此页面由 Cloud Translation API 翻译。

硬件安全模块 (HSM)

工作负载位置	硬件
审核日志源	Syslog 格式
接受审核的操作	创建 Hewlett Packard Enterprise Integrated Lights-Out (HPE iLO) 租户密钥创建 NetApp ONTAP 租户密钥

创建 HPE iLO 租户密钥

包含审核信息的日志条目中的字段
审核元数据	审核字段名称	值
用户或服务身份	不适用	不适用
目标（调用 API 的字段和值）	不适用	不适用
操作（包含所执行操作的字段）	`message.action`	例如， "message":{ "action":"Create Key" }
活动时间戳	`time`	例如， `"time":"2022-11-14T14:55:53.051642Z"`
操作来源	`message.sourceIPs`	例如， "message":{ "sourceIPs":["10.142.0.27"] }
结果	`message.response`	`success` 或 `failure`。例如， "message":{ "response":"success" }
其他字段	`message.description` 字段包含直接从 HSM 检索的完整日志消息。	如需了解详情，请参阅示例日志。

日志示例

{
  "pri":"14",
  "time":"2022-11-14T14:55:53.051642Z",
  "host":"hsmcluster",
  "ident":"hsmcluster",
  "pid":"-",
  "msgid":"-",
  "extradata":"-",
  "message":{
    "time":"2022-11-14T14:55:53.051642Z",
    "auditID":"bda22019-e565-4781-9c81-7a148cd1dfec",
    "user":{},
    "resource":"gpc-system/8b06-ddef1a-d643-469c-8a96-2339b1c",
    "action":"Create Key",
    "description":{
      "account":"kylo:kylo-ddb1c-f5a5:admin:accounts:kylo-ddadef1a-d643-23c",
      "application":"ncryptify:gemalto:admin:apps:kylo",
      "client_ip":"10.142.0.27",
      "createdAt":"2022-11-14T14:55:53.051642Z",
      "details":{
        "algorithm":"AES",
        "aliases":[{
          "alias":"ontap-admin-org-1-e09a731927eca3c",
          "index":0,
          "type":"string"
          }],
        "domain":"ddadef1a-d643-469c-8a96-23333e169b1c",
        "id":"8b0aec4f428354248f766",
        "name":"ontap-admin-org-1-e09a731927eca3c",
        "objectType":"Symmetric Key",
        "ownerId":"local|2620af75-cfd5-4279-88f1-c7977a317224",
        "size":256,
        "uri":"kylo:kylo-ddadef1a-d643-469c-8a96-233e16b1c:vault:keys:ontap-admin-org-1-e09a731927eca3c-v0",
        "usageMask":12
        },
      "devAccount":"ncryptify:gemalto:admin:accounts:gemalto",
      "id":"e352167a-60ce-4054-be1a-5cd09f2c64f4",
      "message":"Create Key",
      "principal":{
        "acc":"kylo/ddadef1a-d643-469c-8a96-23333e169b1c",
        "acct":"kylo:kylo-ddadefe169b1c:admin:accounts:kylo-ddadef1a-d643-469c-8a96-23333e169b1c",
        "iss":"kylo",
        "sub":"local|2620af75-cfd5-4279-88f1-c7977a317224"
        },
      "service":"minerva",
      "severity":"info",
      "source":"ciphertrust",
      "success":true,
      "requestId":"b0e2bc 72-63e3-446e-80d3-2d2dc8987915",
      "uri":"kylo:kylo-ddadef1a-d643-469c-8a96-233339b1c:audit:records:e3567a-60ce-4054-be1a-5cdf4",
      "username":"admin"
      },
    "sourceIPs":["10.142.0.27"],
    "response":"success",
    "_gdch_org":"org-1-admin",
    "_gdch_service":"hsm"
    },
  "_gdch_cluster":"org-1-admin",
  "_gdch_fluentbit_pod":"anthos-audit-logs-forwarder-ttg7r",
  "_gdch_service_name":"admin-audit-logs"
}

创建 NetApp ONTAP 租户密钥

包含审核信息的日志条目中的字段
审核元数据	审核字段名称	值
用户或服务身份	不适用	不适用
目标（调用 API 的字段和值）	不适用	不适用
操作（包含所执行操作的字段）	`message.action`	例如， "message":{ "action":"Create Key" }
活动时间戳	`time`	例如， `"time":"2022-11-14T14:55:53.051642Z"`
操作来源	`message.sourceIPs`	例如， "message":{ "sourceIPs":["10.142.0.27"] }
结果	`message.response`	`success` 或 `failure`。例如， "message":{ "response":"success" }
其他字段	`message.description` 字段包含直接从 HSM 检索的完整日志消息。	如需了解详情，请参阅示例日志。

日志示例

{
  "pri":"14",
  "time":"2022-11-14T14:55:53.051642Z",
  "host":"hsmcluster",
  "ident":"hsmcluster",
  "pid":"-",
  "msgid":"-",
  "extradata":"-",
  "message":{
    "time":"2022-11-14T14:55:53.051642Z",
    "auditID":"bda22019-e565-4781-9c81-7a148cd1dfec",
    "user":{},
    "resource":"gpc-system/8b06-ddef1a-d643-469c-8a96-2339b1c",
    "action":"Create Key",
    "description":{
      "account":"kylo:kylo:admin:accounts:kylo",
      "application":"ncryptify:gemalto:admin:apps:kylo",
      "client_ip":"10.142.0.27",
      "createdAt":"2022-11-14T14:55:53.051642Z",
      "details":{
        "algorithm":"AES",
        "aliases":[{
          "alias":"ten-user-org-1",
          "index":0,
          "type":"string"
          }],
        "domain":"root",
        "id":"8b0aec4f428354248f766",
        "name":"ten-user-org-1",
        "objectType":"Symmetric Key",
        "ownerId":"",
        "size":256,
        "uri":"kylo:kylo:vault:keys:ten-user-org-1-v0",
        "usageMask":4194303
        },
      "devAccount":"ncryptify:gemalto:admin:accounts:gemalto",
      "id":"e352167a-60ce-4054-be1a-5cd09f2c64f4",
      "message":"Create Key",
      "principal":{
        "acc":"kylo",
        "acct":"kylo:kylo:admin:accounts:kylo",
        "iss":"kylo",
        "sub":"local|2620af75-cfd5-4279-88f1-c7977a317224"
        },
      "service":"minerva",
      "severity":"info",
      "source":"ciphertrust",
      "success":true,
      "requestId":"b0e2bc 72-63e3-446e-80d3-2d2dc8987915",
      "uri":"kylo:kylo:audit:records:e3567a-60ce-4054-be1a-5cdf4",
      "username":"admin"
      },
    "sourceIPs":["10.142.0.27"],
    "response":"success",
    "_gdch_org":"org-1-admin",
    "_gdch_service":"hsm"
    },
  "_gdch_cluster":"org-1-admin",
  "_gdch_fluentbit_pod":"anthos-audit-logs-forwarder-ttg7r",
  "_gdch_service_name":"admin-audit-logs"
}

硬件安全模块 (HSM) 使用集合让一切井井有条 根据您的偏好保存内容并对其进行分类。

创建 HPE iLO 租户密钥

创建 NetApp ONTAP 租户密钥

硬件安全模块 (HSM)