PKI 10.4 Audit Review and Search Design - dogtagpki/pki GitHub Wiki
This page describes the enhancements to support audit review and search functionality added in PKI 10.4.
The following CLI command will be added to allow auditors to list the existing audit log files on the server:
$ pki -n auditor ca-audit-file-find ----------------- 3 entries matched ----------------- File name: ca_audit.20170331225716 Size: 2883 File name: ca_audit.20170401001030 Size: 189 File name: ca_audit Size: 6705 ---------------------------- Number of entries returned 3 ----------------------------
The following CLI command will be added to allow auditors to download an audit log file from the server:
$ pki -n auditor ca-audit-file-retrieve <filename>
This is documented in PKI Audit CLI.
Audit log file verification can already be done using the existing AuditVerify tool.
This is documented in Verifying Signed Audit Logs.
Searching for particular log entries can be done using grep tool. For example:
$ grep "\[AuditEvent=ACCESS_SESSION_ESTABLISH\]" <audit log files>