audit
Access the audit-level commands. Audit commands control HSM audit logging, and can be used only by the properly authenticated HSM Audit role, once that role has been initialized.
The LunaCM hsm commands available to the audit user are restricted to hsm show, and all hsm ped commands, except hsm ped vector commands. The "audit" appliance user is allowed to connect and disconnect remote PED connections, adjust timeout, and view connection information, but is not allowed to create (init) or erase a remote PED vector.
NOTE Application partition slots do not show audit commands at all as those commands are applicable only to an HSM administrative slot. HSM administrative slots show only some of the audit commands; the authentication-related functions are taken over by role commands instead.
NOTE After initializing the Audit role on a password-authenticated HSM, log in as the Auditor and set the domain (see role setdomain for the command syntax). This step is required before setting logging parameters or the log filepath, or importing/exporting audit logs.
Syntax
audit
config
export
import
logmsg
status
time
verify
|
Option |
Shortcut | Description |
|---|---|---|
|
config |
c |
Configure the audit parameters. See audit config. |
|
export |
e |
Read the wrapped log secret from the HSM. See audit export. |
|
import |
m |
Import the wrapped log secret to the HSM. See audit import. |
|
logmsg |
logm |
Write a message to the HSM's log. See audit logmsg. |
|
status |
s |
Show the status of the logging subsystem. See audit status. |
|
time |
t |
Synchronize the HSM time to the host, or get the HSM time. See audit time. |
|
verify |
v |
Verify a block of log messages. See audit verify. |
