Logs & Monitoring

Logs location

Logs are located under '/opt/ocspd/var/log' with the following distinction:

  • Application logs are spooled to 'ocspd.log';

  • Administration logs are spooled to 'ocspd-admin.log' and the log file can be signed upon rotation.

These log files are rotated daily.

Logs download from the Web Management Console

Step 1: Access the OCSPd Web Management Console;

Step 2: In the 'System' left menu, select 'Logs':

Logs Menu

Step 3: All the logs files under '/opt/ocspd/var/log' can be downloaded:

Logs List

Step 3: All the logs files can be refreshed by hitting the 'Refresh' button:

Logs Refresh
Logs Refreshed

Managing the OCSPd Log Level

3 Log Levels are available within OCSPd:

  • 'DEBUG': this mode is very verbose and provides debug information. It should not be turned on in production except for debugging purpose;

  • 'INFO': this is the default mode. It provides error information along with OCSP request information;

  • 'ERROR': this mode only logs errors.

Step 1: Access the server through SSH with an account with administrative privileges;

Step 2: Load the OCSPd Configuration Utility with the following command:

# /opt/ocspd/sbin/ocspd-config

Step 3: In the main menu, select 'OCSPd':

Main Config Menu

Step 4: In the OCSPD menu, select 'OCSP_LOGLEVEL':

OCSPd Config Menu

Step 5: Select the Log Level and validate:

Log Level selection

Step 6: The OCSPd configuration is updated:

Log Level selected

Step 7: Exit the OCSPd Configuration Utility and restart the OCSPd service with the following command:

# /etc/init.d/ocspd restart

Monitoring

As of now, OCSPd does not offer any specific monitoring capability. Monitoring must be performed directly by the monitoring system.

Here are the elements to monitor:

  • CRL Download through HTTP under '/';

  • OCSP request through HTTP under '/ocsp';

  • Administration interface through HTTPS.