OpenTP1 Version 7 Operation

[Contents][Index][Back][Next]

Appendix C. Information Output for Audited Events

The following table lists the information output for audited events.

Table C-1 Information output for audited events

Audited event Information output for event
Item name Contents
OpenTP1 startup Message ID (msgid) KFCA33400-I
Component (compid) adm
Event type (ctgry) StartStop
Event result (result) Success
Subject ID information (subj: (euid, pid)) User name or ID of the user who executed the dcstart command.
Object (obj) Node identifier
Action information (op) Start
Object location information (objloc) --
Request source host (from:ipv4) --
Request source port number (from:port) --
Request destination host (to:ipv4) --
Request destination port number (to:port) --
Log message size (Units: bytes) 290 + 2*a
OpenTP1 standby Message ID (msgid) KFCA33401-I
Component (compid) adm
Event type (ctgry) StartStop
Event result (result) Success
Subject ID information (subj: (euid, pid)) User name or ID of the superuser.
Object (obj) Node identifier
Action information (op) Start
Object location information (objloc) --
Request source host (from:ipv4) --
Request source port number (from: port) --
Request destination host (to: ipv4) --
Request destination port number (to:port) --
Log message size (Units: bytes) 326 + 2*a
Normal termination of OpenTP1 Message ID (msgid) KFCA33402-I
Component (compid) adm
Event type (ctgry) StartStop
Event result (result) Success
Subject ID information (subj: (euid, pid)) User name or ID of the user who executed the dcstop command
Object (obj) Node identifier
Action information (op) Stop
Object location information (objloc) --
Request source host (from:ipv4) --
Request source port number (from:port) --
Request destination host (to:ipv4) --
Request destination port number (to:port) --
Log message size (Units: bytes) 289 + 2*a
Abnormal termination of OpenTP1 Message ID (msgid) KFCA33403-E
Component (compid) adm
Event type (ctgry) Failure
Event result (result) Occurrence
Subject ID information (subj: (euid, pid)) The PID associated with the process that led to the OpenTP1 system going down
(0 is output if the process is a process service.)
Object (obj) Node identifier
(**** is output if the node identifier cannot be acquired.)
Action information (op) Occur
Object location information (objloc) --
Request source host (from:ipv4) --
Request source port number (from:port) --
Request destination host (to:ipv4) --
Request destination port number (to:port) --
Log message size (Units: bytes) 321
Critical error in process service Message ID (msgid) KFCA33404-E
Component (compid) prc
Event type (ctgry) Failure
Event result (result) Occurrence
Subject ID information (subj: (euid, pid)) PID of process service
Object (obj) Node identifier
(**** is output if the node identifier cannot be acquired.)
Action information (op) Occur
Object location information (objloc) --
Request source host (from:ipv4) --
Request source port number (from:port) --
Request destination host (to:ipv4) --
Request destination port number (to:port) --
Log message size (Units: bytes) 331
User server startup Message ID (msgid) KFCA33405-I
Component (compid) adm
Event type (ctgry) StartStop
Event result (result) Success
Subject ID information (subj: (euid, pid)) User name or ID of the user who executed the dcsvstart command
Object (obj) User server name
Action information (op) Start
Object location information (objloc) Node identifier
Request source host (from:ipv4) --
Request source port number (from:port) --
Request destination host (to:ipv4) --
Request destination port number (to:port) --
Log message size (Units: bytes) 285 + 2*(a + b)
Remarks These items are also output at startup and termination of the following servers:
RAP-processing server, RAP-processing listener, RAP-processing client manager, TP1/EE, RTSSPP, RTSSUP, MQC gateway server, mqrspp, mqrsup
Normal termination of user server Message ID (msgid) KFCA33406-I
Component (compid) adm
Event type (ctgry) StartStop
Event result (result) Success
Subject ID information (subj: (euid, pid)) User name or ID of the user who executed the dcsvstop command
Object (obj) User server name
Action information (op) Stop
Object location information (objloc) Node identifier
Request source host (from:ipv4) --
Request source port number (from:port) --
Request destination host (to:ipv4) --
Request destination port number (to:port) --
Log message size (Units: bytes) 284 + 2*(a + b)
Remarks These items are also output at startup and termination of the following servers:
RAP-processing server, RAP-processing listener, RAP-processing client manager, TP1/EE, RTSSPP, RTSSUP, MQC gateway server, mqrspp, mqrsup
Abnormal termination of user server Message ID (msgid) KFCA33407-E
Component (compid) adm
Event type (ctgry) Failure
Event result (result) Occurrence
Subject ID information (subj: (euid, pid)) PID of the user server process that went down
Object (obj) User server name
Action information (op) Occur
Object location information (objloc) Node identifier
Request source host (from:ipv4) --
Request source port number (from:port) --
Request destination host (to:ipv4) --
Request destination port number (to:port) --
Log message size (Units: bytes) 313 + 2*b
Remarks These items are also output at startup and termination of the following servers:
RAP-processing server, RAP-processing listener, RAP-processing client manager, TP1/EE, RTSSPP, RTSSUP, MQC gateway server, mqrspp, mqrsup
User server shutdown Message ID (msgid) KFCA33408-I
Component (compid) scd
Event type (ctgry) Failure
