9.1 Authenticating Logging Applications

The Secure Logging Server uses digital certificates and Application IDs to verify the identity of all its logging applications. In fact, the Secure Logging Server only accepts connections from applications that have a valid Logging Application Certificate and Application Identifier. This ensures that unknown or spoofed entities cannot submit events to the data store.

NOTE:The Application Identifier is the name the logging application uses to identify itself to the logging server. The Application Identifier is stored in the application’s certificate and Application object. For more information, see Section 5.3, Application Object Attributes.

Figure 9-1 The Logging Application Authentication Process

The basic authentication process is as follows:

  1. The logging application calls the Platform Agent.
  2. The Platform Agent submits the application’s certificate to the Secure Logging Server.
  3. The Secure Logging Server validates the certificate and verifies the Application Identifier stored in the certificate.
    • A valid Logging Application Certificate must be signed with the Secure Logging Server’s own certificate.
    • A valid Application Identifier must be associated with an Application object in one of the Secure Logging Server’s supported Application containers.
  4. If the certificate and the Application ID are valid, the Secure Logging Server accepts the logging application’s connection.
  5. The logging application begins to log events.

The Secure Logging Server’s certificate (the Secure Logging Certificate) is the logging system’s root certificate; that is, it is used to sign certificates for all the logging applications. Every instrumented application must have a certificate signed by the Secure Logging Server’s certificate.

The Secure Logging Server and all logging applications ship with their own embedded certificates. Using these certificates, the Secure Logging Server is able to validate each logging application’s identity; however, the embedded certificates are not necessarily “secure” because the same certificates are distributed with every copy of the software.

If you want to further secure your logging system, you can use certificates generated with the AudCGen utility. For more information, see Managing Certificates.