audit log

Access commands that allow you to manage the audit logs.

NOTE   Audit log and syslog entries are timestamped in UTC format.

Syntax

audit log

clear
list
tail
tarlogs
untarlogs
verify

Argument(s) Shortcut Description
clear c

Clears all of the audit logs from an HSM. See audit log clear.

list l

Lists all of the audit logs on an HSM. See audit log list.

tail tai Displays the most recent entries in an audit log. See audit log tail.
tarlogs tar

Archives an audit log. See audit log tarlogs

untarlogs u Unarchives a previously archived audit log. See audit log untarlogs.
verify v Verifies a set of records within an audit log. See audit log verify.

TIP   Depending on how busy the HSM is, and the level of audit logging and the rotation interval you have configured ( with audit config ), audit logs might take a long time to fill, or might fill up very quickly. We recommend that you scp the logs out of the Network HSM appliance and clear logs every day, to avoid filling the disk. You can do this manually, but a simple example of automating the process with a script on an external computer might look similar to this bash script:

    host_list=”” # list of hosts
    for host in host_list
     do
     ssh audit@host “audit log tarlogs” || exit
     scp audit@host:audit-*.tgz . || exit
     ssh audit@host “audit log clear -force” || exit
     ssh audit@host “service restart cbs” || exit
     …
     …
     done

Naturally, you should modify and test any such solution before you deploy it in an operational environment. The take-away message is to be aware of the extent and rapidity of your audit logging, and to ensure that the resulting files are properly maintained.