cef-audit-verify

cef-audit-verify [-h] [-u] [-v] [-e ESN] [-w WARRANT] [-r ROOT] [-o OUTDIR] [LOG]

Verifies audit logs produced on HSMs running a firmware version older than 13.5, which produced audit logs in CEF format. Replaces the NFAST_HOME/python/examples/audit-log-verifier.py script, which was previously provided for this purpose.

Option Description

Option	Description
`-e ESN`, `--esn ESN`	The ESN of the logevents to verify.
`-o OUTDIR`, `--outdir OUTDIR`	The path to the output directory. `cef-audit-verify` generates output files in JSON format to describe the content and verification status of the logs.
`-r ROOT`, `--root ROOT`	The key for the root nShield HSM warrant Default: `KWARN-1`
`-w WARRANT`, `--warrant WARRANT`	The path to the warrant file or warrants directory. If you specify a warrant file or directory, the utility verifies up to the nShield HSM warrant root of trust.
`LOG`	Positional argument for you to enter the location of the CEF format audit log file to verify. This is typically either a hardserver log or a syslog log, depending on how audit was configured. If a hardserver log is provided, the utility can automatically distinguish CEF audit records from other hardserver log entries.
Help options
`-h`, `--help`	Displays help for `cef-audit-verify`.
`-u`, `--usage`	Displays a brief usage summary for `cef-audit-verify`.
`-v`, `--version`	Displays the version number of the Security World Software that deploys `cef-audit-verify`.

-e ESN, --esn ESN

The ESN of the logevents to verify.

-o OUTDIR, --outdir OUTDIR

The path to the output directory.
cef-audit-verify generates output files in JSON format to describe the content and verification status of the logs.

-r ROOT, --root ROOT

The key for the root nShield HSM warrant
Default: KWARN-1

-w WARRANT, --warrant WARRANT

The path to the warrant file or warrants directory.
If you specify a warrant file or directory, the utility verifies up to the nShield HSM warrant root of trust.

LOG

Positional argument for you to enter the location of the CEF format audit log file to verify. This is typically either a hardserver log or a syslog log, depending on how audit was configured. If a hardserver log is provided, the utility can automatically distinguish CEF audit records from other hardserver log entries.

Help options

-h, --help

Displays help for cef-audit-verify.

-u, --usage

Displays a brief usage summary for cef-audit-verify.

-v, --version

Displays the version number of the Security World Software that deploys cef-audit-verify.