Audit Log Events and Structure

This section provides a summary of the events collected in audit logs, and a brief description of the information included in each log entry.

Logged Events

The events logged fall under three categories, as shown in the following table:

Administrative Events Object Management Events Object Use Events

>C_Initialize

>C_Finalize

>C_InitToken

>CT_ResetToken

>C_InitPIN

>CT_InitPIN

>C_SetPIN

>C_OpenSession

>C_CloseSession

>C_CloseAllSessions

>C_GetSessionInfo

>C_Login

>C_Logout

>C_CreateObject

>C_CopyObject

>CT_Copyobject

>C_DestroyObject

>C_GetAttributeValue

>C_SetAttributeValue

>C_FindObjects

>C_DeriveKey

>C_GenerateKey

>C_GenerateKeyPair

>C_WrapKey

>C_UnwrapKey

>C_Encrypt

>C_EncryptUpdate

>C_Decrypt

>C_DecryptUpdate

>C_Digest

>C_DigestUpdate

>C_DigestKey

>C_Sign

>C_SignUpdate

>C_SignRecover

>C_Verify

>C_VerifyUpdate

>C_VerifyRecover

>C_DigestEncryptUpdate

>C_DecryptDigestUpdate

>C_SignEncryptUpdate

>C_DecryptVerifyUpdate

Entry Structure

Each audit log entry contains the following information:

>Time of event

>Success/failure of function

>Slot where the event occurred

>Name of event

>Signature of the previous entry

>Signature of the current entry

For example:

2017-07-12 14:12:29,success,0,Audit Log initial message      ,0000000000000000000000000000000000000000000000000000000000000000,692f41f2ec2bbb42411c7b2c5e3230b39dab28bd5178ef1b3e71b34331500765
2017-07-12 14:53:44,success,0,CS_Initialize:                 ,692f41f2ec2bbb42411c7b2c5e3230b39dab28bd5178ef1b3e71b34331500765,6afe98063371c25d675616827ec51d5d23f879312d935c230ebe566db3e064a0
2017-07-12 14:53:44,success,1,CS_OpenSession:                ,6afe98063371c25d675616827ec51d5d23f879312d935c230ebe566db3e064a0,868b4457c44c525febad5c87d9d27ee745829aa38f9ac6bf2405a788f8c3ea89
2017-07-12 14:53:44,success,1,CS_OpenSession:                ,868b4457c44c525febad5c87d9d27ee745829aa38f9ac6bf2405a788f8c3ea89,8e65ee17ce0d0b835fd746558d5c114a45baf6e4e7f579b1f7b22f204db51538
2017-07-12 14:53:44,success,1,CS_FindObjects:                ,8e65ee17ce0d0b835fd746558d5c114a45baf6e4e7f579b1f7b22f204db51538,7ff4201694d9b5a68b6f3e205c75380e10975cddd9ff45641cd82fdb7d7eee17
2017-07-12 14:53:44,success,1,CS_GetAttributeValue:          ,7ff4201694d9b5a68b6f3e205c75380e10975cddd9ff45641cd82fdb7d7eee17,c2fd9b7bd90e370a8684259f120beda70f3ce2a7aa217e753f02864618066fc8
2017-07-12 14:53:44,success,1,CS_CloseSession:               ,c2fd9b7bd90e370a8684259f120beda70f3ce2a7aa217e753f02864618066fc8,a3ef1d28edcf2b1eb4efa2f7d075241e2bf1253f85b7dc36895b2ce07cd4732b

Message Chaining

Each entry is signed by the Audit Key. To ensure that the audit log data is not tampered with, each entry includes both its own signature and the signature of the previous entry. Note that the first entry includes a string of zeroes for the previous signature.