When full logging is enabled, the Security Server stores the message body in the message log database. More information about different logging options is available here. More information about the message log database schema is available here.
SOAP Messages in the Message Log Database
For SOAP messages, the message body is stored in the message
column when database encryption is disabled
. When database encryption is enabled
, the encrypted message body is stored in the ciphermessage
column.
Plain text message log entries can be queried by message id using this SQL query:
messagelog=# select id,message,response from logrecord where xrequestid = '<REQUEST_ID>';
REST Messages in the Message Log Database
For REST messages, the REST request data (HTTP method, request path, HTTP headers) is stored in the message
column when database encryption is disabled
. When database encryption is enabled
, the encrypted REST request data is stored in the ciphermessage
column. Instead, the REST message body is always stored in the attachment
column as a large binary object.
Plain text REST request data can be queried by message id using this SQL query:
messagelog=# select id,message,response,attachment from logrecord where xrequestid = '<REQUEST_ID>';
Instead, the REST message body can be queried using the attachment id returned by the previous query:
messagelog=# SELECT lo_export(attachment, '/tmp/record.txt') FROM logrecord WHERE attachment = <ATTACHMENT_ID>;
The above query stores the REST message body in the /tmp/record.txt
file.
Message Log Archive Files
Message log archive files can be downloaded using the signed document download service and verified using the signed document verification tool. The verification tool supports extracting the signed files from archives and storing them separately on disk.
When a signed file is extracted, contents of the message log database message
column are written to the message.xml
file. For SOAP messages, the file includes the message body. Instead, for REST messages, the file includes the REST request data (HTTP method, request path, HTTP headers).
The REST body is stored in a separate file (attachment1
) that is not extracted by the verification tool. Instead, the REST body can be extracted from the .asice
file by unzipping the file (unzip example-container.asice
) or using the DigiDoc client. To extract the REST body from a .asice
file using the DigiDoc client, download and install the DigiDoc client, open the .asice
file with it and extract the attachment1
file from the container files.
The REST body can be extracted from the .asice
file by unzipping the file (unzip example-container.asice
).