audit config

Home >	LunaSH Command Reference Guide > LunaSH Commands > audit > audit config

audit config

Set the configuration parameters for audit logging.

Syntax

audit config -parameter <parameter> -value <value> [-serial <serialnum>]

Parameter	Shortcut	Description
-parameter	-p	Specifies the type of parameter to set. Valid values (the value enclosed in parentheses [n] indicates a shortcut): •[e]vent - Include the list of events specified using the -value parameter in the log. •[r]otation - Rotate the logs as specified by the -value parameter.
-serial	-s	RESERVED FOR FUTURE USE. Specifies the serial number of the HSM. This option allows the system to distinguish between two connected HSMs, as might occur with a PKI bundle configuration (secondary USB-attached SafeNet USB HSM).
-value	-v	•If -parameter is set to event, this specifies a comma-separated list of events to include in the log. Note: In addition to specifying an event category, you must also specify the conditions under which those events are to be logged - either f for failures, or s for successes, or both. See the examples. Valid values (the value enclosed in parentheses [] indicates a shortcut): –[f]ailure: log command failures –[s]uccess: log command successes –[a]ccess: log access attempts (logins) –[m]anage: log HSM management (init/reset/etc) –[k]eymanage: key management events (key create/delete) –[u]sage: key usage (enc/dec/sig/ver) –fi[r]st: first key usage only (enc/dec/sig/ver) –e[x]ternal: log messages from CA_LogExternal lo[g]manage: log events relating to log configuration a[l]l: log everything (user will be warned) [n]one: turn logging off • If -parameter is set to rotation, this specifies the log rotation interval. Valid values (the value enclosed in parentheses [] indicates a shortcut): –[h]ourly –[d]aily –[w]eekly –[m]onthly –[n]ever

Parameter

Shortcut

Description

-parameter

-p

Specifies the type of parameter to set.

Valid values (the value enclosed in parentheses [n] indicates a shortcut):

•[e]vent - Include the list of events specified using the -value parameter in the log.

•[r]otation - Rotate the logs as specified by the -value parameter.

-serial

-s

RESERVED FOR FUTURE USE.
Specifies the serial number of the HSM. This option allows the system to distinguish between two connected HSMs, as might occur with a PKI bundle configuration (secondary USB-attached SafeNet USB HSM).

-value

-v

•If -parameter is set to event, this specifies a comma-separated list of events to include in the log.

Note: In addition to specifying an event category, you must also specify the conditions under which those events are to be logged - either f for failures, or s for successes, or both. See the examples.

Valid values (the value enclosed in parentheses [] indicates a shortcut):

–[f]ailure: log command failures

–[s]uccess: log command successes

–[a]ccess: log access attempts (logins)

–[m]anage: log HSM management (init/reset/etc)

–[k]eymanage: key management events (key create/delete)

–[u]sage: key usage (enc/dec/sig/ver)

–fi[r]st: first key usage only (enc/dec/sig/ver)

–e[x]ternal: log messages from CA_LogExternal lo[g]manage: log events relating to log configuration a[l]l: log everything (user will be warned) [n]one: turn logging off

• If -parameter is set to rotation, this specifies the log rotation interval.

Valid values (the value enclosed in parentheses [] indicates a shortcut):

–[h]ourly

–[d]aily

–[w]eekly

–[m]onthly

–[n]ever

Example

The following table provides some command usage examples:

Command	Description
audit config -p e -v all	Log everything.
audit config -p e -v none	Log nothing.
audit config -p e -v f	Log all command failures.
audit config -p e -v u,f,s	Log all key usage requests, both success and failure.
audit config -p r -v daily	Rotate the log daily.

The following example shows the warning displayed when you use the all option:

lunash:>audit config -p e -v all

        Warning:: You have chosen to log all successful key usage events.
        This can result in an extremely high volume of log messages, which
        will significantly degrade the overall performance of the HSM.

Command Result : 0 (Success)