An Error Log and an Audit Log are provided, each with a command to display the log and a command to clear the log. There is also a command to enable the user to set their timezone, so that the correct time is displayed in audit log reports.
The Error log stores fault information for use by Thales e-Security support personnel. It contains 100 slots for error codes and sub-codes entries. These are used to log unexpected software errors, hardware failures and alarm events. Whenever an error occurs, that error code is stored, along with the time, date and severity level. Additional errors that have the same error code cause the time and date of that code to be updated. In this way, each error type remains in the log (with the most recent time and date) and is not lost. The severity levels are: informative, recoverable, major and catastrophic (needing a reboot). New errors cause the Fault LED on the front panel to flash.
The Audit journal contains 100 entries for HSM state changes – offline, authorised and secure. Whenever the HSM state is altered through power-up, key-lock changes or Console commands, the Audit log is updated with the action and the time and date. Two modes of operation are available for the Audit log, chosen using the Audit Options console command. The modes are termed ‘high water level’ and ‘wrap’. If the ‘high water level’ option is chosen, when the log becomes 80% full the front panel Fault LED is illuminated to notify the user and a warning message is shown on the Console. When the Audit log becomes 100% full any additional state changes are denied (for example into authorised state) until the user has retrieved and cleared the log. If the ‘wrap’ option is chosen, the Audit log records state changes until it is 100% full and for each subsequent state change the earliest (i.e. oldest) record in the log is deleted to make room for the new record.