How to Access the Message Body in the Message Log Database and Archive Files?

Owned by Petteri Kivimäki, created
Last updated: Aug 24, 2022
2 min read

When full logging is enabled, the Security Server stores the message body in the message log database. More information about different logging options is available here. More information about the message log database schema is available here.

SOAP Messages in the Message Log Database

For SOAP messages, the message body is stored in the message column when database encryption is disabled. When database encryption is enabled, the encrypted message body is stored in the ciphermessage column.

Plain text message log entries can be queried by message id using this SQL query:

messagelog=# select id,message,response from logrecord where xrequestid = '<REQUEST_ID>';

REST Messages in the Message Log Database

For REST messages, the REST request data (HTTP method, request path, HTTP headers) is stored in the message column when database encryption is disabled. When database encryption is enabled, the encrypted REST request data is stored in the ciphermessage column. Instead, the REST message body is always stored in the attachment column as a large binary object.

Plain text REST request data can be queried by message id using this SQL query:

messagelog=# select id,message,response,attachment from logrecord where xrequestid = '<REQUEST_ID>';

Instead, the REST message body can be queried using the attachment id returned by the previous query:

messagelog=# SELECT lo_export(attachment, '/tmp/record.txt') FROM logrecord WHERE attachment = <ATTACHMENT_ID>;

The above query stores the REST message body in the /tmp/record.txt file.

Message Log Archive Files

Message log archive files can be downloaded using the signed document download service and verified using the signed document verification tool. The verification tool supports extracting the signed files from archives and storing them separately on disk.

When a signed file is extracted, contents of the message log database message column are written to the message.xml file. For SOAP messages, the file includes the message body. Instead, for REST messages, the file includes the REST request data (HTTP method, request path, HTTP headers).

The REST body is stored in a separate file (attachment1) that is not extracted by the verification tool. Instead, the REST body can be extracted from the .asice file by unzipping the file (unzip example-container.asice) or using the DigiDoc client. To extract the REST body from a .asice file using the DigiDoc client, download and install the DigiDoc client, open the .asice file with it and extract the attachment1 file from the container files.

The REST body can be extracted from the .asice file by unzipping the file (unzip example-container.asice).