Axidian Log Server allows to record events from all CertiFlow servers in a Unified Windows Event Log, Microsoft SQL, PostgreSQL or Syslog servers.

Install Axidian Log Server on one of the CertiFlow servers or on a separate workstation (within or outside the domain). System requirements are the same as for Axidian CertiFlow server

Installing Axidian Log Server

  1. Log in to the workstation as a local administrator.

  2. Run Axidian.LogServer-<version number>.x64.msi installer. The installer is located in Axidian.Log.Server directory.

  3. Copy cmSchema.config. file from Axidian.Log.Server directory and move it to C:\inetpub\wwwroot\ls directory.
  4. Copy eventLogTarget.config, msSqlTarget.config, pgSqlTarget.config and sysLogTarget.config. files and move them to C:\inetpub\wwwroot\ls\targetConfigs directory.

Axidian Log Server works with one Read storage (<ReadTargetId>) and with multiple Write storages (<WriteTargets>).


To apply changes in configuration files, restart the IIS.

Configuring event reading and writing to Windows event log

  1. Edit the configuration file clientApps.config (C:\inetpub\wwwroot\ls\clientApps.config) as follows:

    • Add the following data in Application section:

      <Application Id="cm" SchemaId="cmSchema">
	<ReadTargetId>eventLogTarget</ReadTargetId>
    <WriteTargets>
       	<TargetId>eventLogTarget</TargetId>
    </WriteTargets>
	<AccessControl>
		<!--<CertificateAccessControl CertificateThumbprint="001122...AA11" Rights="Read" />-->
	</AccessControl>
</Application>


    • Add a new element in Targets section:

      <Targets>
    <Target Id="eventLogTarget" Type="eventlog"/>
</Targets>


  2. Save changes and close the configuration file.

Configuring event reading and writing in MS SQL

The database used as data storage for Axidian Log Server is created manually. The database contents are populated automatically.

  1. Create a database with an arbitrary name in the SQL Management Studio environment:
    • In the Object Explorer right-click the Databases tab.
    • Select New database... .
    • Specify the Database name:, e.g. LogServer.

    • In the Owner: field define the database owner.

      Create a new account (e.g. cfServiceSql) or use any internal SQL or Active Directory account. Once you create the database, this account is granted db_owner, public privileges. The service account is now used to perform read/write operations from/to the database.


    • Click ОК to save the database.


  2. Edit the msSqlTarget.config file (C:\inetpub\wwwroot\ls\targetConfigs\msSqlTarget.config) as follows:
    <Settings> … </Settings>:
    • Data Source - this parameter defines the server instance. The parameter is mandatory for all connections. Admissible values are: network name or server IP address, local or localhost for local connections.
    • Database - database name (ILS).
    • User Id - name of the service account used to connect to the database.

    • Password - service account password.

      <Settings>
	<ConnectionString>Data Source=MSSQL\SQLEXPRESS;Database=LogServer;User Id=cfServiceSql;Password=P@ssw0rd</ConnectionString>
</Settings>


      If you use a named instance of Microsoft SQL Server, specify the Server parameter value in the following format: <server name>\<instance name>:

      <Settings>
    <ConnectionString>Server=sql\Named instance; ... </ConnectionString>
</Settings>



  3. Edit the configuration file clientApps.config (C:\inetpub\wwwroot\ls\clientApps.config) to operate with msSqlTarget.config as follows:

    • Add the following data in Application section:

      <Application Id="cm" SchemaId="cmSchema">
	<ReadTargetId>msSqlTarget</ReadTargetId>
    <WriteTargets>
       	<TargetId>msSqlTarget</TargetId>
    </WriteTargets>
	<AccessControl>
		<!--<CertificateAccessControl CertificateThumbprint="001122...AA11" Rights="Read" />-->
	</AccessControl>
</Application>


    • Add a new element in the Targets section:

      <Targets>
    <Target Id="msSqlTarget" Type="mssql"/>
</Targets>


  4. Save changes and close the configuration file.

Configuring event reading and writing in PostgreSQL

The database used as data storage for Axidian Log Server is created manually. The database contents are populated automatically.

  1. Create the database in PostgreSQL via pgAdmin:
    • In Browser section right-click on Databases and select Create Database...
    • Enter the database name in the Database field on General tab. Select a service account in the Owner field. This service account is used to connect to the database. Click Save.

  2. Grant privileges to service account on database tables:
    • Select created database and click to open the Query Tool.

