Obtaining Logs
Central platform
The Keysafe 5 application is configured to log to stdout
.
This means you can view logs by running standard kubectl
commands.
To get the Keysafe 5 backend services logs run kubectl get pods
By default, the Keysafe 5 backend Helm chart will create multiple replicas of each service. The below example commands only retrieves the logs from the first replica of each service. |
$ kubectl -n nshieldkeysafe5 logs nshield-keysafe5-0 hsm-mgmt
$ kubectl -n nshieldkeysafe5 logs nshield-keysafe5-0 sw-mgmt
To get the Keysafe 5 UI logs.
$ UI_POD=$(kubectl -n nshieldkeysafe5 get pods -l app=keysafe5-ui-app -o jsonpath='{.items[0].metadata.name}')
$ kubectl logs $UI_POD
Because all logs are directed to stdout
, you can integrate the application logs with third-party log monitoring tools such
as Prometheus or Splunk.
Keysafe 5 agent
Linux
The Keysafe 5 agent log file is located at /opt/nfast/log/keysafe5-agent.log
, unless configured otherwise.
Windows
The Keysafe 5 agent log file is located at C:\ProgramData\nCipher\Log Files\KeySafe5-agent.log
, unless configured otherwise.
The Keysafe 5 Windows Service actions are emitted to the Windows event log under the nShieldKeySafe5
source identifier.
You can use the nshieldeventlog
utility to extract these log entries and output them to the console or a text file.
nshieldeventlog.exe --source=nShieldKeySafe5
As required, specify the following parameters.
-
-c
|--count
: The number of records read from the event log.The default is
10000
-
-f
|--file
: The output filename.
See the nShield Security World Software documentation for more information on the nshieldeventlog
utility.