cef-audit-verify

cef-audit-verify [-h] [-u] [-v] [-e ESN] [-w WARRANT] [-n] [-o OUTDIR] [LOG]

Verifies audit logs produced on HSMs running a firmware version older than 13.5, which produced audit logs in CEF format. Replaces the NFAST_HOME/python/examples/audit-log-verifier.py script, which was previously provided for this purpose.

Option Description

-e ESN, --esn ESN

The ESN of the logevents to verify.

-n, --no-verify-chain

When used with the --warrant option, this enables verification using a specific warrant file without an HSM by not attempting to verify up to the root nShield HSM warrant key.

-o OUTDIR, --outdir OUTDIR

The path to the output directory.
cef-audit-verify generates output files in JSON format to describe the content and verification status of the logs.

-w WARRANT, --warrant WARRANT

The path to the warrant file or warrants directory.
If you specify a warrant file or directory, the utility verifies up to the nShield HSM warrant root of trust. This requires a locally installed HSM, unless you also pass the --no-verify-chain option.

LOG

Positional argument for you to enter the location of the CEF format audit log file to verify. This is typically either a hardserver log or a syslog log, depending on how audit was configured. If a hardserver log is provided, the utility can automatically distinguish CEF audit records from other hardserver log entries.

Help options

-h, --help

Displays help for cef-audit-verify.

-u, --usage

Displays a brief usage summary for cef-audit-verify.

-v, --version

Displays the version number of the Security World Software that deploys cef-audit-verify.