    • Enter the text of the request and specify the account name in it:

      GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA public TO "service account name";


    • Select Execute/Refreshin Query Tool to grant privileges.

  3. By default, you can connect to PostgreSQL databases only locally. To operate between several servers, configure a remote connection to the database:

    • Open the pg_hba.conf in PostgreSQL directory.

      For Windows — C:\Program Files\PostgreSQL\<version number>\data

      For *nix — /etc/postgresql/<version number>/main


    • Add a line with the following parameters:

      CONNECTIONTYPE DATABASE USER ADDRESS METHOD

      Where:

      • CONNECTIONTYPE - local or TCP/IP connection type. To use TCP/IP connection, you can specify host as CONNECTIONTYPE.
      • DATABASE - name of the database. To allow connections to all databases, enter ALL.
      • USER - database user account. To allow connections from all accounts, enter ALL.
      • ADDRESS - range of IP-addresses/IP-address/hostname of the CertiFlow server. To allow connections from any IP-address, enter 0.0.0.0/0.

      • METHOD - authentication method of user account. E.g. md5, scram-sha-256.

        host LogServer cfServiceSql 192.200.1.0 md5
host ALL cfServiceSql 10.0.0.0/8 md5
host ALL ALL 0.0.0.0/0 scram-sha-256


  4. Edit the pgSqlTarget.config file (C:\inetpub\wwwroot\ls\targetConfigs\pgSqlTarget.config) as follows:
    <Settings> … </Settings>:
    • Host - name or IP-address of the PostgreSQL server.
    • Port - TCP port used to connect to PostgreSQL server (default value is 5432).
    • Database - name of the database.
    • Username - service account that has access to the database.

    • Password - service account password.

      <Settings>
  <ConnectionString>Host=SRV-POSTGRESQL;Port=5432;Database=LogServer;Username=cfServiceSql;Password=P@ssw0rd</ConnectionString>
</Settings>


  5. Edit the configuration file clientApps.config (C:\inetpub\wwwroot\ls\clientApps.config) to operate with pgSqlTarget.config as follows:

    • Add new TargetIds for ReadTarget and WriteTarget in Application section:

      <Application Id="cm" SchemaId="cmSchema">
    <ReadTargetId>pgSqlTarget</ReadTargetId>
             
    <WriteTargets>
        <TargetId>pgSqlTarget</TargetId>
    </WriteTargets>
 
    <AccessControl>
        <!-- <CertificateAccessControl CertificateThumbprint="001122...AA11" Rights="Read" /> -->
    </AccessControl>
</Application>


    • Add a new element in Targets section:

      <Targets>
	<Target Id="pgSqlTarget" Type="pgsql"/>
</Targets>


Configuring event writing in Syslog

Syslog is limited to events writing only (<WriteTargets>), events reading is not available. Axidian Log Server supports only event writing to Syslog (<WriteTargets>) due to restrictions of Syslog protocol. Example below complements configuration from PostgreSQL case.

  1. Edit the sysLogarget.config file (C:\inetpub\wwwroot\ls\targetConfigs\sysLogTarget.config) as follows:
    <Settings> … </Settings>:
    • HostName - name or IP-address of Syslog server.
    • Port - port used to connect to Syslog server (default value is 514).

    • Protocol - type of connection to Syslog server: UDP, TCP, TCPoverTLS.

    • Format (optional) - logs format: Plain, CEF, LEEF.

    • SyslogVersion (optional) - Syslog protocol: RFC3164, RFC5424.

      <Settings HostName="SRV-SYSLOG" Port="514" Protocol="UDP"/>


  2. Edit the configuration file clientApps.config (C:\inetpub\wwwroot\ls\clientApps.config) to work with sysLogTarget.config as follows:

    • Add the following data in Application section:

      <Applications>
	<Application Id="cm" SchemaId="cmSchema">
		<ReadTargetId>pgSqlTarget</ReadTargetId>
			
		<WriteTargets>
			<TargetId>pgSqlTarget</TargetId>
			<TargetId>sysLogTarget</TargetId>
		</WriteTargets>

		<AccessControl>
			<!-- <CertificateAccessControl CertificateThumbprint="001122...AA11" Rights="Read" /> -->
		</AccessControl>
	</Application> 
</Applications>


    • Add a new element in Targets section:

      <Targets>
	<Target Id="pgSqlTarget" Type="pgsql"/>
	<Target Id="sysLogTarget" Type="syslog"/>
</Targets>