|
Home > |
|---|
Export the audit logging secret to the user local directory for import to another HSM. The audit Export command reads the log secret from the HSM, wrapped with the KCV which was used when the audit container was initialized. The blob of data is then stored in a file on the HOST. The audit officer then imports this wrapped secret into another HSM in the same domain, where it is unwrapped. This allows one HSM to verify logs that have been generated on another.
audit export [[file [<filename>] [overwrite]] [list]
| Parameter | Shortcut | Description |
|---|---|---|
| file | f |
Enter this parameter followed by an optional filename for the file to receive wrapped log secret. If a file name is not specified, the file will be given a default name with the following structure: LogSecret_YYMMDDhhmmss_N.bin where YYMMDD = year/month/date hhmmss = hours/mins/secs N = HSM serial number This file will be written to the subdirectory which was set by a previous 'audit config p [path]' command. If this path does not exist, or the configuration was not set for any reason, an error will be returned. If name was specified, it is examined to see if it contains subdirectories. If it does, then the path is treated as a fully qualified path name. If not the file is stored in the default log path. |
| overwrite | o | Overwrite the file if it already exists. |
| list | l | List the files which reside in the log path. |
lunacm:>audit export file 2013-04-01nextlog.bin overwrite
Now that you have exported your log secret, if you wish to verify your logs
on another HSM see the 'audit import' command.