audit

Access the audit-level commands. Audit commands control HSM audit logging, and can be used only by the properly authenticated HSM Audit role, once that role has been initialized.

The LunaCM hsm commands available to the audit user are restricted to hsm show, and all hsm ped commands, except hsm ped vector commands. The "audit" appliance user is allowed to connect and disconnect remote PED connections, adjust timeout, and view connection information, but is not allowed to create (init) or erase a remote PED vector.  

NOTE   Application partition slots do not show audit commands at all as those commands are applicable only to an HSM administrative slot. HSM administrative slots show only some of the audit commands; the authentication-related functions are taken over by role commands instead.

NOTE   After initializing the Audit role on a password-authenticated HSM, log in as the Auditor and set the domain (see role setdomain for the command syntax). This step is required before setting logging parameters or the log filepath, or importing/exporting audit logs.

Syntax

audit

config
export
import
logmsg
status
time
verify

Option

Shortcut Description

config

c

Configure the audit parameters. See audit config.

export

e

Read the wrapped log secret from the HSM. See audit export.

import

m

Import the wrapped log secret to the HSM. See audit import.

logmsg

logm

Write a message to the HSM's log. See audit logmsg.

status

s

Show the status of the logging subsystem. See audit status.

time

t

Synchronize the HSM time to the host, or get the HSM time. See audit time.

verify

v

Verify a block of log messages. See audit verify.