ARRIS Enterprises, Inc. Confidential Information

HTTP Logging

When an individual STB is deployed in a NAT network, the logclient program can no longer establish a connection with the STB. Instead, a webserver logging mechanism can be used in this situation if the webserver is properly configured. The SDK contains an example, called logserver, showing how an HTTPS server can be set up to receive a log from the STB. The IIP kreatv-option-log-http can be configured to support HTTP logging, for further details see its IIP documentation.

The example script runs in a Node.js environment, which is used to receive a log from a remote STB through the HTTPS protocol (for security reasons, HTTP is not supported). Two parameters are used to control the behaviour of the logging on the STB, the receiving servers address:port, and the sending duration. Once set, the log will be sent from that STB to the listening server.

Any HTTPS server can be used to receive the log. The provided example logserver is just that, an example. It is expected that you integrate your own log receiving code into your existing system.

TR069 parameters

The two parameters used to control the HTTP logging behaviour can be set through either TR069 remotely or by setting information objects on the STB. TR069 parameters must be added to a customized TR-069 plugin which needs to be implemented and delivered by ARRIS. This integration is handled as a change request.

Information Objects

The STB sends the log to the receiving server address specified in cfg.log.upload.address. The type of this parameter is string. It should be an available HTTPS address and port number. for example: https://www.example.com:3000 or https://10.202.6.188:3002

cfg.log.upload.endtime sets the logging end time. The STB will continue sending its log until the end time. During the log sending period, a new value can be set for this object and the endtime will be updated to the new value. The logging will stop if an invalid time is set, the object is removed or when the end time has passed. The time format used should be UTC format like '2016-02-14T16:32:59Z'. The Time format is a subset of ISO 8601.

var.log.upload.status is a readonly parameter, which indicates the log upload status. There are four states:

Enabled: the log is sending to remote HTTPS server
Disabled: the log sending is stopped
CertificateError: HTTPS certificate verification failed when connects with HTTPS server.
ConnectionError: can't connect with HTTPS server.

On the host PC, the logserver example saves the incoming logs in the current directory by default, according to the box serial number and recording date. The file structure looks like this:


    ---logserver dir----serialNumber1--date1.log
                  |                 |--date2.log
                  |-----serialNumber2--date1.log
                                    |--date2.log

The log saving directory can be specified by -d parameter when run the script. For example:

./logserver -d /opt/log

Both the logserver and the STB need to be provided with HTTPS certificates. Below is an example on how to create a self-signed server certificate using OpenSSL. Please adapt this example to your own environment and requirements.


openssl req -newkey rsa:2048 -new -nodes -x509 -days 3650 -keyout key.pem -out cert.pem
mv key.pem private.pem
mv cert.pem public.pem

Public.pem and private.pem need to be in the same folder as the logserver script, and public.pem needs to be added to kreatv-option-log-http i.e.

kreatv-option-log-http:certificate_file="/tmp/public.pem"

A more flexible way is to first generate a CA and add its certificate (root.pem in the example) to the STB using the certificate_file parameter through kreatv-option-log-http. Use this generated CA to sign the server certificate for each server that you want to use. Here is an example given the trusted CA's certificate root.pem and its private key root.key.


openssl genrsa -out server.key 2048
openssl req -new -key server.key -out server.csr
openssl x509 -req -in server.csr -CA root.pem -CAkey root.key -CAcreateserial -out server.crt -days 500

The trusted CA should be added to kreatv-option-log-http as follows:

kreatv-option-log-http:certificate_file="/tmp/root.pem"