Please Note:

Administration
CipherTrust Manager Administration
- Password Policy
- Users
- Certificate Based Authentication
- Changing Passwords
- Domain Management
- Groups
- LDAP Group Mapping
- Services
- Hardware Security Module
- Clusters and Nodes
- Tokens
- Policies
- Records
- Syslogs
- Banners
- Interfaces
- SNMP
- SMTP
- Backups
- Scheduling Backups
- Disk Encryption After Initial Launch
- Scheduler
- System Logs
- System Upgrade/Downgrade
- Client Management
- Connection Manager
  - Amazon Web Services (AWS)
  - Microsoft Azure
- Configuring DNS Hosts
- CLI Toolkit
  - CLI Toolkit Installation
  - Batching Commands with Tokens
  - Example CLI User Set Up
  - Support CLI
- Keys
- Key Rotation
- Alarms
- Crypto Operations
- Certificate Authority
- REST API
- Return Material Authorization (RMA) Guidance
CCKM Administration
- Overview
- Interfaces
- Managing AWS Resources
  - Managing AWS Accounts
  - Managing AWS Keys
  - Scheduling Operations
- Managing Azure Resources
  - Managing Azure Vaults
  - Managing Azure Keys
  - Scheduling Operations
CDP Administration
- Interfaces
- Concepts
- Configuring Oracle Databases
- Configuring DB2 Databases
- Configuring SQL Server Databases
- Configuring Teradata Databases
- Troubleshooting
CTE UserSpace Administration
- Interfaces
- Client Profiles
- Clients
- Access
- Keys
- Rules
- Client-Rule Associations
- Network Shares
- Making loginuid Immutable
- Operations
CTE Administration
- Overview
- Interfaces
- Concepts
- Data Transformation
- Managing Profiles
- Managing Clients
  - Enabling Live Data Transformation
  - Setting Client Locks
  - Client Settings
  - Changing Client Password
  - Managing Membership
  - Deleting Clients
- Managing Client Groups
- Managing Signature Sets
- Managing Policies
  - Creating Policy Elements
  - Viewing Policy Elements
  - Creating Policies
  - Modifying Policies and Rules
- Managing GuardPoints
  - Secure Start GuardPoints
  - Considerations Before Creating GuardPoints
  - Creating GuardPoints
    - Creating Standard GuardPoints
    - Creating LDT GuardPoints
    - Creating Cloud Object Storage GuardPoints
  - Enabling Secure Start for GuardPoints
  - Automatic and Manual GuardPoints
  - Viewing GuardPoints
  - Viewing GuardPoint Status
  - Removing GuardPoints
  - Disabling GuardPoints
  - Enabling GuardPoints
- Operations
- Common Scenarios
- Troubleshooting
ProtectFile Administration
- Interfaces
- Client Profiles
- Clients
- Access
- Keys
- Rules
- Client-Rule Associations
- Network Shares
- Clusters
- Operations
ProtectV Administration
- Interfaces
- Concepts
- Operations
- Managing Images
- Managing Instances
- Viewing Encryption Keys
- Configuring a Keystore
- Configuring Key Management Settings
- Configuring Global Autoscaling
- Using Proxy with ProtectV Clients

CipherTrust Manager
Administration
CipherTrust Manager Administration
System Logs

System Logs

The CipherTrust Manager maintains a variety of logs to record administrative actions, network activity, cryptography requests, and more.

The following types of logs are recorded:

Connection request received
Configuration changes
Client requests
Service starts, stops, and restarts
System and user input errors
Successful and failed operations

These logs can be useful for debugging, error handling, troubleshooting, and for chronologically tracing failures and system events. The logs can be downloaded using the CipherTrust Manager GUI. The downloaded file contains following files in .gzip format:

hostd.log
cloud-init.log
keysecuresystem.log

If it is desired to download the rotated logs as well, enable the Download all logs option. The downloaded log file will additionally contain rotated logs that are up to 4 weeks old.

Downloading Logs

Perform the following steps to download these logs using the GUI:

Navigate to Admin Settings > Logs.
Select a CA for signing the logs.
Download the logs:
- To download the System Logs, click Download.
- To download the rotated logs as well, enable the Download all logs option and then click Download.
  Note
  Only the users who are part of System Admins and Admin groups can download the logs from the root domain.

Preserving integrity of downloaded logs

CipherTrust Manager preserves integrity of downloaded logs by performing following steps:

SHA256 hash of downloaded zip file is calculated, which is then signed by a dynamically generated asymmetric key pair.
Certificate is issued by the CipherTrust Manager CA. This CA is selected while downloading the logs, as explained here.
Certificate to verify the signed hash is contained in the downloaded content.

Verifying and viewing the downloaded logs

You must have installed OpenSSL on your machine to verify the log file. You can use the procedure in both Windows and UNIX/Linux environments.

Perform the following steps on the downloaded log file to verify its integrity:

Unzip (extract) the log file.
Use the following commands:
1. openssl x509 -pubkey -noout -in keySecure.cert > pubkey.pem
2. openssl dgst -sha256 -verify pubkey.pem -keyform PEM -sha256 -signature keySecure.signature keySecureLogs.tar.gz
Depending on your operating system, use following steps to view the downloaded logs:
- For Windows users
  Note
  Do not use WinRAR for extracting the log files. Use of 7-Zip is recommended.
  1. Extract the keySecureLogs.tar.gz file using 7-Zip.
    You will get three logs file: cloud-init.log, hostd.log, keysecure.system.log.
  2. Open these files in a reader to view the logs.
- For UNIX/Linux users
  Use the following commands in the Terminal:
  1. Decompress the keySecureLogs.tar.gz using this command: gzip -d keySecureLogs.tar.gz
    You will get keySecureLogs.tar.
  2. Extract the log files using this command: tar xvf keySecureLogs.tar
    You will get three logs file: cloud-init.log, hostd.log, keysecure.system.log.

Suggest A Change

System Logs

Downloading Logs

Preserving integrity of downloaded logs

Verifying and viewing the downloaded logs

On this page