Home >

Lunacm Command Reference Guide > LunaCM Commands > audit > audit init

audit init

Initialize the Audit role on the HSM. This command attaches an audit domain and a role password for Password-authenticated HSMs, and creates a white Audit PED key for PED-authenticated HSMs. For PED-authenticated HSMs audit init also creates an audit domain, or receives an existing domain, so that selected HSMs are able to validate each others' HSM Audit Log files.

Because this command destroys any existing Audit role on the HSM, you are asked to “proceed” unless the -force switch is provided at the command line.

Note:  This command is used for HSMs with firmware older than version 6.22.0. Expect an entry 'LUNA_CREATE_AUDIT_CONTAINER' in the audit log, when auditing is initialized.
For HSMs with firmware 6.22.0 or newer, use role init, and specify the -name Auditor parameter.

Syntax

audit init [-auth] [-force]

Parameter Shortcut Description
-auth -a This option starts a login after the initialization completes.
-force -f If this option is included in the list, the audit role initialization action is forced without prompting for confirmation.

Example

lunacm:>audit init
 
The AUDIT role will be initialized.
Are you sure you wish to continue?
Type proceed to continue, or quit to quit now -> proceed
 
Please enter the domain to use for initializing the
Audit role:
> myauditdomain
 
Please enter the password:
> *******
 
Please re-enter password to confirm:
> *******
 
Command Result : No Error

Note:  For PED-authenticated HSMs, after you type "proceed" you are referred to the PED (which must be connected and 'Awaiting command...') which prompts you for domain (red PED Key) and Audit authentication (white PED Key).