Home >

Lunacm Command Reference Guide > LunaCM Commands > audit > audit export

audit export

Export the audit logging secret to the user local directory for import to another HSM. The audit Export command reads the log secret from the HSM, wrapped with the KCV which was used when the audit container was initialized. The blob of data is then stored in a file on the HOST. The audit officer then imports this wrapped secret into another HSM in the same domain, where it is unwrapped. This allows one HSM to verify logs that have been generated on another.

Syntax

audit export [[file [<filename>] [overwrite]] [list]

Parameter Shortcut Description
file f

Enter this parameter followed by an optional filename for the file to receive wrapped log secret. If a file name is not specified, the file will be given a default name with the following structure:

LogSecret_YYMMDDhhmmss_N.bin

where

YYMMDD = year/month/date

hhmmss = hours/mins/secs

N = HSM serial number

This file will be written to the subdirectory which was set by a previous 'audit config p [path]' command. If this path does not exist, or the configuration was not set for any reason, an error will be returned.

If name was specified, it is examined to see if it contains subdirectories. If it does, then the path is treated as a fully qualified path name. If not the file is stored in the default log path.

overwrite o Overwrite the file if it already exists.
list l List the files which reside in the log path.

Example

lunacm:>audit export file 2013-04-01nextlog.bin overwrite
 
Now that you have exported your log secret, if you wish to verify your logs
on another HSM see the 'audit import' command.