|
Home > |
|---|
Access the audit-level commands. Audit commands control HSM audit logging, and can be used only by the properly authenticated HSM Audit role, once that role has been initialized.
The lunacm "hsm" commands available to the "audit" user are restricted to "hsm show", and all "hsm ped" commands, except "hsm ped vector" commands. The "audit" appliance user is allowed to connect and disconnect remote PED connections, adjust timeout, and view connection information, but is not allowed to create (init) or erase a remote PED vector.
Note: The list on this page is all the "audit" commands that are available to you when the current slot is an HSM with firmware older than version 6.22.0.
Where the HSM in the current slot has firmware version 6.22.0 or newer :
- application partition slots do not show the audit commands at all (as those commands are applicable only to an HSM administrative slot)
- HSM administrative slots with newer firmware show only some of the "audit" commands; the authentication-related functions are taken over by "role" commands instead.
audit
changepw
config
export
import
init
login
logmsg
logout
status
time
verify
| Parameter | Shortcut | Description |
|---|---|---|
| changepw | changepw | Change the Audit user password or PED key. [Older firmware only] See audit changepw. |
| config | co | Configure the audit parameters. See audit config. |
| export | e | Read the wrapped log secret from the HSM. See audit export. |
| import | m | Import the wrapped log secret to the HSM. See audit import. |
| init | i | Initialize the HSM Audit user. [Older firmware only] See audit init. |
| login | logi | Login to the HSM as the Audit user. [Older firmware only] See audit login. |
| logmsg | logm | Write a message to the HSM's log. See audit logmsg. |
| logout | logo | Logout from the HSM as the Audit user. [Older firmware only] See audit logout. |
| status | s | Show the status of the logging subsystem. See audit status. |
| time | t | Synchronize the HSM time to the host, or get the HSM time. See audit time. |
| verify | v | Verify a block of log messages. See audit verify. |
audit
config
export
import
logmsg
status
time
verify
| Parameter | Shortcut | Description |
|---|---|---|
| config | co | Configure the audit parameters. See audit config. |
| export | e | Read the wrapped log secret from the HSM. See audit export. |
| import | m | Import the wrapped log secret to the HSM. See audit import. |
| logmsg | logm | Write a message to the HSM's log. See audit logmsg. |
| status | s | Show the status of the logging subsystem. See audit status. |
| time | t | Synchronize the HSM time to the host, or get the HSM time. See audit time. |
| verify | v | Verify a block of log messages. See audit verify. |