Red Hat CERTIFICATE SYSTEM 8.0 - ADMINISTRATION Admin Manual page 400
Hide thumbs
Also See for CERTIFICATE SYSTEM 8.0 - ADMINISTRATION:
- Using manual (48 pages) ,
- Agents manual (146 pages) ,
- Manual (124 pages)
Table of Contents
Advertisement
Chapter 15. Configuring Subsystem Logs
TIP
To get the audit signing certificate nickname, list the certificates in the subsystem's
certificate database using certutil. For example:
certutil -L -d /var/lib/pki-ca/alias
Certificate Authority - Example Domain
subsystemCert cert-subsystem
Server-Cert cert-example
signedAuditCert cert-example
• Set the logSigning field to true to enable signed logging.
• Set any events which are logged to the audit log.
loggable events. Log events are separated by commas with no spaces.
6. Set any other settings for the log, such as the filename, the log level, the file size, or the rotation
schedule.
NOTE
By default, regular audit logs are located in the /var/log/subsystem_name
directory with other types of logs, while signed audit logs are written to /var/
log/subsystem_name/signedAudit/. The default location for logs can be
changed by modifying the configuration.
7. Save the log configuration.
After enabling signed audit logging, assign auditor users by creating the user and assigning that entry
to the auditor group. Members of the auditor group are the only users who can view and verify the
Section 14.3.2.1, "Creating Users"
signed audit log. See
Auditors can verify logs by using the AuditVerify tool. See the Certificate System Command-Line
Tools Guide for details about using this tool.
Event
AUDIT_LOG_STARTUP
AUDIT_LOG_SHUTDOWN
ROLE_ASSUME
CONFIG_CERT_PROFILE
CONFIG_CRL_PROFILE
CONFIG_OCSP_PROFILE
CONFIG_AUTH
CONFIG_ROLE
CONFIG_ACL
378
Table 15.9, "Signed Audit Log Events"
for details about setting up auditors.
Log Messages
The start of the subsystem, and thus the start of the audit function.
The shutdown of the subsystem, and thus the shutdown of the audit function.
A user assuming a role. A user assumes a role after passing through authentication and a
of administrator, auditor, and agent are tracked. Custom roles are not tracked.
A change is made to the configuration settings for the certificate profile framework.
A change is made to the configuration settings for the CRL framework, such as to the exte
A change is made to the configuration settings for the OCSP.
A change is made to the configuration settings for the authentication framework.
A change is made to the configuration settings for roles, including changes made to users
A change is made to the configuration settings for the ACL framework.
CT,c,
u,u,u
u,u,u
u,u,u
lists the
Advertisement
Table of Contents
Related Manuals for Red Hat CERTIFICATE SYSTEM 8.0 - ADMINISTRATION
Related Products for Red Hat CERTIFICATE SYSTEM 8.0 - ADMINISTRATION
- Red Hat CERTIFICATE 7.2 RELEASE NOTES
- Red Hat CERTIFICATE SYSTEM 7.2 - MIGRATION GUIDE
- Red Hat CERTIFICATE SYSTEM 7.1 - ADMINSISTRATOR
- Red Hat CERTIFICATE 7.3 RELEASE NOTES
- Red Hat CERTIFICATE SYSTEM 8 - DEPLOYMENT
- Red Hat CERTIFICATE SYSTEM 8 - AGENTS GUIDE
- Red Hat CERTIFICATE 8.0 RELEASE NOTES
- Red Hat CERTIFICATE SYSTEM ENTERPRISE - SECURITY GUIDE
- Red Hat CLUSTER SUITE - CONFIGURING AND MANAGING A CLUSTER 2006
- Red Hat CLUSTER MANAGER - INSTALLATION AND
- Red Hat Cluster Suite
- Red Hat Application Server
- Red Hat APPLICATION SERVER - JONAS
- Red Hat APPLICATION STACK 1.1 RELEASE
- Red Hat APPLICATION STACK 1.2 RELEASE
- Red Hat APPLICATION STACK 1.3 RELEASE
Need help?
Do you have a question about the CERTIFICATE SYSTEM 8.0 - ADMINISTRATION and is the answer not in the manual?
Questions and answers