audit config

Set the configuration parameters for audit logging.

User Privileges

Only specialized Audit users can access audit commands.

Syntax

audit config -parameter <parameter> -value <value> [-serial <serialnum>]

Argument(s)	Shortcut	Description
-parameter <parameter>	-p	Specifies the type of parameter to set. Valid values The value enclosed in parentheses [n] indicates a shortcut: >[e]vent - Include the list of events specified using the -value parameter in the log. >[r]otation - Rotate the logs as specified by the -value parameter.
-serial <serialnum>	-s	Reserved for future use. Specifies the serial number of the HSM. This option allows the system to distinguish between two connected HSMs.
-value <value>	-v	Event Values If -parameter is set to event, this specifies a comma-separated list of events to include in the log. Note: In addition to specifying an event category, you must also specify the conditions under which those events are to be logged - either f for failures, or s for successes, or both. See the examples. Valid values The value enclosed in parentheses [n] indicates a shortcut: >[f]ailure: log command failures >[s]uccess: log command successes >[a]ccess: log access attempts (logins) >[m]anage: log HSM management (init/reset/etc) >[k]eymanage: key management events (key create/delete) >asymmetri[c]: asymmetric key usage (sig/ver) >fi[r]st: first asymmetric key usage only (sig/ver) >s[y]mmetric: symmetric key usage (enc/dec) >symf[i]rst: first symmetric key usage only (enc/dec) >e[x]ternal: log messages from CA_LogExternal >lo[g]manage: log events relating to log configuration >a[l]l: log everything (user will be warned) >[n]one: turn logging off Rotation Values If -parameter is set to rotation, this specifies the log rotation interval. Valid values The value enclosed in parentheses [] indicates a shortcut: >[h]ourly >[d]aily >[w]eekly >[m]onthly >[n]ever

Argument(s)

Shortcut

Description

-parameter <parameter>

-p

Specifies the type of parameter to set.

Valid values

The value enclosed in parentheses [n] indicates a shortcut:

>[e]vent - Include the list of events specified using the -value parameter in the log.

>[r]otation - Rotate the logs as specified by the -value parameter.

-serial <serialnum>

-s

Reserved for future use.
Specifies the serial number of the HSM. This option allows the system to distinguish between two connected HSMs.

-value <value>

-v

Event Values

If -parameter is set to event, this specifies a comma-separated list of events to include in the log.

Note: In addition to specifying an event category, you must also specify the conditions under which those events are to be logged - either f for failures, or s for successes, or both. See the examples.

Valid values

The value enclosed in parentheses [n] indicates a shortcut:

>[f]ailure: log command failures

>[s]uccess: log command successes

>[a]ccess: log access attempts (logins)

>[m]anage: log HSM management (init/reset/etc)

>[k]eymanage: key management events (key create/delete)

>asymmetri[c]: asymmetric key usage (sig/ver)

>fi[r]st: first asymmetric key usage only (sig/ver)

>s[y]mmetric: symmetric key usage (enc/dec)

>symf[i]rst: first symmetric key usage only (enc/dec)

>e[x]ternal: log messages from CA_LogExternal

>lo[g]manage: log events relating to log configuration

>a[l]l: log everything (user will be warned)

>[n]one: turn logging off

Rotation Values

If -parameter is set to rotation, this specifies the log rotation interval.

Valid values

The value enclosed in parentheses [] indicates a shortcut:

>[h]ourly

>[d]aily

>[w]eekly

>[m]onthly

>[n]ever

Example

The following table provides some command usage examples:

Argument(s)	Description
lunash:> audit config -parameter event -value all	Log everything.
lunash:> audit config -parameter event -value none	Log nothing.
lunash:> audit config -parameter event -value failure	Log all command failures.
lunash:> audit config -parameter event -value failure,success,asymmetric	Log all key usage requests, both success and failure.
lunash:> audit config -parameter rotation -value daily	Rotate the log daily.