Obtaining Logs
Central platform
The Keysafe 5 application is configured to log to stdout.
This means you can view logs by running standard kubectl commands.
To get the Keysafe 5 backend services logs run kubectl get pods
| By default, the Keysafe 5 backend Helm chart will create multiple replicas of each service. The below example commands only retrieves the logs from the first replica of each service. |
$ kubectl -n nshieldkeysafe5 logs nshield-keysafe5-0 hsm-mgmt
$ kubectl -n nshieldkeysafe5 logs nshield-keysafe5-0 sw-mgmtTo get the Keysafe 5 UI logs.
$ UI_POD=$(kubectl -n nshieldkeysafe5 get pods -l app=keysafe5-ui-app -o jsonpath='{.items[0].metadata.name}')
$ kubectl logs $UI_PODBecause all logs are directed to stdout, you can integrate the application logs with third-party log monitoring tools such
as Prometheus or Splunk.
Keysafe 5 agent
Linux
The Keysafe 5 agent log file is located at /opt/nfast/log/keysafe5-agent.log, unless configured otherwise.
Windows
The Keysafe 5 agent log file is located at C:\ProgramData\nCipher\Log Files\KeySafe5-agent.log, unless configured otherwise.
The Keysafe 5 Windows Service actions are emitted to the Windows event log under the nShieldKeySafe5 source identifier.
You can use the nshieldeventlog utility to extract these log entries and output them to the console or a text file.
nshieldeventlog.exe --source=nShieldKeySafe5As required, specify the following parameters.
-
-c|--count: The number of records read from the event log.The default is
10000 -
-f|--file: The output filename.
See the nShield Security World Software documentation for more information on the nshieldeventlog utility.