Log

The HSM produces and maintains a record of all events (audit logs) internally at its cryptographic border, such as the opening and closing of sessions by users, the initialization, activation and shutdown of the HSM, the cleaning of the log file, access to cryptographic keys, among others.

The event log (audit logs) contains user authentication data (successful or not) and also cryptographic key occurrences, such as creation or generation, use, release for use in the case of authenticated partitions with M of N and the secure destruction of the key.

Only operators and users with specific permissions can access the log, for consultation, extraction and removal.

Events recorded in the log can also be monitored in real time as they occur. The sessions for this monitoring are special sessions, and they run in passive mode, waiting for notifications to arrive from the HSM. To preserve the HSM's resources, a maximum of three sessions of this type can be opened simultaneously.

It is recommended that you establish a policy to export the HSM logs regularly to files and promote log cleaning in the HSM. This will make log analysis easier and log extraction operations faster. There is no loss of HSM performance by working with very large logs. Whenever a log cleaning operation is performed, the first event in the next log is the cleaning operation information.

See the topic Log recovery for operating details.