Logging and Reporting

Luna Network HSM 7 allows you to track and report all activity on your HSM to encourage responsibility, ensure accountability, and maintain tight security.

Logging can be done at two levels

>the cryptographic module

>the host system that contains the crypto module.

Luna HSMs come equipped with HSM-level (that is, cryptographic module level) audit logging via the Audit HSM role. See HSM-Level Audit Logging.

The Luna Network HSM 7 also includes appliance-side audit logging and services that monitor your HSM's performance. See Appliance-Level Performance Monitoring.

For it is your responsibility to manage audit log intensity, disk-space consumption,

HSM-Level Audit Logging

Monitoring HSM activity is essential to maintaining a high level of security for the highly sensitive material on your HSM. Luna HSMs have logging and reporting abilities to support this. These features are implemented in the HSM firmware for maximum security.

Logging

Secure logging is done at the whole HSM level. The HSM stores a record of past operations that is suitable for security audit review. Audit logging, when configured, sends HSM log event records to a remote logging server, with cryptographic safeguards ensuring verifiability, continuity, and reliability of HSM event log files. Log records can also be accumulated to tar files for alternative handling, and to ensure that limited storage inside the cryptographic module is not filled.

Each log entry indicates what event occurred when, and who initiated it. Critical events are logged automatically.

Audit Management

For circumstances that require more comprehensive review of events taking place on the HSM, an HSM-level Audit role (White PED key for multifactor quorum-authenticated HSMs) can be used. Each HSM has a unique Audit role whose purpose is to manage audits and monitor HSM activity.

The Audit role is independent from the other roles on the HSM. Creating the Audit role does not require the presence of the HSM SO and if the Audit role is initialized, the HSM and partition administrators are prevented from working with the log files. Only the Auditor can add failures, successes, key usage, and other events to the HSM logging procedure.

Audit log integrity is ensured against altering log records. Separating logging and its role from other administrative roles protects critical information related to the operations of your HSM.

HSM clock management by SO - The Audit role has always been able to set time, and beginning with Luna HSM Firmware 7.8.0 and newer, clock management can be performed by the HSM SO using lunash hsm time get and hsm time sync commands. These should be run to initialize the HSM clock time, then HSM Policy 57 - Allow sync with host time should be set (ON) so that the one-time manual sync operation becomes a daily, automatic event to prevent HSM clock drift outside of parameters; note that it is OFF by default, for backward compatibility.

NOTE   You can encounter the error CKR_TIME_NOT_INITIALIZED if lunash hsm time get and hsm time sync commands have not been employed to set the time. As well, you could encounter CKR_CLOCK_NOT_IN_SYNC if the clocks on source and target HSMs are not within time tolerance for CPv4 cloning operations.
Additionally, other operations need HSM time properly set and synchronized - remote Audit logging, for example, expects tight drift control, to prevent log messages appearing out of order.

Clock synchronization, leading back to trusted time source, is needed on both the source HSM and the target.

Appliance-Level Performance Monitoring

Luna HSMs monitor their own conditions for issues that might require administrative attention. Appliance-side logging of HSM activity moves HSM logging directly into the appliance file system. The purpose is to record HSM operations while bypassing the resource-heavy in-HSM log security features. Like at the HSM-level, appliance-level logging and auditing are split into separate services and roles. Only the Auditor on the appliance can engage in audit management. The Audit role is separate from Admin, Operator, and Monitor.

Appliance performance monitoring can be done via LunaSH, Thales Crypto Command Center, or Luna REST API. LunaSH allows you to specify commands yourself, while the latter two provide a friendly user interface to query the appliance.

Syslog

Syslog is a standard logging facility that writes messages it gets from the appliance to organized log files.

When a sensor reading on the appliance changes by an amount that crosses a configured threshold, the appliance will generate log messages according to their severity. These logs can be checked and accessed by an audit user.

SNMP

Luna HSMs also support remote monitoring of conditions on a local HSM via SNMP (Simple Network Management Protocol). Should the condition of your HSM change in a way that requires your attention, SNMP will alert you via trap notification. Condition changes can include changes in memory or CPU usage, network connection status, and some environmental variables.

You can configure SNMP according to your organization's preferences; it is a flexible and optional feature. SNMP is secure and efficient, ensuring that faults in your HSM are detected early and that your cryptographic information remains safe.