Verifying audit record packages manually

Verify audit record packages by confirming the contents of the checksum file. A checksum file is included with each audit record package to confirm that the package is valid and not corrupted.

Before you begin

Download the audit record package that you want to verify from the console or the external storage server.

You must be assigned the Auditing role with permission to View all auditing reports (Read-only) to perform these steps.

About this task

These steps also require use of base64 and openssl commands.

Procedure

  1. Obtain the public key for the audit record package from the following URL: https://[PureApp server hostname or IP address]/audit/resources/recordpackages?server_public_key, where [server hostname or IP address] is the Cloud Pak System Software server name or IP address.
  2. Save the public key information as a text file.
  3. Extract the comma-separated values (CSV) file and the checksum file from the audit record package compressed file.
  4. Enter the base64 command to decode the checksum file:
    # cat puresystems-auto-audit-XXX.checksum | base64 --decode > decoded-puresystems-auto-audit-XXX.checksum
  5. Enter the openssl command to verify the audit records:
    # openssl dgst -sha512 -verify [publicKeyFile] -signature [decoded(checksum)File] [messageFile]
    where [messageFile] is the CSV file that you extracted from the audit record compressed file.