3.7.5 List of audited events and their triggers

This section gives a list of the events that can result in the output of audit log information (called audited events), and the point during the event when the audit log information is output.

Organization of this subsection
(1) List of audited events
(2) Output points for audit log information

(1) List of audited events

The following table lists the events that can be entered in an audit log file.

Table 3-13 List of audited events

Audited eventMessage IDs
OpenTP1 startupKFCA33400-I
OpenTP1 standbyKFCA33401-I
Normal termination of OpenTP1KFCA33402-I
Abnormal termination of OpenTP1KFCA33403-E
Critical error in process serviceKFCA33404-E
User server startupKFCA33405-I
Normal termination of user serverKFCA33406-I
Abnormal termination of user serverKFCA33407-E
User server shutdownKFCA33408-I
Service shutdown on user serverKFCA33409-I
Successful client user authenticationKFCA33410-I
Unsuccessful client user authenticationKFCA33411-W
Service function started executionKFCA33412-I
Service function completed executionKFCA33413-I
Invalid message discardedKFCA33414-W
RPC call completedKFCA33415-I
RPC response received
(when using the dc_rpc_poll_any_replies function)
KFCA33416-I
Invalid RAP message discardedKFCA33417-W
Error accessing the OpenTP1 file systemKFCA33418-W
Command executionKFCA33419-I
Startup of OpenTP1 serviceKFCA33420-I
Termination of OpenTP1 serviceKFCA33421-I
User-specific information acquired from a UAPKFCA34000-x to KFCA34999-x#

For details about these messages, see the manual OpenTP1 Messages.

#
The message IDs from KFCA34000-x to KFCA34999-x are allocated to optional audit log information acquired from a UAP. x substitutes for the message type (E, W, or I) as specified by the dc_log_audit_print function.

(2) Output points for audit log information

The following describes the particular stage during each event at which the information is output to the audit log.

(a) OpenTP1 startup

The following figure shows the point at which an entry is output to the audit log during the OpenTP1 startup process.

Figure 3-6 Point of audit log output (OpenTP1 startup)

[Figure]

The following table lists the point of audit log output and the corresponding message ID.

Table 3-14 Correspondence between output point and message ID for an audit log entry associated with OpenTP1 startup

Audited eventNumber in figureMessage ID of output audit log information
OpenTP1 startup1KFCA33400-I
(b) OpenTP1 standby

The following figure shows the point at which an entry is output to the audit log when OpenTP1 enters standby status.

Figure 3-7 Point of audit log output (OpenTP1 standby)

[Figure]

The following table lists the point of audit log output and the corresponding message ID.

Table 3-15 Correspondence between output points and message IDs for an audit log entry associated with OpenTP1 standby

Audited eventNumber in figureMessage ID of output audit log information
OpenTP1 standby1KFCA33401-I
(c) Normal termination of OpenTP1

The following figure shows the point at which an entry is output to the audit log when OpenTP1 terminates normally.

Figure 3-8 Point of audit log output (normal termination of OpenTP1)

[Figure]

The following table lists the point of audit log output and the corresponding message ID.

Table 3-16 Correspondence between output points and message IDs for an audit log entry associated with normal termination of OpenTP1

Audited eventNumber in figureMessage ID of output audit log information
Normal termination of OpenTP11KFCA33402-I
(d) Abnormal termination of OpenTP1 or critical error in process service

The following figure shows the point at which an entry is output to the audit log when OpenTP1 terminates abnormally or a critical error occurs that affects the process service.

Figure 3-9 Point of audit log output (abnormal termination of OpenTP1 or critical error in process service)

[Figure]

The following table lists the points of audit log output and the corresponding message IDs.

Table 3-17 Correspondence between output points and message IDs for an audit log entry associated with abnormal termination of OpenTP1 and critical errors in the process service

Audited eventNumber in figureMessage ID of output audit log information
Abnormal termination occurred OpenTP11KFCA33403-E
Critical error in process service2KFCA33404-E
(e) User server startup

The following figure shows the point at which an entry is output to the audit log during startup of a user server.

Figure 3-10 Point of audit log output (user server startup)

[Figure]

The following table lists the point of audit log output and the corresponding message ID.

Table 3-18 Correspondence between output points and message IDs for an audit log entry associated with user server startup

Audited eventNumber in figureMessage ID of output audit log information
User server startup1KFCA33405-I
(f) Normal termination of user server

The following figure shows the point at which an entry is output to the audit log when a user server terminates normally.

Figure 3-11 Point of audit log output (normal termination of user server)

[Figure]

The following table lists the point of audit log output and the corresponding message ID.

Table 3-19 Correspondence between output points and message IDs for an audit log entry associated with normal termination of user server

Audited eventNumber in figureMessage ID of output audit log information
Normal termination of user server1KFCA33406-I
(g) Abnormal termination of user server

The following figure shows the point at which an entry is output to the audit log when a user server terminates abnormally.

