Application logging
Webapp logs are in JSON format, so it will be easier to process them in external logging tools.
Persistance logs are in standard CSV format.
WEBAPP: | Description | Log format | Samples |
/var/log/veridiumid/opa/opa.out | OPA logs | json | {"level":"error","msg":"Bundle load failed: request failed: Get \"https://develop.dev.local/websec/rest/system/opa/export-archive\": dial tcp 10.204.90.11:443: connect: connection refused","name":"veridium","plugin":"bundle","time":"2025-11-18T15:32:26+02:00"} |
/var/log/veridiumid/tomcat/catalina.out | tomcat logs, where websec/shibboleth/adservice/dmz applications are deployed; this are general logs, to see that tomcat has started and applications deployed | json | {"@timestamp":"2025-11-18T14:44:45.619Z","log.level":"WARNING","message":"Failed to export spans. Server responded with gRPC status code 2. Error message: opentelemetry-collector.ilpdevelop.veridium-dev.com: Name or service not known","ecs.version": "1.2.0","service.name":"catalina","event.dataset":"catalina","process.thread.name":"OkHttp https://opentelemetry-collector.ilpdevelop.veridium-dev.com/...","log.logger":"io.opentelemetry.exporter.internal.grpc.GrpcExporter"} |
/var/log/veridiumid/tomcat/bops.log | These logs are the main application logs, containing the websec logs. | json | {"@timestamp":"2025-09-23T15:03:00.622Z","log.level": "WARN","message":"Zookeeper connection initialized, but not yet connected.", "ecs.version": "1.2.0","service.name":"bops","event.dataset":"bops","process.thread.name":"main","log.logger":"com.veridiumid.webconfig.ZookeeperConnectionFactory"} |
/var/log/veridiumid/tomcat/ldap.log | These logs contains the interaction logs with LDAP service. | sjon | {"@timestamp":"2025-09-23T15:03:05.360Z","log.level": "INFO","message":"Creating LDAP Connection 'default' url=ldap://127.0.0.1:389", "ecs.version": "1.2.0","service.name":"ldap","event.dataset":"ldap","process.thread.name":"pool-3-thread-1","log.logger":"com.veridiumid.ad.contract.LdapFactoryProvider"} |
/var/log/veridiumid/fido/fido.log | The fido logs containing application logs related to fido usage. | json | {"@timestamp":"2025-11-04T08:28:53.581Z","log.level": "INFO","message":"The following 1 profile is active: \"cassandra\"", "ecs.version": "1.2.0","service.name":"fido","event.dataset":"fido","process.thread.name":"main","log.logger":"com.veridiumid.webauthn.Application"} |
/var/log/veridiumid/selfservice/selfservice.log | This is the self service application log. | json | {"@timestamp":"2025-11-17T17:27:08.690Z","log.level": "INFO","message":"HV000001: Hibernate Validator 8.0.3.Final", "ecs.version": "1.2.0","service.name":"selfservice","event.dataset":"selfservice","process.thread.name":"background-preinit","log.logger":"org.hibernate.validator.internal.util.Version"} |
/var/log/veridiumid/websecadmin/websecadmin.log | This is the websecadmin application log, where are kept the logs for user interaction with websec admin application. | json | {"@timestamp":"2025-09-23T15:00:25.206Z","log.level": "INFO","message":"HV000001: Hibernate Validator 5.4.1.Final", "ecs.version": "1.2.0","service.name":"websecadmin","event.dataset":"websecadmin","process.thread.name":"background-preinit","log.logger":"org.hibernate.validator.internal.util.Version"} |
/var/log/veridiumid/freeradius/freeradius.log | Freeradius log contains the information about freeradius application. | %d{yyyy-MMM-dd HH:mm:ss a} %msg%n | Thu Oct 12 03:13:52 2023 : Debug: (1205) if (&User-Name =~ /\.$/) -> FALSE |
/var/log/veridiumid/shibboleth-idp/idp-warn.log | This is the main log for shibboleth process. | json | {"@timestamp":"2025-11-18T06:51:40.666Z","log.level": "WARN","message":"Java class 'net.shibboleth.ext.spring.config.IdentifiableBeanPostProcessor': This will be removed in the next major version of this software; replacement is net.shibboleth.shared.spring.config.IdentifiableBeanPostProcessor","ecs.version": "1.2.0","service.name":"shibboleth","event.dataset":"shibboleth","process.thread.name":"http-nio-127.0.0.1-8943-exec-8","log.logger":"DEPRECATED","idp.server_hostname":"develop.dev.local","idp.server_port":"8945","idp.version":"5.1.6","clientIp":"10.201.0.10","idp.jsessionid":"0EFE1536A9914882DD5A0F811DFFF421","TraceID":"936ec2c9-e38e-4603-8486-234b8cbda48a","idp.remote_addr":"127.0.0.1" |
