audit log
Access commands that allow you to manage the audit logs.
NOTE Audit log and syslog entries are timestamped in UTC format.
Syntax
audit log
clear
list
tail
tarlogs
untarlogs
verify
Argument(s) | Shortcut | Description |
---|---|---|
clear | c |
Clears all of the audit logs from an HSM. See audit log clear. |
list | l |
Lists all of the audit logs on an HSM. See audit log list. |
tail | tai | Displays the most recent entries in an audit log. See audit log tail. |
tarlogs | tar |
Archives an audit log. See audit log tarlogs |
untarlogs | u | Unarchives a previously archived audit log. See audit log untarlogs. |
verify | v | Verifies a set of records within an audit log. See audit log verify. |
TIP Depending on how busy the HSM is, and the level of audit logging and the rotation interval you have configured ( with audit config ), audit logs might take a long time to fill, or might fill up very quickly. We recommend that you scp the logs out of the Network HSM appliance and clear logs every day, to avoid filling the disk. You can do this manually, but a simple example of automating the process with a script on an external computer might look similar to this bash script:
host_list=”” # list of hosts for host in host_list do ssh audit@host “audit log tarlogs” || exit scp audit@host:audit-*.tgz . || exit ssh audit@host “audit log clear -force” || exit ssh audit@host “service restart cbs” || exit … … done
Naturally, you should modify and test any such solution before you deploy it in an operational environment. The take-away message is to be aware of the extent and rapidity of your audit logging, and to ensure that the resulting files are properly maintained.