An audit log is a file containing historical information about the operations performed on OpenTP1 programs by system developers, operators, and users, together with the program behavior triggered by those operations. By examining an audit log, the auditor can find out what was done, when, and by whom. Thus, audit logs can be used as records for investigating system usage and unauthorized access.

The entries in an audit log include information about the user who executed a command or performed an operation, information about audited events such as whether the processing resulting from an operation succeeded or failed, and information about the object of an operation or process. This information is useful for monitoring the system.

When OpenTP1 is linked with JP1/NETM/Audit, audit logs can be automatically collected and centrally managed.

Figure 3-78 shows the flow of audit logging and the main types of information acquired.

Figure 3-78 Audit logging and main categories of information acquired

Information is output to an audit log when an operation is performed in an OpenTP1 program, such as execution of a command. Logged operations may be executed by a system administrator or operator, according to the task being performed. An entry is also logged when an audited event occurs in a process. Audited events are OpenTP1 program operations and resultant processing that need to be recorded to examine the adequacy of the system configuration, operation, and usage. Audited events are categorized and defined in OpenTP1 as shown in Table 3-21.

Table 3-21 Definition of audited events

Event category	Event description	Output information
StartStop	Event indicating that software was started or stopped OpenTP1 started or stopped User server startup or termination	Start	Software started
		Stop	Software stopped
Authentication	Event indicating whether attempted authentication by a client user succeeded or failed	Login	User logged in
		Logout	User logged out
		Logon	User logged on
		Logoff	User logged off
		Disable	Account disabled
AccessControl	Event indicating whether attempted access by an administrator or user to a controlled resource succeeded or failed	Enforce	Access controlled
ConfigurationAccess	Event indicating whether an operation by an administrator or user to change or otherwise manipulate setting information succeeded or failed	Refer	Information referenced
		Add	Information added
		Update	Information updated
		Delete	Information deleted
Failure	Event indicating a software error	Occur	Error occurred
LinkStatus	Event indicating whether equipment is linked	Up	Link active
		Down	Link inactive
ExternalService	Event indicating the result of communication between the software and an external service	Request	Request
		Response	Response
		Send	Send
		Receive	Receive
ContentAccess	Event indicating whether attempted access to critical data succeeded or failed	Refer	Information referenced
		Add	Information added
		Update	Information updated
		Delete	Information deleted
Maintenance	Event indicating whether a maintenance operation by an administrator or technician succeeded or failed	Install	Software installed
		Uninstall	Software uninstalled
		Update	Software updated
		Backup	Data backup
		Maintain	Maintenance task
AnomalyEvent	Event indicating a communication error	Occur	Error occurred
ManagementAction	Event indicating a critical action in a program, or an action triggered by a different category of audited event	Invoke	Administrator called a function
		Notify	Administrator was notified

Events are defined for each audit event category. For a detailed list of audit events, see the description of logged event information in the manual OpenTP1 Operation.

OpenTP1 provides an API (dc_log_audit_print function) that outputs specified audit log data from a UAP. Using this API, you can output audit log entries when a UAP operation is performed or processing is performed by the UAP, as well as when an audit event occurs.

For details about logging selected audit information, see the OpenTP1 Programming Guide.