Audit Log

PKIClosed A public key infrastructure (PKI) is a set of roles, policies, and procedures needed to create, manage, distribute, use, store and revoke digital certificates and manage public-key encryption. is more than Keyfactor Command, CAs, and certificates. It also includes the people and polices that interact with these entities. It is therefore critical to track the actions taken within Keyfactor Command that enable management of all entities that make up a PKI, as most attack vectors are only exposed internally. The Keyfactor Command audit logs are an immutable record of all changes made to the state of the application.

The information collected in the audit logs is available for viewing and analysis by several means:

Any activity that triggers an audit flag generates an audit record. Auditable activities include actions (e.g. creation, change, deletion) on records in Keyfactor Command that have been configured as auditable (e.g. Certificates, Security, Templates, Application Settings). For a complete list of Keyfactor Command activity that is tracked through the audit log, see Audit Log Reference Codes.

The audit log page in the Keyfactor Command Management Portal allows you to view all the audit logs stored in Keyfactor Command and perform searches on them. Audit logs are stored for seven years, by default (see Application Settings: Auditing Tab).

The audit log grid includes these fields:

  • Level
    The logging level of the message. Most messages are generated at Information level.
  • Category
    The area of Keyfactor Command that generated the audit log.
  • Message
    The audit log message. The message includes the user taking the action and what the action was.
  • Timestamp
    The time and date that the message was generated.

The grid can be sorted by clicking on a column header. All columns except Message may be sorted. Click the column header again to reverse the sort order. The grid columns can be arranged in any order desired by click-holding and dragging the header of the column you wish to move. The column widths may be adjusted by click-holding and dragging the line separating two column headers.

Figure 369: Audit Log

Tip:  Click the help icon () next to the Audit Log page title to open the embedded web copy of the Keyfactor Command Reference Guide to this section.

You can also find the help icon at the top of the page next to the Log Out button. From here you can choose to open either the Keyfactor Command Documentation Suite at the home page or the Keyfactor API Endpoint Utility.