PKI Server Audit CLI - dogtagpki/pki GitHub Wiki
To support auditing, PKI server generates audit events when executing various operations. These events can be logged into audit logs for later inspection by the auditor. To ensure the validity of the audit logs, the server can be configured to sign the logs.
The pki-server <subsystem>-audit CLI provides an interface for the administrator to manage audit configuration. The PKI Audit CLI provides an interface for the auditor to access the audit logs.
$ pki-server ca-audit-config-show Enabled: True Log File: /var/lib/pki/pki-tomcat/logs/ca/signedAudit/ca_audit Buffer Size (bytes): 512 Flush Interval (seconds): 5 Max File Size (bytes): 2000 Rollover Interval (seconds): 2592000 Expiration Time (seconds): 0 Log Signing: False Signing Certificate: ca_audit_signing
$ pki-server ca-audit-config-mod --logSigning True Enabled: True Log File: /var/lib/pki/pki-tomcat/logs/ca/signedAudit/ca_audit Buffer Size (bytes): 512 Flush Interval (seconds): 5 Max File Size (bytes): 2000 Rollover Interval (seconds): 2592000 Expiration Time (seconds): 0 Log Signing: True Signing Certificate: ca_audit_signing
To list all audit event configurations:
$ pki-server ca-audit-event-find ------------------- 104 entries matched ------------------- Event Name: ASYMKEY_GENERATION_REQUEST Enabled: False Filter: None Event Name: ASYMKEY_GENERATION_REQUEST_PROCESSED Enabled: False Filter: None ...
To list enabled audit event configurations:
$ pki-server ca-audit-event-find --enabled True ------------------ 38 entries matched ------------------ Event Name: ACCESS_SESSION_ESTABLISH Enabled: True Filter: None Event Name: ACCESS_SESSION_TERMINATED Enabled: True Filter: None ...
To list disabled audit event configurations:
$ pki-server ca-audit-event-find --enabled False ------------------ 70 entries matched ------------------ Event Name: ASYMKEY_GENERATION_REQUEST Enabled: False Filter: None Event Name: ASYMKEY_GENERATION_REQUEST_PROCESSED Enabled: False Filter: None ...
To display audit event configuration:
$ pki-server ca-audit-event-show ACCESS_SESSION_ESTABLISH Event Name: ACCESS_SESSION_ESTABLISH Enabled: True Filter: None
To enable audit event:
$ pki-server ca-audit-event-enable AUTHZ
To disable audit event:
$ pki-server ca-audit-event-disable AUTHZ
To update audit event filter:
$ pki-server ca-audit-event-update AUTHZ --filter "(Outcome=Failure)"
To remove audit event filter:
$ pki-server ca-audit-event-update AUTHZ --filter ""
To list audit log files:
$ pki-server ca-audit-file-find
To verify audit log files:
$ pki-server ca-audit-file-verify