/var/log/veridiumid/websecadmin/deprovisioning.log | This is the deprovisioning process log, where can be seen action taken by this process. | json | {"@timestamp":"2025-09-24T09:48:54.790Z","log.level": "INFO","message":"Device deprovisioning configuration changed", "ecs.version": "1.2.0","service.name":"websecadmin","event.dataset":"websecadmin","process.thread.name":"main","log.logger":"com.veridiumid.deprovisioning.scheduler.ScheduledDormantDeviceNotificationService"} |
/var/log/veridiumid/haproxy/haproxy.log | Haproxy application log contains the acces logs of all services. | json | {"service.name":"haproxy","timestamp":"23/Sep/2025:18:00:43 +0300","pid":36047,"frontend_type":"http","process_conn":6,"frontend_conn":3,"backend_conn":0,"server_conn":0,"backend_queue":0,"server_queue":0,"request_send_time":2021,"queue_wait_time":-1,"server_wait_time":-1,"server_response_send_time":"-1","response_time":"2021","request_termination_state":"SC--","server_retries":0,"remote_addr":"10.204.90.11","remote_port":29200,"frontend_addr":"10.204.90.11","frontend_port":443,"frontend_ssl_version":"TLSv1.3","frontend_ssl_ciphers":"TLS_AES_256_GCM_SHA384","request_method":"GET","request_uri":"\/websec\/schemas\/shibboleth-attribute-resolver.xsd","request_http_version":"HTTP/1.1","host":"-","referer":"-","frontend_name":"frontend-bops-int","backend_name":"backend-bops-https","server_name":"<NOSRV>","status":"503","response_size":217,"request_size":"174","TraceID":"da22ce43-d39f-49d9-91ca-f964f8b7b4ee"} |
PERSISTENCE: | |||
/var/log/veridiumid/cassandra/debug.log | This is the cassandra log, where can be seen the database logs. | %d{yyyy-MMM-dd HH:mm:ss a} [%t] %level %logger{36} %msg%n | 2023-10-27 15:10:03,621 DEBUG SSLFactory.java:384 - Initializing hot reloading SSLContext |
/var/log/veridiumid/cassandra/backup.log | This log contains information about backup activities, that are running in crontab periodically. | %d{yyyy-MMM-dd HH:mm:ss a} %level %msg%n | 30-Oct-2023 09:07:06 AM INFO Creating snapshot: dc1_10.109.20.128 |
if elastic enabled, this log is not used anymore. /var/log/veridiumid/kafka/server.log | This is the main kafka log. | [%d] %p %m (%c)%n | [2023-06-22 09:00:11,106] WARN Resetting first dirty offset of __consumer_offsets-38 to log start offset 73 since the checkpointed offset 62 is invalid. (kafka.log.LogCleanerManager$) |
/var/log/veridiumid/zookeeper/zookeeper.out | This is the main zookeeper log. | %d{ISO8601} [myid:%X{myid}] - %-5p [%t:%C{1}@%L] - %m%n | 2023-10-30 08:53:08,036 [myid:] - INFO [main:o.a.z.s.q.QuorumPeerConfig@444] - secureClientPort is not set |
/var/log/veridiumid/elasticsearch/VeridiumID.log | Elasticsearch log. | [%d{ISO8601}][%-5p][%-25c{1.}] [%node_name]%marker %m%n | [2023-10-30T09:24:47,218][WARN ][o.e.c.c.Coordinator ] [dc1-node-1] This node is a fully-formed single-node cluster with cluster UUID [VbhjRj4uS8ayHQiDjROKNg], but it is configured as if to discover other nodes and form a multi-node cluster via the [discovery.seed_hosts=[10.109.20.128]] setting. Fully-formed clusters do not attempt to discover other nodes, and nodes with different cluster UUIDs cannot belong to the same cluster. The cluster UUID persists across restarts and can only be changed by deleting the contents of the node's data path(s). Remove the discovery configuration to suppress this message. |
Access log: | |||
/var/log/veridiumid/tomcat/shib_localhost_access_log.2023-10-27.log | Access log for shibboleth, including all called API, response and duration. | json | {"service.name":"shibboleth","host":"127.0.0.1","XFF":"10.201.0.10,10.204.0.110","timestamp":"2025-11-18T08:51:41.324+0200","request_uri":"/idp/profile/SAML2/POST/SSO","request_method":"POST","status":"302","request_size":"-","response_time":"1284390","server_response_send_time":"1284","TraceID":"936ec2c9-e38e-4603-8486-234b8cbda48a","ThreadID":"http-nio-127.0.0.1-8943-exec-8","Client-DN":"-"} |
/var/log/veridiumid/tomcat/dmz_localhost_access_log.2023-10-27.log | Access log for dmz, including all called API, response and duration. | json | {"service.name":"dmz","host":"127.0.0.1","XFF":"86.126.146.250,10.204.0.110","timestamp":"2025-11-18T09:09:35.501+0200","request_uri":"/dmzwebsec/rest/api/GetPairingInfo","request_method":"POST","status":"200","request_size":"39360","response_time":"585275","server_response_send_time":"583","TraceID":"953ddb24-4cac-4931-b480-3ae3ff90c8d9","ThreadID":"http-nio-127.0.0.1-8543-exec-2","Client-DN":"-"} |
