iTP Secure WebServer System Administrators Guide (Version 7.5+)

ManualsBrandsHP ManualsServerHP Integrity NonStop H-Series

261

262

263

264

265

266

267

268

269

270

Table 37 Extended Log Items (continued)

For more information about each value, see “Using the

-requestauth Option” (page 73).

Contains the DN of the certificate that is in error, if client

authentication is used and a problem is found while

verifying the client certificate.

client-error-dn

Contains the security protocol being used: either TLSV1.0,

TLSV1.1, TLSV1.2 or SSLV3.

security

Contains the DN of the certificate that is in error, if client

authentication is used and a problem is found while

verifying the client certificate.

client-error-dn

Contains the DN as taken from the subject field of the client

certificate, if client authentication is used. If client

client

authentication is requested and not provided, this field is

present but empty.

Item values might contain arbitrary characters, including white space (for example, spaces, tabs,

and new lines). Any values containing white space are enclosed by curly braces. For example:

{WinMosaic/Version 2.0 (ALPHA 2)}

Single (unpaired) instances of brace and backslash characters ( { } \ ) within a value must be

preceded by a backslash (\). Optionally, paired instances of these characters might be preceded

by a backslash. For example:

{Here's a brace: \{; and another \}; all done!}

Example

This example displays a typical entry in the extended log file:

log {start 793224627.766481} {method GET} {url /~payne}

{bytes 0} {error {file not found}}...

...{status 404} {end 793224627.818003} {host n8kei.tiac.net}

If –remotePort option is used then:

log {start 793224627.766481} {method GET} {url /~payne}

{bytes 0} {error {file not found}}...

...{status 404} {end 793224627.818003} {host n8kei.tiac.net}

{host_port 6677}

In this example, start, method, url, bytes, error, status,host, and host_port are

the entry items. Each of these items is immediately followed by the item's logged value. For example,

the value of method is GET.

NOTE: Future versions of the extended log format might include entries that begin with some tag

other than log. Programs that read log files should be constructed to ignore any unrecognized

tags.

Logging through an External ServerClass

During an online transaction, a web client may send customer credentials directly in a GET request

in the URL encoded format. iTP Secure WebServer logs all these parameters along with sensitive

customer information (such as credit/debit card numbers or CVV numbers) in the webserver log

files. This is a security concern, wherein information must be restricted from being logged in the

webserver log files. Therefore the need for clients to maintain their own log repository in a secured

location arises.

This is achieved through a user-written logging serverclass. You must develop your own TS/MP

serverclass to read, manipulate and, if required, return the log strings generated by httpd.

The easiest way to create the logging server is to write it as a CGI application. iTP Secure

WebServer ships with a samples logging server application called as logservclass.pway along

266 Server Log File Formats