Obtaining Logs
Central platform
The KeySafe 5 application is configured to log to stdout
.
This means you can view logs by running standard kubectl
commands.
To get the KeySafe 5 backend services logs:
$ kubectl logs nshield-keysafe5-0 hsm-mgmt
$ kubectl logs nshield-keysafe5-0 sw-mgmt
To get the KeySafe 5 UI logs:
$ UI_POD=$(kubectl -n nshieldkeysafe5 get pods -l app=keysafe5-ui-app -o jsonpath='{.items[0].metadata.name}')
$ kubectl logs $UI_POD
Because all logs are directed to stdout
, you can integrate the application logs with third-party log monitoring tools such
as Prometheus or Splunk.
KeySafe 5 agent
Linux
The KeySafe 5 agent log file is located at /opt/nfast/log/keysafe5-agent.log
, unless configured otherwise.
Windows
The KeySafe 5 agent log file is located at C:\ProgramData\nCipher\Log Files\KeySafe5-agent.log
, unless configured otherwise.
The KeySafe 5 Windows Service actions are emitted to the Windows event log under the nShieldKeySafe5
source identifier.
You can use the nshieldeventlog
utility to extract these log entries and output them to the console or a text file.
nshieldeventlog.exe --source=nShieldKeySafe5
As required, specify:
-
-c
|--count
: The number of records read from the event log.The default is
10000
-
-f
|--file
: The output filename.
See the nShield Security World Software documentation for more information on the nshieldeventlog
utility.