When an HSM in your account receives a command from the AWS CloudHSM command line tools or software libraries, it records its execution of the command in audit log form. The HSM audit logs include all client-initiated management commands, including those that create and delete the HSM, log into and out of the HSM, and manage users and keys. These logs provide a reliable record of actions that have changed the state of the HSM.
Datadog integrates with AWS CloudHSM via a Lambda function that ships CloudHSM logs to Datadog’s Log Management solution.
Audit logs are enabled by default for CloudHSM.
Once done, go in your Datadog Log section to start exploring your logs!
Need help? Contact Datadog Support.