Retrieving Client Configuration Logs - AWS CloudHSM

Retrieving Client Configuration Logs

AWS CloudHSM offers tools for Client SDK 3 and Client SDK 5 to gather information about your environment for AWS Support to troubleshoot problems.

Client SDK 3 Support Tool

The script extracts the following information:

  • Operating system and its current version

  • Client configuration information from cloudhsm_client.cfg, cloudhsm_mgmt_util.cfg, and application.cfg files

  • Client logs from the location specific to the platform

  • Cluster and HSM information by using cloudhsm_mgmt_util

  • OpenSSL information

  • Current client and build version

  • Installer version

Running the Client Tool for Client SDK 3

The script creates an output file with all the gathered information. You can specify the directory path, where you want to add the output file, as an output parameter in the command. The directory path must have the appropriate write access. Alternatively, you can run the script without specifying the directory path. In such case, the script creates the output file inside the temp directory.

Linux: /opt/cloudhsm/bin/client_info -output

Windows: C:\Program Files\Amazon\CloudHSM\client_info -output

Replace the output parameter with the directory path where you want to create the output file.

Client SDK 5 Support Tool

The script extracts the following information:

  • The configuration file for the Client SDK 5 component

  • Available log files

  • Current version of the operating system

  • Package information

Running the Client Tool for Client SDK 5

Client SDK 5 includes a client support tool for each component, but all tools function the same. Run the tool to create an output file with all the gathered information.

The tools use a syntax like this:

[ pkcs11 | dyn ]-info [--output </path/to/output/dir>]

For example, to gather information for support from a Linux host running PKCS #11 library and have the system write to the default directory, you would run this command:

/opt/cloudhsm/bin/pkcs11-info

The output parameter is optional and followed by a writable location in the file system. If you don't specify an output, the tool writes to the hosts temporary directory.

PKCS #11 library

To gather support data for PKCS #11 library on Linux

  • Use the support tool to gather data.

    /opt/cloudhsm/bin/pkcs11-info --output </path/to/output/dir>

To gather support data for PKCS #11 library on Windows

  • Use the support tool to gather data.

    C:\Program Files\Amazon\CloudHSM\bin\pkcs11-info.exe --output <C:\Output\Path>
OpenSSL Dynamic Engine

To gather support data for OpenSSL Dynamic Engine on Linux

  • Use the support tool to gather data.

    /opt/cloudhsm/bin/dyn-info --output </path/to/output/dir>