To output audit logs, specify the following definitions:

• Specify Y for the log_audit_out operand in the log service definition.
• Specify the message IDs to be output to the audit log in the log_audit_message operand in the log service definition.

Store the log service definition you created in the directory specified by the DCCONFPATH environment variable in the system environment definition ($DCDIR/conf/env). If no value is assigned to the DCCONFPATH environment variable, system definitions are stored in the directory $DCDIR/conf.

For details about the log service definition, see the manual OpenTP1 System Definition.

When you execute the dcauditsetup command after creating the log service definition, the directories and files required by the audit log function are created. The following table lists the directories and files that are created.

Table 3-10 Directories and files created when the dcauditsetup command is executed

File or directory	User ID	Group ID	Access permission	Description
$DCDIR/auditlog#	User ID of OpenTP1 system administrator	Group ID of OpenTP1 system administrator	0777	Directory for storing audit log files
$DCDIR/auditlog/audit.log#	User ID of OpenTP1 system administrator	Group ID of OpenTP1 system administrator	0666	Audit log file

#

This directory is used by default when the log_audit_path operand is unspecified in the log service definition. When the log_audit_path operand is specified, the specified directory is created and the audit log file is created in that directory.

Note that the dcauditsetup command only creates the lowest-level directory. Any higher-level directories must already be in place. If you also create the lowest-level directory in advance of executing the dcauditsetup command, assign the directory the access permission shown in the table above.

To change the definitions relating to audit logs after the execution environment is set up, perform the following steps:

1. Stop OpenTP1.
2. Change the definitions.
3. Execute the dcauditsetup command (as a superuser).
4. Execute the dcreset command.
5. Start OpenTP1.

If you change the DCCONFPATH environment variable in the system environment definition, perform the same procedure to apply the settings in the log service definition stored in the new directory specified by DCCONFPATH.

Use the log_audit_message operand in the log service definition or user service definition to specify the types of information to be acquired as audit log information.

For details about the correspondence between the definitions and the message IDs of items to be acquired as audit log information, see the manual OpenTP1 System Definition.

If you change the value assigned to the log_audit_message operand in the log service definition, you must then execute the dcauditsetup command to apply the new setting.

The acquisition of large quantities of audit log entries can impair system performance. For this reason, acquire only those items you feel are necessary. We recommend that you acquire the following items as audit log information:

• Audit log information relating to OpenTP1 startup and shutdown (KFCA33400-I to KFCA33404-E)
• Audit log information relating to command execution (KFCA33419-I)
• User-defined audit log information acquired from a user server (KFCA34000-x to KFCA34999-x)^#
  If you intend to acquire audit log information for user servers, first identify the user servers for which you want to keep an operation history. If you are unable to amend a particular user server program, you can keep an access record for the program by acquiring the messages that indicate execution of the service function has begun (KFCA33412-I) or completed (KFCA33413-I) as audit log information.
  

  #

  The message IDs from KFCA34000-x to KFCA34999-x are allocated to audit log information acquired from a UAP. The letter x is replaced by the message type (E, W, or I) as specified by the dc_log_audit_print function.

The following examples show how to specify the log_audit_message operand in a log service definition and user service definition to acquire the recommended audit log information.

Specification of log_audit_message operand in the log service definition

set log_audit_message=33400,33401,33402,33403,33404,33419

Specification in user service definition for a user server that will output audit log information

set log_audit_message=34000

The acquisition of large quantities of audit log entries can impair system performance. For this reason, only those items that are necessary for the auditing process should be acquired. We recommend that you evaluate your system's performance before using this feature.