PKI 10.4 Audit Review and Search Design - dogtagpki/pki GitHub Wiki

Overview

This page describes the enhancements to support audit review and search functionality added in PKI 10.4.

Downloading Audit Log Files

The following CLI command will be added to allow auditors to list the existing audit log files on the server:

$ pki -n auditor ca-audit-file-find
-----------------
3 entries matched
-----------------
  File name: ca_audit.20170331225716
  Size: 2883

  File name: ca_audit.20170401001030
  Size: 189

  File name: ca_audit
  Size: 6705
----------------------------
Number of entries returned 3
----------------------------

The following CLI command will be added to allow auditors to download an audit log file from the server:

$ pki -n auditor ca-audit-file-retrieve <filename>

This is documented in PKI Audit CLI.

Verifying Audit Log Files

Audit log file verification can already be done using the existing AuditVerify tool.

This is documented in Verifying Signed Audit Logs.

Searching Audit Log Entries

Searching for particular log entries can be done using grep tool. For example:

$ grep "\[AuditEvent=ACCESS_SESSION_ESTABLISH\]" <audit log files>
⚠️ **GitHub.com Fallback** ⚠️