Table of Contents
Advertisement
Date. Indicates the date on which the entry was logged.
Time. Indicates the time at which the entry was logged.
Details. Provides a brief description of the log.
To view an entry in its entirety, either double-click it or select the entry and
6.
click View.
Signing Log Files
CMS allows you to digitally sign log files before you archive them or distribute
them for audit purposes. This feature enables you to check whether the log files
have been tampered with since being signed.
Note that this is an alternative to the signed audit logs feature. Signed audit logs
allows you to create audit logs that are automatically signed, whereas this process
describes how to manually sign archived logs. See "Signed Audit Log," on page
263 for details about signed audit logs.
For signing log files, you use a command-line utility called Netscape Signing Tool
(
). For details about this utility, check this site:
signtool
http://www.mozilla.org/projects/security/pki/nss/tools/
The utility uses information in the certificate, key, and security module databases
of CMS.
When you are ready with all this information, follow the procedure below to sign
the log directories:
Go to the CMS instance in which the CA whose key pair you want to use for
1.
signing is installed.
Type the following command with the appropriate information:
2.
signtool -d <secdb_dir> -k <cert_nickname> -Z <output> <input>
where:
<secdb_dir>
Specifies the path to the directory that contains the
certificate, key, and security module databases for
the CA. This must be the same path you used to copy
the security module database in step 2. If you are
using the default CMS location, the value would be
<server_root>/alias
.
Chapter 7
Administrative Basics
Logs
273
Advertisement
Table of Contents
