Working with AWS CloudHSM client SDK logs
You can retrieve logs generated by the Client SDK. AWS CloudHSM offers an implementation of logging
with Client SDK 3 and Client SDK 5.
Client SDK 5 logging
Client SDK 5 logs contain information for each component in a file named for the component.
You can use the configure tool for Client SDK 5 to configure logging for each component.
If you do not specify a location for the file, the system writes logs to the default location:
- PKCS #11 library
-
- OpenSSL Dynamic Engine
-
- JCE provider
-
For information on how to configure logging for Client SDK 5, see the Client SDK 5 Configure tool
Client SDK 3 logging
Client SDK 3 logs contain detailed information from the AWS CloudHSM client daemon. The location of
the logs depends on the operating system of the Amazon EC2 client instance where you run the client
daemon.
- Amazon Linux
-
In Amazon Linux, the AWS CloudHSM client logs are written to the file named
/opt/cloudhsm/run/cloudhsm_client.log
. You can use
logrotate or a similar tool to rotate and manage these logs.
- Amazon Linux 2
-
In Amazon Linux 2, the AWS CloudHSM Client logs are collected and stored in the
journal. You can use journalctl to view and
manage these logs. For example, use the following command to view the AWS CloudHSM Client logs.
journalctl -f -u cloudhsm-client
- CentOS 7
-
In CentOS 7, the AWS CloudHSM Client logs are collected and stored in the
journal. You can use journalctl to view and
manage these logs. For example, use the following command to view the AWS CloudHSM Client logs.
journalctl -f -u cloudhsm-client
- CentOS 8
-
In CentOS 8, the AWS CloudHSM Client logs are collected and stored in the
journal. You can use journalctl to view and
manage these logs. For example, use the following command to view the AWS CloudHSM Client logs.
journalctl -f -u cloudhsm-client
- RHEL 7
-
In Red Hat Enterprise Linux 7, the AWS CloudHSM Client logs are collected and stored in the
journal. You can use journalctl to view and
manage these logs. For example, use the following command to view the AWS CloudHSM Client logs.
journalctl -f -u cloudhsm-client
- RHEL 8
-
In Red Hat Enterprise Linux 8, the AWS CloudHSM Client logs are collected and stored in the
journal. You can use journalctl to view and
manage these logs. For example, use the following command to view the AWS CloudHSM Client logs.
journalctl -f -u cloudhsm-client
- Ubuntu 16.04
-
In Ubuntu 16.04, the AWS CloudHSM Client logs are collected and stored in the
journal. You can use journalctl to view and
manage these logs. For example, use the following command to view the AWS CloudHSM Client logs.
journalctl -f -u cloudhsm-client
- Ubuntu 18.04
-
In Ubuntu 18.04, the AWS CloudHSM Client logs are collected and stored in the
journal. You can use journalctl to view and
manage these logs. For example, use the following command to view the AWS CloudHSM Client logs.
journalctl -f -u cloudhsm-client
- Windows
-
-
For Windows client 1.1.2+:
AWS CloudHSM client logs are written to a cloudhsm.log
file in the AWS CloudHSM
program files folder (C:\Program Files\Amazon\CloudHSM\
). Each log file
name is suffixed with a timestamp indicating when the AWS CloudHSM client was
started.
-
For Windows client 1.1.1 and older:
The client logs are not written to a file. The logs are displayed at the command
prompt or in the PowerShell window where you started the AWS CloudHSM client.