Event result (result) Occurrence
Subject ID information (subj: (euid, pid)) PID of scheduler service
Object (obj) User server name
Action information (op) Occur
Object location information (objloc) Node identifier
Request source host (from:ipv4) --
Request source port number (from:port) --
Request destination host (to:ipv4) --
Request destination port number (to:port) --
Log message size (Units: bytes) 348 + 2*b
Service shutdown on user server Message ID (msgid) KFCA33409-I
Component (compid) scd
Event type (ctgry) Failure
Event result (result) Occurrence
Subject ID information (subj: (euid, pid)) PID of scheduler service
Object (obj) User server name, service name
Action information (op) Occur
Object location information (objloc) Node identifier
Request source host (from:ipv4) --
Request source port number (from:port) --
Request destination host (to:ipv4) --
Request destination port number (to:port) --
Log message size (Units: bytes) 365 + 2*(b (user-server-name) + b (service-name))
Successful client user authentication Message ID (msgid) KFCA33410-I
Component (compid) nam
Event type (ctgry) Authentication
Event result (result) Success
Subject ID information (subj: (euid, pid)) PID of name service
Object (obj) Received login name
Action information (op) Login
Object location information (objloc) Node identifier
Request source host (from:ipv4) Y
Request source port number (from:port) Y
Request destination host (to:ipv4) --
Request destination port number (to:port) --
Log message size (Units: bytes) 364 + 2*b
Remarks Output when Y is specified for the client_uid_check operand in the system common definition.
Unsuccessful client user authentication Message ID (msgid) KFCA33411-W
Component (compid) nam
Event type (ctgry) Authentication
Event result (result) Failure
Subject ID information (subj: (euid, pid)) PID of name service
Object (obj) Received login name
Action information (op) Login
Object location information (objloc) Node identifier
Request source host (from:ipv4) Y
Request source port number (from:port) Y
Request destination host (to:ipv4) --
Request destination port number (to:port) --
Log message size (Units: bytes) 360 + 2*b
Remarks Output when Y is specified for the client_uid_check operand in the system common definition.
Service function started execution Message ID (msgid) KFCA33412-I
Component (compid) rpc
Event type (ctgry) AccessControl
Event result (result) Occurrence
Subject ID information (subj: (euid, pid)) PID of the user server that received the service function request
Object (obj) Name of requested service
Action information (op) Enforce
Object location information (objloc) Name of the requested service group
Request source host (from:ipv4) Y
Request source port number (from:port) Y
(Outputs the reception port number of the request source.)
Request destination host (to:ipv4) --
Request destination port number (to:port) --
Log message size (Units: bytes) 552 + 2*(b + c) + FSV + FSVG
Remarks
  • Not acquired for SPP of XATMI, and SPP.NET.
  • May also be output for the following servers, depending on the product versions used:
    Client extended service, RAP-processing server, RAP-processing listener, PAR-processing client manager, TP1/EE, MQC gateway server, mqrspp, mqrsup
Service function completed execution Message ID (msgid) KFCA33413-I
Component (compid) rpc
Event type (ctgry) AccessControl
Event result (result) Occurrence
Subject ID information (subj: (euid, pid)) PID of the user server that received the service function request
Object (obj) Name of requested service
Action information (op) Enforce
Object location information (objloc) Name of the requested service group
Request source host (from:ipv4) Y
Request source port number (from:port) Y
(Outputs the reception port number of the request source.)
Request destination host (to:ipv4) --
Request destination port number (to:port) --
Log message size (Units: bytes) 553 + 2*(b + c) + FSV + FSVG
Remarks
  • Not acquired for SPP of XATMI, and SPP.NET.
  • May also be output for the following servers, depending on the product versions used:
    Client extended service, RAP-processing server, RAP-processing listener, PAR-processing client manager, TP1/EE, MQC gateway server, mqrspp, mqrsup
Invalid message discarded Message ID (msgid) KFCA33414-W
Component (compid) rpc
Event type (ctgry) AnomalyEvent
Event result (result) Occurrence
Subject ID information (subj: (euid, pid)) PID of the process that detected the invalid message
Object (obj) Reception port number
Action information (op) Occur
Object location information (objloc) Node identifier
(**** is output if the node identifier cannot be acquired.)
Request source host (from:ipv4) Y
Request source port number (from:port) Y
(0 is output for UNIX domain communication.)
Request destination host (to:ipv4) --
Request destination port number (to:port) --
Log message size (Units: bytes) 542
RPC call completed Message ID (msgid) KFCA33415-I
Component (compid) rpc
Event type (ctgry) AccessControl
Event result (result) Success/Failure
Subject ID information (subj: (euid, pid)) PID of the user server that issued the request
Object (obj) Destination service of RPC request
Action information (op) Enforce
Object location information (objloc) Name of the service group comprising the requested service
Request source host (from:ipv4) Y
Request source port number (from:port) Y
(Outputs the reception port number of the call source.)
Request destination host (to:ipv4) Y
(Not output if an error is detected before the destination of the RPC request can be established.)
Request destination port number (to:port) Y
