audit config

Home >	LunaSH Command Reference Guide > LunaSH Commands > audit > audit config

audit config

Set the configuration parameters for audit logging.

User Privileges

Only specialized Audit users can access audit commands.

Syntax

audit config -parameter <parameter> -value <value> [-serial <serialnum>]

Option	Shortcut	Description
-parameter <parameter>	-p	Specifies the type of parameter to set. Valid values The value enclosed in parentheses [n] indicates a shortcut: •[e]vent - Include the list of events specified using the -value parameter in the log. •[r]otation - Rotate the logs as specified by the -value parameter.
-serial <serialnum>	-s	Reserved for future use. Specifies the serial number of the HSM. This option allows the system to distinguish between two connected HSMs.
-value <value>	-v	Event Values If -parameter is set to event, this specifies a comma-separated list of events to include in the log. Note: In addition to specifying an event category, you must also specify the conditions under which those events are to be logged - either f for failures, or s for successes, or both. See the examples. Valid values The value enclosed in parentheses [n] indicates a shortcut: •[f]ailure: log command failures •[s]uccess: log command successes •[a]ccess: log access attempts (logins) •[m]anage: log HSM management (init/reset/etc) •[k]eymanage: key management events (key create/delete) •asymmetri[c]: asymmetric key usage (sig/ver) •fi[r]st: first asymmetric key usage only (sig/ver) •s[y]mmetric: symmetric key usage (enc/dec) •symf[i]rst: first symmetric key usage only (enc/dec) •e[x]ternal: log messages from CA_LogExternal •lo[g]manage: log events relating to log configuration •a[l]l: log everything (user will be warned) •[n]one: turn logging off Rotation Values If -parameter is set to rotation, this specifies the log rotation interval. Valid values The value enclosed in parentheses [] indicates a shortcut: •[h]ourly •[d]aily •[w]eekly •[m]onthly •[n]ever

Option

Shortcut

Description

-parameter <parameter>

-p

Specifies the type of parameter to set.

Valid values

The value enclosed in parentheses [n] indicates a shortcut:

•[e]vent - Include the list of events specified using the -value parameter in the log.

•[r]otation - Rotate the logs as specified by the -value parameter.

-serial <serialnum>

-s

Reserved for future use.
Specifies the serial number of the HSM. This option allows the system to distinguish between two connected HSMs.

-value <value>

-v

Event Values

If -parameter is set to event, this specifies a comma-separated list of events to include in the log.

Note: In addition to specifying an event category, you must also specify the conditions under which those events are to be logged - either f for failures, or s for successes, or both. See the examples.

Valid values

The value enclosed in parentheses [n] indicates a shortcut:

•[f]ailure: log command failures

•[s]uccess: log command successes

•[a]ccess: log access attempts (logins)

•[m]anage: log HSM management (init/reset/etc)

•[k]eymanage: key management events (key create/delete)

•asymmetri[c]: asymmetric key usage (sig/ver)

•fi[r]st: first asymmetric key usage only (sig/ver)

•s[y]mmetric: symmetric key usage (enc/dec)

•symf[i]rst: first symmetric key usage only (enc/dec)

•e[x]ternal: log messages from CA_LogExternal

•lo[g]manage: log events relating to log configuration

•a[l]l: log everything (user will be warned)

•[n]one: turn logging off

Rotation Values

If -parameter is set to rotation, this specifies the log rotation interval.

Valid values

The value enclosed in parentheses [] indicates a shortcut:

•[h]ourly

•[d]aily

•[w]eekly

•[m]onthly

•[n]ever

Example

The following table provides some command usage examples:

Command	Description
lunacm:> audit config -parameter event -value all	Log everything.
lunacm:> audit config -parameter event -value none	Log nothing.
lunacm:> audit config -parameter event -value failure	Log all command failures.
lunacm:> audit config -parameter event -value failure,success,asymmetric	Log all key usage requests, both success and failure.
lunacm:> audit config -parameter rotation -value daily	Rotate the log daily.