Log archives, Log transfer, Log file naming convention – HP Secure Key Manager User Manual

For example, you can schedule that system rotate the Audit Log every Sunday morning at 3:15 or
when the file size reaches 100 MB, whichever comes first.

Log archives

If you do not configure the log transfer feature, old log files are stored on the SKM. For each type of
log, you can select the maximum number of log files that can be archived. When that maximum
number is reached, any new addition to the log archive will remove the oldest log file.

For example, suppose you limit the number of archived System Logs to six and do not enable the log
transfer feature. After six System Log rotations, the archive is full. The next time you rotate the System
log, the oldest System log file on the SKM will be removed to make room for the latest System log
file.

If you limit the number of archived System Logs to six and do enable the log transfer feature, logs that
would normally be deleted are instead sent to the transfer destination.

If you set the number of archived logs to zero, no logs will be archived. Rotated logs will either be
deleted or sent to the transfer destination, depending on your log transfer settings.

IMPORTANT:

The SKM should not be a permanent storage place for log files. You should transfer those files to
another location.

Log transfer

For more information on streaming Activity logs to a remote server, see

Syslog Settings

.

The SKM acts as a temporary repository for logs; it is not meant to store log files permanently. We
recommend that you enable the log transfer feature and store your log files on a log server.

There are four different ways you can transfer a log file off of an SKM: SCP, FTP, browser download,
and syslog. Because syslog and FTP are not secure protocols, we recommend that you use SCP to
transfer your log files.

When a log is rotated, if you have configured a transfer destination for that log, the SKM attempts
to transfer that log file to the location you have specified. If the file transfer fails, the log file sits in a
queue as the SKM attempts to transfer the file every two hours until it is successfully transferred. If the
SKM rotates the log before that file is successfully transferred, the SKM attempts to transfer both the
current log file and the log file that previously failed to transfer.

Log File naming convention

When a log file is transferred off of the SKM, the following naming convention is applied:

<log type>.<archive number>.<datetime stamp>.<hostname>

Table 116 Log file naming conventions

Description

Value

The type of log (e.g., System Log, Audit Log.)

log type

This number indicates the file's place in the log archive on the SKM. 1 indicates the
most recent log file.

archive number

Using the Management Console

242