Index details
| JSON array are represented in the following table with the '.' delimiter. |
NGINX index details
will find attached an example of an 'nginx-ocspd.json' log as stored by Elasticsearch in JSON format.
Here is the explanation of this JSON file.
| JSON Entry | Signification |
|---|---|
_source.ocspd.hostname |
Hostname of OCSP node where the log is from |
_source.ocspd.clientname |
Hostname of the Client that did the request |
_source.ocspd.logtype |
Type of log |
_source.clienip |
Requester client @IP |
_source.ident |
HTTP remote identity |
_source.auth |
HTTP remote user |
_source.timestap |
Request timestamp |
_source.verb |
HTTP method |
_source.request |
URL of the request |
_source.httpversion |
HTTP version |
_source.rawrequest |
Complete request received |
_source.response |
HTTP status code |
_source.bytes |
Body bytes sent |
_source.user_agent |
User agent of the HTTP requester |
_source.referrer |
Address of the webpage which is linked to the resource being requested |
_source.agent |
Information about the Filebeat agent that send the log |
_source.log |
Log file name where this log is from |
EverTrust OCSP index details
Inside an OCSP request, 3 situations can be found:
-
Request for the status of a unique certificate for a unique Certificate Authority;
-
Request for the status of multiples certificates for a unique Certificate Authority.
-
Request for the status of multiples certificates for multiples Certificate Authorities.
That’s why we have decided to split the EverTrust OCSP logs into two different log indexes. The first one gives information about the global OCSP request and is called 'request-ocspd'. The second one gives details of each certificate status checked inside the request and is called 'item-ocspd'.
EverTrust OCSP request
You will find attached an example of an 'request-ocspd.json' log as stored by Elasticsearch in JSON format.
Here is the explanation of this JSON file.
| JSON Entry | Signification |
|---|---|
_source.ocspd.hostname |
Hostname of OCSP node where the log is from |
_source.ocspd.clientname |
Hostname of the Client that did the request |
_source.ocspd.logid |
Identifier of log |
_source.ocspd.logtype |
Type of log |
_source.ocspd.request.status |
Response status of the associated request |
_source.ocspd.request.error |
Response error of the associated request |
EverTrust OCSP item
You will find attached an example of an 'item-ocspd.json' log as stored by Elasticsearch in JSON format.
Here is the explanation of this JSON file.
| JSON Entry | Signification |
|---|---|
_source.ocspd.hostname |
Hostname of OCSP node where the log is from |
_source.ocspd.clientname |
Hostname of the Client that did the request |
_source.ocspd.logid |
Identifier of log |
_source.ocspd.logtype |
Type of log |
_source.ocspd.CAissuer.keyhash |
Key hash of the CA issuer |
_source.ocspd.CAissuer.name |
Name of the CA issuer |
_source.ocspd.cert.info |
Information about the certificate (Certificate Serial Number/CA Issuer Name) |
_source.ocspd.cert.status |
Status of the certificate |