(Not output if an error is detected before the destination of the RPC request can be established.)
Log message size (Units: bytes) 709 + 2*(b + c) + FSV + FSVG
Remarks
  • An entry is not output to the audit log for this event if the return value of dc_rpc_call is DCRPCER_PROTO or DCRPCER_INVALID_ARGS.
  • May also be output for the following servers, depending on the product versions used:
    Client extended service, RAP-processing server, RAP-processing listener, PAR-processing client manager, TP1/EE, MQC gateway server, mqrspp, mqrsup
RPC response received
(when using the dc_rpc_poll_any_replies function)		 Message ID (msgid) KFCA33416-I
Component (compid) rpc
Event type (ctgry) AccessControl
Event result (result) Success/Failure
Subject ID information (subj: (euid, pid)) PID of the user server that issued dc_rpc_poll_any_replies()
Object (obj) Destination service of RPC request
(******** is output if an error is detected when using asynchronous-response RPC, before a response is received.)
Action information (op) Enforce
Object location information (objloc) Name of the service group comprising the requested service
(******** is output if an error is detected when using asynchronous-response RPC, before a response is received.)
Request source host (from:ipv4) --
Request source port number (from:port) --
Request destination host (to:ipv4) --
Request destination port number (to:port) --
Log message size (Units: bytes) 538 + 2*(b + c) + FSV + FSVG
Remarks May also be output for the following servers, depending on the product versions used:
Client extended service, RAP-processing server, RAP-processing listener, PAR-processing client manager, TP1/EE, MQC gateway server, mqrspp, mqrsup
Invalid RAP message discarded Message ID (msgid) KFCA33417-W
Component (compid) scs
Event type (ctgry) AnomalyEvent
Event result (result) Occurrence
Subject ID information (subj: (euid, pid)) PID of the process that detected the invalid message
Object (obj) Reception port number
Action information (op) Occur
Object location information (objloc) Node identifier
Request source host (from:ipv4) Y
Request source port number (from:port) Y
Request destination host (to:ipv4) Y
Request destination port number (to:port) Y
Log message size (Units: bytes) 535
Error accessing the OpenTP1 file system Message ID (msgid) KFCA33418-W
Component (compid) fil
Event type (ctgry) ContentAccess
Event result (result) Failure
Subject ID information (subj: (euid, pid)) User name or ID of the process that requested access to the file
Object (obj) Name of the OpenTP1 file
(If the name of the OpenTP1 file system cannot be acquired, this item is not output.)
Action information (op) Refer/Add/Update/Delete
Object location information (objloc) Name of the OpenTP1 file system
(If the name of the OpenTP1 file system cannot be acquired, this item is not output.)
Request source host (from:ipv4) --
Request source port number (from:port) --
Request destination host (to:ipv4) --
Request destination port number (to:port) --
Log message size (Units: bytes) 345 + 2*a + b + c
Command execution Message ID (msgid) KFCA33419-I
Component (compid) cmd
Event type (ctgry) Maintenance
Event result (result) Success/Failure/Occurrence
Subject ID information (subj: (euid, pid)) User name or ID of the user who executed the command.
Object (obj) Command name
Action information (op) Maintain
Object location information (objloc) --
Request source host (from:ipv4) --
Request source port number (from:port) --
Request destination host (to:ipv4) --
Request destination port number (to:port) --
Log message size (Units: bytes) 306 + 2*(a + b) + CPARM
Startup of OpenTP1 service Message ID (msgid) KFCA33420-I
Component (compid) nts
Event type (ctgry) StartStop
Event result (result) Success
Subject ID information (subj: (euid, pid)) Service logon account
Object (obj) Service name (Windows service name)
Action information (op) Start
Object location information (objloc) --
Request source host (from:ipv4) --
Request source port number (from:port) --
Request destination host (to:ipv4) --
Request destination port number (to:port) --
Log message size (Units: bytes) 268 + 2*(a + b)
Remarks Output only in the Windows version
Termination of OpenTP1 service Message ID (msgid) KFCA33421-I
Component (compid) nts
Event type (ctgry) StartStop
Event result (result) Success
Subject ID information (subj: (euid, pid)) Service logon account
Object (obj) Service name (Windows service name)
Action information (op) Stop
Object location information (objloc) --
Request source host (from:ipv4) --
Request source port number (from:port) --
Request destination host (to:ipv4) --
Request destination port number (to:port) --
Log message size (Units: bytes) 259 + 2*(a + b)
Log message size (Units: bytes) Output only in the Windows version
User-specific information acquired from a UAP Message ID (msgid) KFCA34000-x to KFCA34999-x
Component (compid) User-specified value.
(Output in the format *AA, where AA is the value specified by the audit log output API.)
Event type (ctgry) User-specified value
Event result (result) Success/Failure/Occurrence
Subject ID information (subj: (euid, pid)) User name or ID of the user server that called the audit log output API
Object (obj) Service name
Action information (op) User-specified value
Object location information (objloc) User server name
Request source host (from:ipv4) Y
Request source port number (from:port) --
Request destination host (to:ipv4) --
Request destination port number (to:port) --
Log message size (Units: bytes) 290 + a + b + c + msg

