Info: Improvements to Logging in 14.1

Applies to:

Venafi Trust Protection Platform 14.1 and up


Venafi Trust Protection Platform 14.1 brings many changes and enhancements to the platforms logging capabilities.

Additional Info:

Event Changes

The event "Log Client - Connected to Log Server, A connection to the Log Server has been established" is an event that is used to troubleshoot connectivity issues from various aspects of the product to the Log Server. The severity of this message has been moved from Info to Debug, which means you will no longer see it in the logs during normal operations.

Log Server Certificate

The Log Server’s SSL certificate is no longer hard coded and it is now also user replaceable.  With the introduction of the ‘Venafi Operational Certificate’ it is now possible to replace the Log Server certificate. The default certificate will be a machine generated self-signed 256 bit SHA2 RSA certificate.

For more information on the Venafi Operational Certificate, see

Introduction of Log Caching

The concept of Secondary Log Server has been removed and have been replaced with a Log Cache.  This was done to address the following issues:

  1. It was not possible for heartbeat notifications to work in a Primary/Secondary setup.
  2. If either server was unreachable, log messages would be lost.
  3. There was a potential for a performance degradation on the system in the event that clients were trying to establish a connection to a log server.

This system has been replaced with a Log Server and Log Cache concept.  When you install Venafi Trust Protection Platform 14.1 you will only have the ability to specify one log server.   With 14.1 you will also see the ‘Venafi Log Server’ service run on every Director instance.   Here is a how the system will work:

  1. During install the Admin will enter the hostname of the Log Server
  2. On startup the Log Server service has the intelligence to figure out if it is suppose to act as a log server or a cache server.
    • If the server is a log server it will open a listener for port 689 on all interfaces.
    • If the server is not a log server, the service will switch to cache mode and open a listener on port 689 for the interface
  3. When a log client needs to log, it will first attempt to talk to the log server, if the attempt in not successful, then a connection to the local cache will be made instead.  The client will continue to talk to the local cache until the cache tells it not to.
  4. The cache’s job is to temporarily hold any log data.  Periodically check (every 30 seconds) to see if the log server is available; if available, send all of the cached logs to the log server and tell any connected clients to talk to the log server.

During installation of Director, it is only necessary to check "Log Server" from the component section on the server that is going to act as the Log Server for the environment.  

When reviewing logs, you can tell if logs were cached at one time because there will be a difference in the ClientTimeStamp and ServerTimeStamp once the event makes it to the Log Server and are processed.

New Windows Events for Logging Services

The following new messages could be written to the Windows Event log:


Log Client Events:

Info:Failed to connect to the Log Server: HOST:PORT, using local caching server

Error: Failed to connect to the Log Server: HOST:PORT, with error: MESSAGE


Log Cache Events:

Info: Resuming cache logging, disk space no longer below 100MB, suspending cache logging.

Error: Diskspace fell below 100MB, suspending cache logging.

Critical:Log cache file appears corrupt, discarding the data

Was this article helpful?
2 out of 2 found this helpful