Security Server monitoring
This article lists the key services of the Security Server and explains how to assign monitoring for them.
Table 1 shows the key services of the Security Server and where their log files are. Monitoring of the Security Server should focus on the services listed in the table.
Service | Java process | Log | Description |
|---|---|---|---|
xroad-confclient | ee.ria.xroad.common.conf.globalconf.ConfigurationClientMain | /var/log/xroad/configuration_client.log | The client application responsible for retrieving global conf configuration data from the central server. |
xroad-proxy | ee.ria.xroad.proxy.ProxyMain | /var/log/xroad/proxy.log | The component responsible for message traffic between security servers. |
xroad-signer | ee.ria.xroad.signer.SignerMain | /var/log/xroad/signer.log | Component that is responsible for key management and e.g. the component for signing messages and verifying signatures. |
Table 1. Security server's main services and their log files.
Xroad-signer
Errors occur occasionally in the operation of the Xroad-signer service, the cause of which has not yet been determined. Errors occur so that the Security Server is no longer able to forward messages and sends the error message below. The Keys & Certificates tab also shows the following message: Connection to Signer (port 5558) timed out.
<faultcode>Server.ClientProxy.SslAuthenticationFailed</faultcode>
If an error occurs, the Xroad-signer process continues to run, but for an unknown reason it has stopped listening to port 5558. As a result, the Security Server is no longer able to forward messages.
It is therefore advisable to carry out the process in a manner that ensures that port 5558 responds locally. If the port does not respond locally, this is an error and you must restart the process. You can also try to prevent the problem by restarting the process regularly, for example, once a day.