audit show
Display the current audit logging information. The displayed information varies, depending on whether or not the 'audit' role is logged in.
TIP The audit show command can show "HSM is currently storing 0 log records", while the audit log list command shows some number of log files. This is normal and means that the callback service (cbs), running on the HSM appliance is storing audit log records from the cryptographic module into the HSM appliance file system.
The cbs is temporarily stopped when an audit log tarlogs action is being performed, then cbs resumes.
If a number other than zero records persists and grows on the cryptographic module, then either the cbs is not running, or something else is preventing cbs from writing to the file system.
Verify with service status that cbs is running. If cbs is running, check that /var/audit usage is less than 200GB with status disk.
User Privileges
Only specialized Audit users can access audit commands.
Syntax
audit show [-serial <serialnum>]
Argument(s) | Shortcut | Description |
---|---|---|
-serial <serialnum> | -s |
Specifies the serial number of the HSM whose audit logging information you want to display. The default is to use the embedded HSM. |
Example (audit user logged in)
lunash:>audit show HSM Logging Status: HSM found logging daemon Logging has been configured HSM is currently storing 0 log records. HSM Audit Role: logged in HSM Time : Mon Dec 17 17:50:35 2012 HOST Time : Mon Dec 17 17:51:07 2012 Current Logging Configuration ----------------------------- event mask : Log everything rotation interval : daily Command Result : 0 (Success)
Example (audit role not configured)
lunash:>audit show HSM Logging Status: HSM found logging daemon Logging has not yet been configured for this HSM HSM is currently storing 3209 log records. HSM Audit Role: not initialized HSM Time : Mon Dec 17 17:50:35 2021 HOST Time : Mon Dec 17 17:51:07 2021 Command Result : 0 (Success)