Home > |
---|
Set the configuration parameters for audit logging.
Only specialized Audit users can access audit commands.
audit config -parameter <parameter> -value <value> [-serial <serialnum>]
Option |
Shortcut | Description |
---|---|---|
-parameter <parameter> | -p |
Specifies the type of parameter to set. Valid values The value enclosed in parentheses [n] indicates a shortcut: •[e]vent - Include the list of events specified using the -value parameter in the log. •[r]otation - Rotate the logs as specified by the -value parameter. |
-serial <serialnum> | -s |
Reserved for future use. |
-value <value> | -v |
Event ValuesIf -parameter is set to event, this specifies a comma-separated list of events to include in the log. Note: In addition to specifying an event category, you must also specify the conditions under which those events are to be logged - either f for failures, or s for successes, or both. See the examples. Valid values The value enclosed in parentheses [n] indicates a shortcut: •[f]ailure: log command failures •[s]uccess: log command successes •[a]ccess: log access attempts (logins) •[m]anage: log HSM management (init/reset/etc) •[k]eymanage: key management events (key create/delete) •asymmetri[c]: asymmetric key usage (sig/ver) •fi[r]st: first asymmetric key usage only (sig/ver) •s[y]mmetric: symmetric key usage (enc/dec) •symf[i]rst: first symmetric key usage only (enc/dec) •e[x]ternal: log messages from CA_LogExternal •lo[g]manage: log events relating to log configuration •a[l]l: log everything (user will be warned) •[n]one: turn logging off Rotation ValuesIf -parameter is set to rotation, this specifies the log rotation interval. Valid values The value enclosed in parentheses [] indicates a shortcut: •[h]ourly •[d]aily •[w]eekly •[m]onthly •[n]ever |
The following table provides some command usage examples:
Command | Description |
---|---|
lunacm:> audit config -parameter event -value all |
Log everything. |
lunacm:> audit config -parameter event -value none |
Log nothing. |
lunacm:> audit config -parameter event -value failure |
Log all command failures. |
lunacm:> audit config -parameter event -value failure,success,asymmetric |
Log all key usage requests, both success and failure. |
lunacm:> audit config -parameter rotation -value daily |
Rotate the log daily. |