audit log list
Display a list of the audit log files.
User Privileges
Only specialized Audit users can access audit commands.
NOTE Audit log and syslog entries are timestamped in UTC format.
TIP The audit show command can show "HSM is currently storing 0 log records", while the audit log list command shows some number of log files. This is normal and means that the callback service (cbs), running on the HSM appliance is storing audit log records from the cryptographic module into the HSM appliance file system.
The cbs is temporarily stopped when an audit log tarlogs action is being performed, then cbs resumes.
If a number other than zero records persists and grows on the cryptographic module, then either the cbs is not running, or something else is preventing cbs from writing to the file system.
Verify with service status that cbs is running. If cbs is running, check that /var/audit usage is less than 200GB with status disk.
Syntax
audit log list [-serial <serialnum>]
Argument(s) | Shortcut | Description |
---|---|---|
-serial <serialnum> | -s |
Specifies the serial number of the HSM from which you want to list the logs. This option is required only when there are multiple attached HSMs. Default is the embedded HSM. |
Example
lunash:>audit log list Logs that are in progress 116280 Feb 27 17:03 hsm_66331_0000000a.log Logs that are ready for archive: 1624728 Feb 27 17:00 hsm_66331_00000009.log 2224824 Feb 27 16:00 hsm_66331_00000008.log 1902432 Feb 27 15:00 hsm_66331_00000007.log 1923864 Feb 27 14:00 hsm_66331_00000006.log 1910184 Feb 27 13:00 hsm_66331_00000005.log 1925232 Feb 27 12:00 hsm_66331_00000004.log 1937088 Feb 27 11:00 hsm_66331_00000003.log 445968 Feb 27 10:00 hsm_66331_00000002.log Command Result : 0 (Success)