Audit Log Operations
The audit log page in the Keyfactor Command Management Portal allows you to perform searches for all the audit logs stored in Keyfactor Command, view details for them, validate that they have not been tampered with, and output selections of them in CSV format.
Click the Download CSV button at the top of the audit log grid to generate and download a comma-delimited CSV file containing all audit log records per the search criteria applied to the grid. The CSV file will contain the information shown in Table 75: Audit Download CSV Records for each exported record.
Table 75: Audit Download CSV Records
Field | Description |
---|---|
Id |
|
Timestamp |
|
Message | The message displayed on the audit log grid. This field contains a human-readable summary of the change and is made up of the user who took the auditable action, the action the user took, the category the user acted upon, and the name of the object acted upon. |
Operation |
|
Level |
|
User |
|
Category |
|
Name |
|
XMLMessage |
The details of the change that was made in XML format. This field contains both the before state and the after state where applicable (e.g. an application setting that was configured as true before the change and false after the change). For example, this entry indicates that a change was made to the key retention policy (the template name the change was made to is specified in the Name field) to change the number of days for retention from four days to seven days: <AuditAction> <ModelState> <Template> <KeyRetention enumtype=CSS. CMS. Core. Enums. Key Retention Policy">3</KeyRetention> <KeyRetentionDays>7</KeyRetentionDays> <Allowed Enrollment Types Display ienumerable="true"> <string>PFX Enrollment</string> <string>CSR Enrollment</string> <string>CSR Generation</string> </AllowedEnrollmentTypesDisplay> </Template> </ModelState> <PreviousModelState> <Template> <KeyRetention enumtype="CSS. CMS. Core. Enums. KeyRetentionPolicy">3</KeyRetention> <KeyRetentionDays>4</KeyRetentionDays> <Allowed Enrollment Types Display ienumerable="true"> <string>PFX Enrollment</string> <string>CSR Enrollment</string> <string>CSR Generation</string> </AllowedEnrollmentTypesDisplay> </Template> </PreviousModelState> </AuditAction>" |
To view audit log details for an audit log record, double-click the audit log entry in the audit log grid, right-click the row in the grid and choose View from the right-click menu, or highlight the row in the grid and click View at the top of the grid. The information on the detail dialog will vary depending on the type of activity that was logged.
The contents of the audit log details dialog will vary depending on the category and object type audited and whether the log item is a new entry or has been updated. The details dialog has four sections.
The Keyfactor Command audit Name for the selected audit log entry is in the gray title bar at the top of the dialog. This is a useful field to use in the search criteria.
Directly below the Name at the top left of the dialog is the Entry Metadata section, which displays the internal metadata Metadata provides information about a piece of data. It is used to summarize basic information about data, which can make working with the data easier. In the context of Keyfactor Command, the certificate metadata feature allows you to create custom metadata fields that allow you to tag certificates with tracking information about certificates. information about the currently displayed detail record:
- Operation
The type of activity that generated the audit log record (see Audit Log Operations). - Time
The time and date that the audit log entry was generated. - User
The user who carried out the activity that generated the audit log. - Category
The area of the product in which the auditable activity occurred (see Audit Log Categories). - Validation Status
Whether the audit log entry in the database is valid or invalid.
Selecting a different entry in the Related Entries section will change the display in this section.
Figure 372: Audit Log Details: Entry Metadata Section
The Related Entries tab displays the history of all the related audit log items (e.g. changes to the same template A certificate template defines the policies and rules that a CA uses when a request for a certificate is received. or certificate) for the selected audit log entry. Click a row in the related entries grid and click View to update the details dialog with the details of the audit log item for the selected related entry.
The related entries can be sorted by clicking on a the Time or User column headers in the results grid. Click the column header again to reverse the sort order.
Figure 373: Audit Log Details: Related Entries Section
The Selected Entry tab of the audit log details dialog will either have one column (for new, or single event, entries) or two (for updated items) showing the details of the auditable action.
The title of a single column pane changes depending on the audit entry event that triggered the entry. It is made up of the category and operation performed to create the entry. The details displayed vary depending on the type object being audited.
Figure 374: Audit Log Details: Single Column Audit Details Pane
The two column pane includes Before Changes and After Changes sections. Only those details that have a different value as a result of a particular audit event will be displayed. Changed fields with sensitive data will display as ******.
Figure 375: Audit Log Details: Two Column Audit Details Pane
Figure 376: Audit Log Details Dialog
Click Close to close the details dialog.
Highlight a row in the audit log grid and click the Validate button to verify whether the selected item is valid or not valid. This function checks the integrity of the audit log data for that grid row to determine whether the data has been tampered with. If the status of the selected item is valid, the validate dialog will indicate this. If the selected item has been tampered with, the validate dialog will indicate that the selected item is not valid.
Figure 377: Audit Log Record is Valid
The validation status of any audit log item can also be viewed in the details dialog, where a status of or will be shown.
Figure 378: Audit Log Details Showing Valid Status
Figure 379: Audit Log Details Showing Invalid Status