Skip to content

Accessing Signed Audit Logs

Endi S. Dewata edited this page Oct 25, 2021 · 6 revisions

Overview

Since 10.4.2 PKI provides CLI to allow auditors to access the audit log files on the server.

Setting up Auditor User

In order to access the audit logs, the administrator needs to create a user for the auditor.

First, create a system user with user certificate authentication.

Then add the user into the Auditors group:

$ pki -n caadmin ca-group-member-add Auditors <user>

The auditor will be able to access the audit logs as follows:

$ pki -n auditor ca-audit-file-...

Listing Audit Log Files

To list all available audit log files:

$ pki -n auditor ca-audit-file-find
-----------------
3 entries matched
-----------------
  File name: ca_audit.20170331225716
  Size: 2883

  File name: ca_audit.20170401001030
  Size: 189

  File name: ca_audit
  Size: 6705
----------------------------
Number of entries returned 3
----------------------------

Retrieving Audit Log File

To retrieve an audit log file and store it locally:

$ pki -n auditor ca-audit-file-retrieve <filename>

To retrieve an audit log file and store it in a different file:

$ pki -n auditor ca-audit-file-retrieve <filename> --output <new filename>

See Also

Clone this wiki locally