Access commands that allow you to manage the audit logs.
NOTE Audit log and syslog entries are timestamped in UTC format.
Syntax
audit log
clear
list
tail
tarlogs
untarlogs
verify
| Argument(s) | Shortcut | Description |
|---|---|---|
| clear | c |
Clears all of the audit logs from an HSM. See audit log clear. |
| list | l |
Lists all of the audit logs on an HSM. See audit log list. |
| tail | tai | Displays the most recent entries in an audit log. See audit log tail. |
| tarlogs | tar |
Archives an audit log. See audit log tarlogs. |
| untarlogs | u | Unarchives a previously archived audit log. See audit log untarlogs. |
| verify | v | Verifies a set of records within an audit log. See audit log verify. |
TIP Depending on how busy the HSM is, and the level of audit logging and the rotation interval you have configured ( with audit config ), audit logs might take a long time to fill, or might fill up very quickly. We recommend that you sftp the logs out of the Luna Network HSM 7 appliance and clear logs every day, to avoid filling the disk. You can do this manually, but a simple example of automating the process with a script on an external computer might look similar to this bash script:
host_list=”” # list of hosts
for host in host_list
do
ssh audit@host “audit log tarlogs” || exit
sftp audit@host:audit-*.tgz . || exit
ssh audit@host “audit log clear -force” || exit
ssh audit@host “service restart cbs” || exit
…
…
done
Naturally, you should modify and test any such solution before you deploy it in an operational environment. The take-away message is to be aware of the extent and rapidity of your audit logging, and to ensure that the resulting files are properly maintained.
