The Secure Logging Server uses digital certificates and Application IDs to verify the identity of all its logging applications. In fact, the Secure Logging Server only accepts connections from applications that have a valid Logging Application Certificate and Application Identifier. This ensures that unknown or spoofed entities cannot submit events to the data store.
NOTE:The Application Identifier is the name the logging application uses to identify itself to the logging server. The Application Identifier is stored in the application’s certificate and Application object. For more information, see Section 5.3, Application Object Attributes.
Figure 9-1 The Logging Application Authentication Process
The basic authentication process is as follows:
The Secure Logging Server’s certificate (the Secure Logging Certificate) is the logging system’s root certificate; that is, it is used to sign certificates for all the logging applications. Every instrumented application must have a certificate signed by the Secure Logging Server’s certificate.
The Secure Logging Server and all logging applications ship with their own embedded certificates. Using these certificates, the Secure Logging Server is able to validate each logging application’s identity; however, the embedded certificates are not necessarily “secure” because the same certificates are distributed with every copy of the software.
If you want to further secure your logging system, you can use certificates generated with the AudCGen utility. For more information, see Managing Certificates.