• Quick Start
  • Booting
  • Platform
  • Portals
  • References
    • API Reference TOI3
    • IIP Reference
  • Resources
ARRIS Enterprises, Inc. Confidential Information

Receiving HTTPS log

HTTPS logging allows a specific STB to send its log file to a specified server via HTTPS messages. When an individual STB is deployed in a NAT network, the logclient program can no longer establish a connection with the STB. Instead, a webserver logging mechanism can be used in this situation if the webserver is properly configured. The SDK contains an example, called logserver, showing how an HTTPS server can be set up to receive a log from the STB. The IIP kreatv-option-log-http can be configured to support HTTPS logging, for further details see its IIP documentation.

The example script runs in a Node.js environment, which is used to receive a log from a remote STB through the HTTPS protocol (for security reasons, HTTP is not supported). Two parameters are used to control the behaviour of the logging on the STB, the receiving servers address:port, and the sending duration. Once set, the log will be sent from that STB to the listening server.

Any HTTPS server can be used to receive the log. The provided example logserver is just that, an example. It is expected that you integrate your own log receiving code into your existing system.

On the host PC, the logserver example saves the incoming logs in the current directory by default, according to the box serial number and recording date. The file structure looks like this:

    ---logserver dir----serialNumber1--date1.log
                  |                 |--date2.log
                  |-----serialNumber2--date1.log
                                    |--date2.log

The log saving directory can be specified by -d parameter when run the script. For example:

$ ./logserver -d /opt/log

Both the logserver and the STB need to be provided with HTTPS certificates. Below is an example on how to create a self-signed server certificate using OpenSSL. Please adapt this example to your own environment and requirements.


openssl req -newkey rsa:2048 -new -nodes -x509 -days 3650 -keyout key.pem -out cert.pem
mv key.pem private.pem
mv cert.pem public.pem
Public.pem and private.pem need to be in the same folder as the logserver script, and public.pem needs to be added to kreatv-option-log-http i.e. 
kreatv-option-log-http:certificate_file="/tmp/public.pem"

A more flexible way is to first generate a CA and add its certificate (root.pem in the example) to the STB using the certificate_file parameter through kreatv-option-log-http. Use this generated CA to sign the server certificate for each server that you want to use. Here is an example given the trusted CA's certificate root.pem and its private key root.key.


openssl genrsa -out server.key 2048
openssl req -new -key server.key -out server.csr
openssl x509 -req -in server.csr -CA root.pem -CAkey root.key -CAcreateserial -out server.crt -days 500

The trusted CA should be added to kreatv-option-log-http as follows:

kreatv-option-log-http:certificate_file="/tmp/root.pem"

5.1.1.p8

Copyright (c) 2018 ARRIS Enterprises, LLC. All Rights Reserved. ARRIS Enterprises, LLC. Confidential Information.