OpenTP1 Version 7 Operation
To output audit logs, specify the following definitions:
Store the log service definition you created in the directory specified by the DCCONFPATH environment variable in the system environment definition ($DCDIR/conf/env). If no value is assigned to the DCCONFPATH environment variable, system definitions are stored in the directory $DCDIR/conf.
For details about the log service definition, see the manual OpenTP1 System Definition.
When you execute the dcauditsetup command after creating the log service definition, the directories and files required by the audit log function are created. The following table lists the directories and files that are created.
Table 3-10 Directories and files created when the dcauditsetup command is executed
File or directory | User ID | Group ID | Access permission | Description |
---|---|---|---|---|
$DCDIR/auditlog# | User ID of OpenTP1 system administrator | Group ID of OpenTP1 system administrator | 0777 | Directory for storing audit log files |
$DCDIR/auditlog/audit.log# | User ID of OpenTP1 system administrator | Group ID of OpenTP1 system administrator | 0666 | Audit log file |
To change the definitions relating to audit logs after the execution environment is set up, perform the following steps:
If you change the DCCONFPATH environment variable in the system environment definition, perform the same procedure to apply the settings in the log service definition stored in the new directory specified by DCCONFPATH.
Use the log_audit_message operand in the log service definition or user service definition to specify the types of information to be acquired as audit log information.
For details about the correspondence between the definitions and the message IDs of items to be acquired as audit log information, see the manual OpenTP1 System Definition.
If you change the value assigned to the log_audit_message operand in the log service definition, you must then execute the dcauditsetup command to apply the new setting.
The acquisition of large quantities of audit log entries can impair system performance. For this reason, acquire only those items you feel are necessary. We recommend that you acquire the following items as audit log information:
The following examples show how to specify the log_audit_message operand in a log service definition and user service definition to acquire the recommended audit log information.
set log_audit_message=33400,33401,33402,33403,33404,33419 |
set log_audit_message=34000 |
The acquisition of large quantities of audit log entries can impair system performance. For this reason, only those items that are necessary for the auditing process should be acquired. We recommend that you evaluate your system's performance before using this feature.
All Rights Reserved. Copyright (C) 2006, 2010, Hitachi, Ltd.