Working with client SDK logs - AWS CloudHSM

Working with client SDK logs

You can retrieve logs generated by the Client SDK. AWS CloudHSM offers an implementation of logging with Client SDK 3 and Client SDK 5.

Client SDK 5 logging

Client SDK 5 logs contain information for each component in a file named for the component. You can use the configure tool for Client SDK 5 to configure logging for each component.

If you do not specify a location for the file, the system writes logs to the default location:

PKCS #11 library
  • Linux

    /opt/cloudhsm/run/cloudhsm-pkcs11.log

    Windows

    C:\Program Files\Amazon\CloudHSM\cloudhsm-pkcs11.log
OpenSSL Dynamic Engine
  • Linux

    stderr
JCE provider
  • Linux

    /opt/cloudhsm/run/cloudhsm-jce.log

    Windows

    C:\Program Files\Amazon\CloudHSM\cloudhsm-jce.log

For information on how to configure logging for Client SDK 5, see the Client SDK 5 Configure tool

Client SDK 3 logging

Client SDK 3 logs contain detailed information from the AWS CloudHSM client daemon. The location of the logs depends on the operating system of the Amazon EC2 client instance where you run the client daemon.

Amazon Linux

In Amazon Linux, the AWS CloudHSM client logs are written to the file named /opt/cloudhsm/run/cloudhsm_client.log. You can use logrotate or a similar tool to rotate and manage these logs.

Amazon Linux 2

In Amazon Linux 2, the AWS CloudHSM Client logs are collected and stored in the journal. You can use journalctl to view and manage these logs. For example, use the following command to view the AWS CloudHSM Client logs.

journalctl -f -u cloudhsm-client
CentOS 7

In CentOS 7, the AWS CloudHSM Client logs are collected and stored in the journal. You can use journalctl to view and manage these logs. For example, use the following command to view the AWS CloudHSM Client logs.

journalctl -f -u cloudhsm-client
CentOS 8

In CentOS 8, the AWS CloudHSM Client logs are collected and stored in the journal. You can use journalctl to view and manage these logs. For example, use the following command to view the AWS CloudHSM Client logs.

journalctl -f -u cloudhsm-client
RHEL 7

In Red Hat Enterprise Linux 7, the AWS CloudHSM Client logs are collected and stored in the journal. You can use journalctl to view and manage these logs. For example, use the following command to view the AWS CloudHSM Client logs.

journalctl -f -u cloudhsm-client
RHEL 8

In Red Hat Enterprise Linux 8, the AWS CloudHSM Client logs are collected and stored in the journal. You can use journalctl to view and manage these logs. For example, use the following command to view the AWS CloudHSM Client logs.

journalctl -f -u cloudhsm-client
Ubuntu 16.04

In Ubuntu 16.04, the AWS CloudHSM Client logs are collected and stored in the journal. You can use journalctl to view and manage these logs. For example, use the following command to view the AWS CloudHSM Client logs.

journalctl -f -u cloudhsm-client
Ubuntu 18.04

In Ubuntu 18.04, the AWS CloudHSM Client logs are collected and stored in the journal. You can use journalctl to view and manage these logs. For example, use the following command to view the AWS CloudHSM Client logs.

journalctl -f -u cloudhsm-client
Windows
  • For Windows client 1.1.2+:

    AWS CloudHSM client logs are written to a cloudhsm.log file in the AWS CloudHSM program files folder (C:\Program Files\Amazon\CloudHSM\). Each log file name is suffixed with a timestamp indicating when the AWS CloudHSM client was started.

  • For Windows client 1.1.1 and older:

    The client logs are not written to a file. The logs are displayed at the command prompt or in the PowerShell window where you started the AWS CloudHSM client.