Figure 3-12 Point of audit log output (abnormal termination of user server)

[Figure]

The following table lists the point of audit log output and the corresponding message ID.

Table 3-20 Correspondence between output points and message IDs for an audit log entry associated with abnormal termination of user server

Audited eventNumber in figureMessage ID of output audit log information
Abnormal termination of user server1KFCA33407-E
(h) User server shutdown or service shutdown on user server

The following figure shows the points at which an entry is output to the audit log when a user server is shut down, or a service on a user server is shut down.

Figure 3-13 Point of audit log output (user server shutdown or service shutdown on user server)

[Figure]

The following table lists the points of audit log output and the corresponding message IDs.

Table 3-21 Correspondence between output points and message IDs for an audit log entry associated with user server shutdown or service shutdown on user server

Audited eventNumber in figureMessage ID of output audit log information
User server shutdown1KFCA33408-I
Service shutdown on user server1KFCA33409-I
(i) Successful or unsuccessful client user authentication

The following figure shows the points at which an entry is output to the audit log when a client user performs authentication and succeeds, or attempts authentication but fails.

Figure 3-14 Point of audit log output (successful or unsuccessful client user authentication)

[Figure]

The following table lists the points of audit log output and the corresponding message IDs.

Table 3-22 Correspondence between output points and message IDs for an audit log entry associated with successful or unsuccessful client user authentication

Audited eventNumber in figureMessage ID of output audit log information
Successful client user authentication1KFCA33410-I
Unsuccessful client user authentication1KFCA33411-W
(j) RPC execution

The points at which an entry is output to the audit log for synchronous-response RPC, asynchronous-response RPC, and non-response RPC are shown in Figures 3-15, 3-16, and 3-17, respectively.

Figure 3-15 Point of audit log output (synchronous-response RPC)

[Figure]

Figure 3-16 Point of audit log output (asynchronous-response RPC)

[Figure]

Figure 3-17 Point of audit log output (non-response RPC)

[Figure]

The following table lists the points of audit log output and the corresponding message IDs.

Table 3-23 Correspondence between output points and message IDs for an audit log entry associated with RPC execution

Audited eventNumber in figureMessage ID of output audit log information
Service function started execution1KFCA33412-I
Service function completed execution2KFCA33413-I
RPC call completed3KFCA33415-I
RPC response received (when using the dc_rpc_poll_any_replies function)4KFCA33416-I
(k) Invalid message discarded

The following figure shows the point at which an entry is output to the audit log when an invalid message is discarded.

Figure 3-18 Point of audit log output (invalid message discarded)

[Figure]

The following table lists the points of audit log output and the corresponding message IDs.

Table 3-24 Correspondence between output points and message IDs for an audit log entry associated with discarding invalid messages

Audited eventNumber in figureMessage ID of output audit log information
Invalid message discarded1KFCA33414-W
Invalid RAP message discarded1KFCA33417-W
(l) Error accessing the OpenTP1 file system

The following figure shows the point at which an entry is output to the audit log when an error occurs while accessing the OpenTP1 file system.

Figure 3-19 Point of audit log output (error accessing the OpenTP1 file system)

[Figure]

The following table lists the point of audit log output and the corresponding message ID.

Table 3-25 Correspondence between output points and message IDs for an audit log entry associated with OpenTP1 file system access errors

Audited eventNumber in figureMessage ID of output audit log information
Error accessing the OpenTP1 file system1KFCA33418-W
(m) Command execution

The following figure shows the point at which an entry is output to the audit log when a command is executed.

Figure 3-20 Point of audit log output (command execution)

[Figure]

The following table lists the point of audit log output and the corresponding message ID.

Table 3-26 Correspondence between output points and message IDs for an audit log entry associated with command execution

Audited eventNumber in figureMessage ID of output audit log information
Command execution1KFCA33419-I
(n) OpenTP1 service startup

The following figure shows the point at which an entry is output to the audit log when the OpenTP1 service starts.

Figure 3-21 Point of audit log output (OpenTP1 service startup)

[Figure]

The following table shows the point of audit log output and the corresponding message ID.

Table 3-27 Correspondence between output point and message ID for an audit log entry associated with OpenTP1 service startup

Audited eventNumber in figureMessage ID of output audit log information
Startup of OpenTP1 service1KFCA33420-I
(o) OpenTP1 service termination

The following figure shows the point at which an entry is output to the audit log when the OpenTP1 service stops.

Figure 3-22 Point of audit log output (OpenTP1 service termination)

[Figure]

The following table shows the point of audit log output and the corresponding message ID.

Table 3-28 Correspondence between output point and message ID for an audit log entry associated with the OpenTP1 service service

Audited eventNumber in figureMessage ID of output audit log information
Termination of OpenTP1 service1KFCA33421-I