I'm having trouble with my AWS CloudHSM client or appliance. How do I collect CloudHSM logs, so I can troubleshoot these issues?
Logs can help you troubleshoot issues with CloudHSM Classic, and they're especially helpful when working with AWS Support on an existing issue. Use these steps to collect the CloudHSM client "c_supportInfo.txt", CloudHSM appliance "supportInfo.txt" file, and syslogs.
Collect CloudHSM supportInfo.txt files
1. Create the supportInfo.txt file on each CloudHSM client device by running the following command:
$ vtl supportinfo
Example outcome: 'vtl supportInfo' completed. File "c_supportInfo.txt".
2. After the "c_supportInfo.txt" file has been generated on the CloudHSM client, connect to each CloudHSM appliance and generate the "supportInfo.txt" by running the following command:
$ ssh 10.0.1.10 lunash:>hsm supportInfo
Example outcome: 'hsm supportInfo' successful.
3. After you have generated the supportInfo.txt, use SCP from a client machine to get the file name, such as supportInfo.txt, by running the following command:
$ scp manager@<IP-ADDRESS-HSM1>:supportInfo.txt ~/supportInfo-HSM1.txt $ scp manager@<IP-ADDRESS-HSM2>:supportInfo.txt ~/supportInfo-HSM2.txt
4. Provide each support file to AWS Support for further assistance. Here is some of the information provided in the "c_supportInfo.txt" and "supportInfo.txt" files.
Contents of c_supportInfo.txt file. Retrieved from the HSM client. |
Contents of supportInfo.txt file. Retrieved from the HSM appliance. |
|
|
Collect syslogs from your CloudHSM appliance
The HSM appliance generates logs that can be exported via syslog. Syslogs can be used to audit security events, review appliance hardware events, and error logging. When troubleshooting an issue on your HSM appliance AWS Support might request a copy of your appliance's syslogs to review. You can use the steps provided here to extract the HSM appliance's syslogs to provide to AWS Support.
1. Connect to each CloudHSM appliance, and run the following command to generate the syslogs:
$ ssh <IP-ADDRESS-HSM> lunash:> syslog tarlogs
2. Use the following command to generate tar files that contain logs:
scp as filename 'logs.tgz'.
3. From the CloudHSM client, use SCP to copy the logs.tgz files from each CloudHSM appliance to the CloudHSM client. You can gather these files by running commands similar to the following:
$ scp manager@<IP-ADDRESS-HSM1>:logs.tgz ~/logs-HSM1.tgz $ scp manager@<IP-ADDRESS-HSM2>:logs.tgz ~/logs-HSM2.tgz
4. From your workstation, use SCP to copy the syslogs logs.tgz files from the HSM client to your workstation in order to provide the logs to AWS Support for review. You can gather these files by running commands similar to the following:
$ scp -i "privatekeyfile.pem" ec2-user@<CLIENT-PUBLIC-IP>:logs-HSM1.tgz ~/logs-HSM1.tgz $ scp -i "privatekeyfile.pem" ec2-user@<CLIENT-PUBLIC-IP>:logs-HSM2.tgz ~/logs-HSM2.tgz
Following these steps will allow you to generate and retrieve the CloudHSM client's "c_supportInfo.txt" file, the HSM appliance's "supportInfo.txt" file, and syslogs, which you can provide to AWS Support for further assistance.
Did this page help you? Yes | No
Back to the AWS Support Knowledge Center
Need help? Visit the AWS Support Center
Published: 2017-09-06
