entire transaction log history for the selected credential.

Entries will be written from most recent action performed top to bottom, with the oldest performed operation being at the bottom. The actions performed will be timestamped with an internal ID for the record entry and Trans Log ID for the actual record ID in the transaction log table.

The Operator column will show which operator performed the action.  There maybe empty entries in this column since some actions are internally performed by the system which are therefore empty entries in this case.

The Comment column will provide short information on what was performed. This information is relatively self-explanatory. However, when you see the entry where it refers to Admin authorization requested, which has different meanings. This is when an administration operation was performed on the credential. The values (in the Data column) can be:

  • 0: This is when an internal administration operation needs to be performed on a managed credential;
  • 1: This is when a PIN unblock administration operation is performed by an operator on a managed credential;
  • 2: This is when a managed credential is updated by an operator;
  • 3: This is when an end user performs an online PIN unblock via the vSEC:CMS User application;
  • 4: This is when a managed credential is updated by an end user via vSEC:CMS User application. 

The Data column provides more details on what was performed inside the actual action.

The CSN column contains the serial number of the credential that the operation was performed on.

Below we provide sample transaction logs for some of the more common operations performed when managing credentials within vSEC:CMS.

Central Issuance

Below is a typical sample of transaction logs captured when an operator performs a credential issuance from the Admin or Agent application. In this flow a credential is issued with one certificate, a PIN policy is applied and at the end of the flow the credential PIN is in a blocked state. This is what is referred to as an Issued credential.

Untitled.png

Central Activation

Below is a typical sample of transaction logs captured when an operator performs a credential activation from the Admin or Agent application, i.e. the credential is put into an Active state. In this flow the person who the credential is issued to is present with the operator and will perform setting a PIN on the credential. Once the operation is complete the credential will be Initiated

Untitled.png

Central PIN Unblock

Below is a typical sample of transaction logs captured when an operator performs a credential PIN unblock from the Admin or Agent application. In this flow the person who the credential is issued to is present with the operator and will perform unblocking the PIN on the credential.

Untitled.png

Central Certificate Reissuance

Below is a typical sample of transaction logs captured when an operator performs a certificate reissuance  from the Admin or Agent application. In this flow the person who the credential is issued to is normally present with the operator.

Untitled.png

Central Credential Retire

Below is a typical sample of transaction logs captured when an operator performs a retire of a credential  from the Admin or Agent application.

Untitled.png

Credential Delete

Below is a typical sample of transaction logs captured when an operator deletes a credential  from the Admin or Agent application.

Untitled.png

Credential Issuance from vSEC:CMS User

Below is a typical sample of transaction logs captured when an end user performs a credential issuance from the vSEC:CMS User application. In this flow a credential is issued with one certificate, a PIN policy is applied and at the end of the flow the end user sets a PIN.

Untitled.png

Online PIN Unblock

Below is a typical sample of transaction logs captured when an end user performs an online PIN reset from the vSEC:CMS User application.

Untitled.png

Offline PIN Unblock

Below is a typical sample of transaction logs captured when an end user performs an offline PIN reset (commonly referred to as challenge/response) from the vSEC:CMS User application.

Untitled.png

Self-Service Certificate Reissuance

Below is a typical sample of transaction logs captured when an end user performs a certificate reissuance  from the vSEC:CMS User application.

Untitled.png

Credential Update

Below is a typical sample of transaction logs captured when a user is moved to a different credential template which triggers a credential update. The credential update in this case is performed through the vSEC:CMS User application. 

Untitled.png