Audit Log

PKIClosed A public key infrastructure (PKI) is a set of roles, policies, and procedures needed to create, manage, distribute, use, store and revoke digital certificates and manage public-key encryption. is more than Keyfactor Command, CAs, and certificates. It also includes the people and polices that interact with these entities. It is therefore critical to track the actions taken within Keyfactor Command that enable management of all entities that make up a PKI, as most attack vectors are only exposed internally. The Keyfactor Command audit logs are an immutable record of all changes made to the state of the application.

The information collected in the audit logs is available for viewing and analysis by several means:

Any activity that triggers an audit flag generates an audit record. Auditable activities include actions (e.g. creation, change, deletion) on records in Keyfactor Command that have been configured as auditable (e.g. Certificates, Security, Templates, Application Settings). For a complete list of Keyfactor Command activity that is tracked through the audit log, see Audit Log Reference Codes.

The audit log page in the Keyfactor Command Management Portal allows you to view all the audit logs stored in Keyfactor Command and perform searches on them. Audit logs are stored for seven years, by default (see Application Settings: Auditing Tab).

The audit log grid includes these fields:

  • Level
    The logging level of the message. Most messages are generated at Information level.
  • Category
    The area of Keyfactor Command that generated the audit log (see Audit Log Categories).
  • Message
    The audit log message. The message is made up of the user who took the auditable action, the action the user took, the category the user acted upon, and the name of the object acted upon.
  • Timestamp
    The time and date that the message was generated.

The grid can be sorted by clicking on a column header. All columns except Message may be sorted. Click the column header again to reverse the sort order. The grid columns can be arranged in any order desired by click-holding and dragging the header of the column you wish to move. The column widths may be adjusted by click-holding and dragging the line separating two column headers.

Figure 367: Audit Log

Tip:  Click the help icon () next to the Audit Log page title to open the Keyfactor Command Documentation Suite to this section. You can also find the help icon at the top of the page next to the Log Out button. From here you can choose to open either the Keyfactor Command Documentation Suite at the home page or the Keyfactor API Endpoint Utility.