Create a secure audit log with SAWS
SAWS is a Secure Audit Service that can log any messages. It can run as either a standalone web service called SAWS (Secure Audit Web Service) or as a Java Secure Audit Trail Service (JSATS) that is called via a Java API. In either case, the log file that is created is cryptographically protected against tampering, which makes it a sound platform for storing all sorts of audit trails securely. SAWS/JSATS also has a Viewing Tool to let you check the integrity of saved log files, and to view their contents.
In order to run SAWS or JSATS you will need the following components
1. The SAWS software package v5.1.2
2. The SAWS User guide v5.1.0.
A published paper describing the technical design of SAWS can be found here:
A more complete design paper can be found here.
The previous releases of SAWS can be found here
SAWS and .NET Applications
To use SAWS in .NET applications, please consult the following tutorial that shows how to generate DLLs that uses SAWS API.
· Fixed a concurrency error by synchronizing the sendLogRecord method.
· SAWS audit files are now properly closed. This fixes a resource leak.
· SAWS now uses Axis2 as its web services framework, as opposed to Axis1. Deployment is thus a lot easier now.
· Users are now able to search in log files using the SAWS VT.
· Two new records were added to the log file header: the symmetric encryption algorithm and the symmetric key size; both used when log records must be encrypted.
· The SAWS VT now only shows the header of the log file when the " Check Log" and "Check Log Chain" buttons are used. The records sent by the user can be seen with the search menu.
· SAWS does not use IAIK API anymore.
· Users are now able to select the signature algorithm do be used by SAWS. A new field in the configuration file was added for this purpose. Every log file have a new record to store the signing algorithm used for that log file.
· Improvements on SAWS Viewing Tool have been done: the certificate is now presented in a pop-up window and the description of log records was improved.
· SAWS now uses RFC 822 time zone standard to genrate log file names, to avoid the character ":" in some timezones when adopting the General timezone standard. For example, for India the timezone is GMT+05:30 using General timezone; when adopting RFC 822, the timezone is simply expressed by +0530. Log file names generated with the character ":" are not accepted by some operating systems.
SAWS now uses
· SAWS now uses callbacks to get information from the users. Three callback handlers have been implemented: (i) SAWSGUICallbackHandler, to get information using graphical components; (ii) SAWSCmdPromptCallbackHandler, to get information from the command line; and (iii) SAWSFileCallbackHandler, that reads and writes information to files defined by the user. SAWS guide explains how to use callbacks in SAWS.
· Fixed the bug in the heart beating writing thred.
· Support to other hash algorithms. The user can specify the name of the hash algorithm on the configuration file (saws.xml). The supported algorithms are MD5, SHA-1, SHA-256, SHA-384 and SHA-512.
· Support to DSA as signing algorithm. SAWS can create a signing certificate with DSA algorithm.
· The 'sendLogRecord' method on SAWSServer now returns the status code '0' and the sequence number of the record if Success; or the status code -1 and the error code if Fails).
· SAWS’s administrator can configure the encryption and signing certificates. The fields that can be set are: validity, subject name (common name, organization unit name, organization name, locality name, state name and country name), encryption/signing algorithm and key size.
· Support to exporting the self-signed signing certificate generated by SAWS, which can also be used as root CA on SAWS’s configuration file (for testing purposes and for those who don’t have a CA to sign the request file, also generated by SAWS). From now on, the field on SAWS’s configuration file that indicates the path to the root CA MUST specified.
· Double checking of password on creating encryption and signing certificates.
· SAWS’s internal logs are written in a file using Apache Log4J API, and no more shown on the screen as on previous versions.
Last updated 20 July 2011