Retrieving client configuration logs - AWS CloudHSM
Client SDK 5 support toolClient SDK 3 support tool

Retrieving client configuration logs

AWS CloudHSM offers tools for Client SDK 3 and Client SDK 5 to gather information about your environment for AWS Support to troubleshoot problems.

Client SDK 5 support tool

The script extracts the following information:

  • The configuration file for the Client SDK 5 component

  • Available log files

  • Current version of the operating system

  • Package information

Running the info tool for Client SDK 5

Client SDK 5 includes a client support tool for each component, but all tools function the same. Run the tool to create an output file with all the gathered information.

The tools use a syntax like this: 

[ pkcs11 | dyn | jce ]_info

For example, to gather information for support from a Linux host running PKCS #11 library and have the system write to the default directory, you would run this command: 

/opt/cloudhsm/bin/pkcs11_info

The tool creates the output file inside the /tmp directory.

PKCS #11 library
To gather support data for PKCS #11 library on Linux

  • Use the support tool to gather data. 

    /opt/cloudhsm/bin/pkcs11_info
To gather support data for PKCS #11 library on Windows

  • Use the support tool to gather data. 

    C:\Program Files\Amazon\CloudHSM\bin\pkcs11_info.exe
OpenSSL Dynamic Engine
To gather support data for OpenSSL Dynamic Engine on Linux

  • Use the support tool to gather data. 

    /opt/cloudhsm/bin/dyn_info
JCE provider
To gather support data for JCE provider on Linux

  • Use the support tool to gather data. 

    /opt/cloudhsm/bin/jce_info
To gather support data for JCE provider on Windows

  • Use the support tool to gather data. 

    C:\Program Files\Amazon\CloudHSM\bin\jce_info.exe

Retrieving logs from a serverless environment

To configure for serverless environments, like Fargate or Lambda, we recommend you configure your AWS CloudHSM log type to term. Once configured to term, the serverless environment will be able to output to CloudWatch.

To get the client logs from CloudWatch, see Working with log groups and log streams in the Amazon CloudWatch Logs User Guide.

Client SDK 3 support tool

The script extracts the following information:

  • Operating system and its current version

  • Client configuration information from cloudhsm_client.cfg, cloudhsm_mgmt_util.cfg, and application.cfg files

  • Client logs from the location specific to the platform

  • Cluster and HSM information by using cloudhsm_mgmt_util

  • OpenSSL information

  • Current client and build version

  • Installer version

Running the info tool for Client SDK 3

The script creates an output file with all the gathered information. The script creates the output file inside the /tmp directory.

Linux: /opt/cloudhsm/bin/client_info

Windows: C:\Program Files\Amazon\CloudHSM\client_info

Warning

This script has a known issue for Client SDK 3 versions 3.1.0 through 3.3.1. We strongly recommend you upgrade to version 3.3.2 which includes a fix for this issue. Please refer to the Known Issues page for more information before using this tool.