Hi Yuri,
well, I understood it that way, that the
Rollover of KSK expected
message is the normal, non-critcal message, being logged before the
lifetime of the KSK has actually expired.
But then, once the lifetime of a KSK has expired, the
KSK Retirement reached
message should be logged.
Did I understand that wrong ? If yes, what is the exact trigger for the
"KSK Retirement reached" message then ?
Regards
Marc
On 01/27/2017 09:09 AM, Yuri Schaeffer wrote:
Hi Marc,
As it is not an upcoming, but a missed rollover (as the "Date of next
transition" has long passed), shouldn't it log the
ods-enforcerd: WARNING: KSK Retirement reached
message instead ??
It is not really a missed rollover. It merely hasn't happened yet. It is
waiting for user input since that time.
We could append:
Jan 26 12:18:49 ods-enforcerd: Rollover of KSK expected at 2016-07-25
10:23:48 for uutest.com, waiting for human.
Or something more formal of course. :) Would that work?
//Yuri
_______________________________________________
Opendnssec-user mailing list
[email protected]
https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
--
Marc Richter
Engr III Cslt-Ntwk Eng&Ops
Sebrathweg 20
44149 Dortmund
Germany
O +49 231 972 1293
F +49 231 972 2587
E [email protected]
_______________________________________________
Opendnssec-user mailing list
[email protected]
https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