Legend:
Y: This item is output.
--: N/A

Explanation of variables used in equations for calculating log message size
To calculate the log message size, replace the variables in the equation with the values for those items. The variables FSV, FSVG, CPARM, and msg refer to data output in comment (msg) format. The following table gives the meaning of each variable:
Variable Description
a The number of characters output as subject ID information
b The number of characters output as object information
c The number of characters output as object location information
FSV The number of characters in the name of the requesting service
FSVG The number of characters in the name of the service group that issued the request
CPARM The number of characters in the command parameters
msg The number of characters in the comment

Calculating the log message size
Calculate the log message size by using the equation particular to the event. To the result of the equation, add the number of characters in the value of the DCDIR environment variable. The result is the log message size for that event.
Example:
The following is an example of calculating the log message size for an OpenTP1 startup event (associated with message ID KFCA33400-I). The name of the user who executed the dcstart command is tp1user. The value of environment variable DCDIR is /usr/OpenTP1, adding 12 to the result.
Equation    = 290+2*a
            = 290+2*7
            = 304
 
Chars in DCDIR = 12
 
Log size = 304 + 12
= 316

Note on log message sizes
The equations for calculating log message size are meant to provide a certain amount of leeway. For this reason, the actual size of the log data may be smaller than the estimate.

[Contents][Back][Next]

[Trademarks]

All Rights Reserved. Copyright (C) 2006, 2010, Hitachi, Ltd.