Viewing the Audit Log

Cryptographic Security Platform Vault generates detailed records that document activities and events associated with the Key Management System. Among these records, audit logs capture auditable events and can be accessed through multiple interfaces of Cryptographic Security Platform Vault, including the REST API, CLI, or the GUI. These logs serve as a comprehensive, chronological archive, facilitating the tracking of changes, access, and various operations. They are frequently utilized for understanding system behavior, diagnosing issues, and conducting security audits.

Audit logs offer flexibility in how they are consumed, and they can be exported in user-friendly CSV or XML formats or forwarded to an external syslog server for centralized logging and analysis.

The following table describes the audit log parameters: 

Parameters Description
Time Date and time when the event was created.
Type

The severity of the record. The severity types are: 

  • INFORMATION

  • CRITICAL

  • WARNING

  • ERROR
User The user who initiated the operation.
Message The operation and details associated with the operation performed.

How you access the audit log in the webGUI depends on which vault you using.

  • For the Cryptographic Security Platform Vault Management webGUI, the Cryptographic Security Platform Vault for Cloud Keys webGUI, the Cryptographic Security Platform Vault for Databases webGUI, or the Cryptographic Security Platform Vault for VM Encryption webGUI, click Audit Log in the top menu bar.

  • For the Cryptographic Security Platform Vault for Cryptographic APIs webGUI, the Cryptographic Security Platform Vault for KMIP webGUI, or the Cryptographic Security Platform Vault for Secrets webGUI, click Audit Log on the main page.

To view the details for a given message, click the Expand button > at the end of the row.

To copy a message to the clipboard, click it and use Ctrl+C on Windows or Command+C on the Mac. If you want to copy multiple rows, click the Multi-Select button and then left-click on the rows you want to select. If you want to export the entire audit log in CSV or XML format, see Exporting the Audit Log.

You can filter the audit log messages displayed using one or more text searches forming an AND search string. The webGUI displays the selected filters below the field. To remove a particular filter, click the X following the filter name.

All searches are partial word and case-insensitve. So "cre" would match "Create" and "Secret".

You cannot use regular expressions and you cannot specify a NOT condition in the search string. Complex searches can only be done through the API.

To filter the message list:

  1. In the Filter drop-down list, select the field you want to filter on.
  2. Enter the filter text in the text box.
  3. Click the Plus (+) sign at the end of the field to add the filter.
  4. Repeat this process to add additional filters and further refine the display.
  • Category—Common categories are Security and Clusters.
  • Message—Searches the text displayed in the Message column.
  • Date—Filters the list based on the date the log entry was created. You can only select one day per filter. Cryptographic Security Platform Vault does not support searching on a range of dates.
  • Group—The name of the associated group, such as KeyControl Admin Group and Cloud Admin Group.
  • Host—The hostname of the server where the activity took place. In general this will be one of the Cryptographic Security Platform Vault nodes.
  • ID—The message ID. For example, if you want to see all messages where a Cloud VM Set was created, you would enter "12" in the filter field.
  • User—Searches the text shown in the User column. For a user-defined webGUI account, this will be the Full Name specified for the account. For security reasons, the user login ID is not saved in the Audit Log.