/var/log/veridiumid/tomcat/localhost_access_log..2023-05-30.txt | Access log for websec and ADService including all called API, response and duration. | json | {"service.name":"bops","host":"127.0.0.1","XFF":"10.204.90.11","timestamp":"2025-11-18T00:00:01.859+0200","request_uri":"/websec/rest/system/opa/export-archive","request_method":"GET","status":"304","request_size":"-","response_time":"6846","server_response_send_time":"6","TraceID":"9de60219-5c63-4273-b6bd-bd8fb572f6c3","ThreadID":"vid-exec-447","Client-DN":"/CN=Develop_friend_OPA_ACCOUNT_dc1/OU=VeridiumID/O=VeridiumClient/L=New York/ST=NY/C=US/emailAddress=/UID=cb553c0e-5e49-455c-97dd-6192200bc219"} |
/var/log/veridiumid/websecadmin/access_log.2023-05-30.log | Access log for websecadmin including all called API, response and duration. | json | {"service.name":"websecadmin","host":"127.0.0.1","XFF":"10.204.0.110","timestamp":"2025-11-18T00:11:34.088+0200","request_uri":"/veridium-manager/","request_method":"GET","status":"302","request_size":"-","response_time":"14586","server_response_send_time":"14","TraceID":"6c58a314-9c16-43a2-b19a-405a7984d8d7","ThreadID":"https-jsse-nio-9443-exec-4","Client-DN":"/CN=lvartolomei@veridiumid.com/OU=VeridiumID/O=VeridiumClient/L=New York/ST=NY/C=US/emailAddress=/UID=d86af02b-de02-4792-9a3a-b009e71f3d5a"} |
/var/log/veridiumid/selfservice/access_log.2023-05-30.log | Access log for selfservice including all called API, response and duration. | json | {"service.name":"selfservice","host":"127.0.0.1","XFF":"10.204.0.110","timestamp":"2025-11-18T08:49:48.987+0200","request_uri":"/ssp/polyfills.f6fa894b51ccdb26.js","request_method":"GET","status":"200","request_size":"35497","response_time":"73478","server_response_send_time":"72","TraceID":"af79c3ad-6979-4948-bbb3-9d2f3952bec1","ThreadID":"http-nio-127.0.0.1-9986-exec-1","Client-DN":"-"} |
/var/log/veridiumid/fido/access_log.2023-05-30.log | Access log for fido including all called API, response and duration. | json | {"service.name":"fido","host":"127.0.0.1","XFF":"-","timestamp":"2025-11-18T00:04:33.928+0200","request_uri":"/assertion/options","request_method":"POST","status":"200","request_size":"304","response_time":"33317","server_response_send_time":"30","TraceID":"-","ThreadID":"http-nio-127.0.0.1-11442-exec-4","Client-DN":"-"} |
Audit logs: | |||
/opt/veridiumid/websecadmin/logs/events.log | Events logs for accessing websecadmin | %d{yyyy-MMM-dd HH:mm:ss a} [%t] %level %logger{36} %msg%n Also can be in json format. | 2023-Oct-27 16:40:14 PM [https-jsse-nio-9443-exec-5] INFO com.veridiumid.identity.events.SystemEvents ActionLog(id=20316691-e8b5-46dc-9e46-4e58bcc38c31, actionName=Login, accountExternalId=admin@veridiumid.com, accountEmail=null, accountId=47EAEF85-9D37-4366-AF8F-2F4777A6AD4E, deviceId=E27B2D93-291C-47F3-BF35-EA6DA590120A, ip=10.109.20.128, requestUri=/websecadmin/rest/opa/generate-certificate, requestMethod=GET, requestQueryParams=null, requestPath=null, requestBody=null, response=null, actionDate=Fri Oct 27 16:40:14 UTC 2023, location=Local Network) |
/opt/veridiumid/tomcat/logs/events.log | Events logs for user authentications | %d{yyyy-MMM-dd HH:mm:ss a} [%t] %level %logger{36} %msg%n Also can be in json format. | 2023-Oct-27 18:35:04 PM [vid-exec-133] INFO com.veridiumid.identity.events.SystemEvents EventLog(_caller=(accountId=9ae4ce0d-e3a1-447f-936e-dbdc03f26d10, accountExternalId=ADv2MultiStepEnrollment, accountEmailAddressInfo=null, accountStatus=NONE, deviceId=ssp, deviceOs=, deviceType=FRIEND, deviceName=ssp, deviceManufacturer=null, deviceDescription=Self Service Portal, deviceStatus=ACTIVATED), ipAddress='10.109.20.128', location='Local Network', requestURI='/websec/rest/enterprise/portal/InitiateEnrollment', requestMethod='POST', requestPath='/enterprise/portal/InitiateEnrollment', actionName='initiateEnrollment', actionDate=Fri Oct 27 18:35:04 UTC 2023, request=null, response=(currentStatus='null', profileId='null', enrollmentTrackerId='null')) |
Here are some examples of what information can be found in events.log and what is the log format.