Breadcrumbs

Logs and Validation Steps

The KMS plugin logs, PKCS#11 API logs and KMS plugin pod logs can be used for analysis.

  1. KMS plugin logging

    1. The KMS plugin provides configurable logging to assist with monitoring and troubleshooting. Logging can be enabled and controlled via the configuration file located at '/etc/kms/config/cs_pkcs11_R3.cfg'.

    2. Log level configuration: The logging verbosity is controlled by the KMS_Plugin_log_level attribute. Supported values are 0 to 3.

    3. The KMS plugin writes its logs to the file '/etc/kms/log/KMSplugin.log'.

  2. PKCS#11 API Logging

    1. The PKCS#11 library used by the KMS plugin also supports logging for the cryptographic operations performed. The logging is configured in the configuration file '/etc/kms/config/cs_pkcs11_R3.cfg'.

    2. Set the Logging attribute to enable PKCS#11 API logging in the config file. Ensure the Logpath is correctly set for Unix systems as '/tmp/k8s'.

    3. The PKCS#11 API logs are written to '/etc/kms/log/cs_pkcs11_R3.log'.

  3. KMS plugin pod logs

    1. The KMS plugin pod logs can be accessed using the command below:

# kubectl logs kms-plugin-v2-master-node -n kube-system