audit log verify

Verify the audit log records.

User Privileges

Only specialized Audit users can access audit commands.

Syntax

audit log verify -file <filename> [-serialtarget <serialnum>] [-serialsource <serialnum>] [-start <number>] [-end <number>] [-external]

Argument(s) Shortcut Description
-end <number> -en

Specifies the final record of the subset of records to be verified from the file.

-external -ex

Specifies that the file from which log entries are to be verified is from an external HSM. In this case, the audit secret for that HSM must either be the same secret (white PED Key) as is used on the current HSM, or must have been imported to the current HSM.

The current HSM's own audit secret cannot verify log files from other HSMs if those were created using independent secrets. The HSM holds only one audit secret at a time, so the secret for the relevant HSM's logs must be brought into the HSM when needed for log verification, if it is not already present.

-file <filename> -f Specifies the name of the log file to verify.
-serialsource <serialnum> -serials

Specifies the serial number of the HSM that generated the log file that is being verified.

-serialtarget <serialnum> -serialt

Specifies the serial number of the HSM that is performing the verification.

-start <number> -st

Specifies the starting record of the subset of records to be verified from the file.   

Example

Verification of local log file, with local secret

lunash:>audit log verify -file hsm_66331_00000002.log

Log file being verified ready_for_archive/hsm_66331_00000002.log.

Verifying log on HSM with serial 66331

Verified messages 270723 to 271699

Command Result : 0 (Success)

Verification of external log with external secret:

In this example, we show the process from both HSMs.

[myluna72] lunash:> audit secret export

The encrypted log secret file 153593.lws now available for scp.

Now that you have exported your log secret, if you wish to verify your logs
on another HSM see the 'audit secret import' command. If you wish to verify
your logs on another SafeNet Luna Network HSM see the 'audit log tar' command.

Command Result : 0 (Success)



[myluna72] lunash:>audit log tar


Compressing log files:

153593/
153593/hsm_153593_00000019.log
153593/153593.lws
153593/ready_for_archive/
153593/ready_for_archive/hsm_153593_0000000b.log
153593/ready_for_archive/hsm_153593_00000003.log
153593/ready_for_archive/hsm_153593_00000002.log
153593/ready_for_archive/hsm_153593_00000006.log
153593/ready_for_archive/hsm_153593_00000001.log

The tar file containing logs is now available as file 'audit-153593.tgz'.
If you wish to verify your logs on another SA, scp them to another SA's audit
directory then use the 'audit log untar' command.

Command Result : 0 (Success)


Here is where we scp the secret file and the .tgz file to a different SafeNet Luna Network HSM

lunash:> audit secret import -serialtarget 150825 -file 153593.lws -serialsource 153593

Successfully imported the encrypted log secret 153593.lws

Now that you have imported a log secret if you wish to verify
your logs please see the 'audit log verify' command.

Command Result : 0 (Success)



[myluna73] lunash:> audit log untarlogs -file audit-153593.tgz

Extracting logs to audit home:

153593/
153593/hsm_153593_00000019.log
153593/153593.lws
153593/ready_for_archive/
153593/ready_for_archive/hsm_153593_0000000b.log
153593/ready_for_archive/hsm_153593_00000003.log
153593/ready_for_archive/hsm_153593_00000002.log
153593/ready_for_archive/hsm_153593_00000006.log
153593/ready_for_archive/hsm_153593_00000001.log

To verify these logs see the 'audit secret import' command to import the HSM's
log secret.

Command Result : 0 (Success)



[myluna73] lunash:> audit log verify -serialtarget 150825 -file hsm_153593_00000001.log -serialsource 153593


Log file being verified /home/audit/lush_files/153593/ready_for_archive/hsm_153593_00000001.log.

Verifying log from HSM with serial 153593 on HSM with serial 150825
 Make sure that you have already imported the audit log secret.

Verified messages 39638 to 39641

Command Result : 0 (Success)

On the verifying HSM ([myluna73] in the example), you just imported a secret (displacing the native secret of the local HSM) and used it to verify logs that were transported from a different HSM ([myluna72] in the example).

If you now wished to verify the second HSM's ([myluna73]) own log files, you would need to re-import that HSM's secret, having replaced it with the other HSM's ([myluna72]'s0 secret for the example operation.

That is, [myluna72]'s log secret that was imported into [myluna73] to allow [myluna73] to verify logs received from [myluna72], is not useful to verify [myluna73]'s own logs. An HSM can have only one log secret at a time, so [myluna73] needs its own secret back if it is to verify its own logs, rather than the logs it received from [myluna72].