Nonstop Database, HiRDB Version 9 System Operation Guide
The following table shows the columns of the audit trail table.
Table 24-20 Audit trail table columns
Column name | Column content | Column data type | NULL value specification | |
---|---|---|---|---|
USER_NAME | Authorization identifier of the person who executed the audited event. For a command or utility executed by the HiRDB administrator or a general OS user, the OS user name is output. |
MVARCHAR(30) | No | |
EXEC_DATE | Date the event was executed. Event execution date means the date according to the standard time at which the server that issued the audit trail output request requests output of an audit trail to the audit trail buffer. |
DATE | No | |
EXEC_TIME | Time the event was executed. Event execution time means the time according to the standard time at which the server that issued the audit trail output request requests output of an audit trail to the audit trail buffer. |
TIME | No | |
EXEC_TIME_MICRO | Time the event was executed (microseconds). Event execution time means the time according to the standard time at which the server that issued the audit trail output request requests output of an audit trail to the audit trail buffer. |
INTEGER | No | |
EVENT_TYPE | Event type. For details about the event types and subtypes, see (1) Event types and subtypes. | CHAR(3) | No | |
EVENT_SUBTYPE | Event subtype. For details about the event types and subtypes, see (1) Event types and subtypes. | CHAR(3) | No | |
EVENT_RESULT | Result of event execution; this item flags whether privilege checking was successful: S: Privilege checking or event succeeded. F: Privilege checking or event failed. U: Part of the event failed. |
CHAR(1) | No | |
USED_PRIVILEGE | Privilege used when the event executed. When the event is terminated, three consecutive blank symbols () are output. AUD: Audit privilege CNT: CONNECT privilege DBA: DBA privilege DEL: DELETE privilege INS: INSERT privilege OWN: Owner RDA: RDAREA usage privilege SCH: Schema definition privilege SEL: SELECT privilege SYS: HiRDB administrator UPD: UPDATE privilege USG: Sequence generator usage privilege |
CHAR(3) | No | |
UAP_NAME | Name of the UAP that issued the event.#1 If the UAP name is fewer than 30 characters, it is padded with trailing blank symbols (). In all other cases, the NULL value is output. |
VARCHAR(30) | Yes | |
SERVICE_NAME | Name of the service requested by the UAP that issued the event. If an OpenTP1 UAP, this is the name of the service requested by SPP or MHP. If not an OpenTP1 UAP, 31 consecutive asterisks (*) are output. In all other cases, the NULL value is output. |
VARCHAR(31) | Yes | |
IP_ADDRESS | IP address that issued the event. The NULL value is output when the IP address cannot be identified. | VARCHAR(63) | Yes | |
PROCESS_ID | Process ID that issued the event. The NULL value is output when the process ID cannot be identified. For a command or utility, the process ID of the executed command is output. At the start of audit trail overwriting by the system, the process ID of the audit trail management server process is output. If connected from a Type4 JDBC driver, 0 is output. In all other cases, the process ID of the single server or front-end server that connected is output. |
INTEGER | Yes | |
THREAD_ID | Thread ID that issued the event. The NULL value is output when the thread ID cannot be identified. | INTEGER | Yes | |
HOST_NAME | Name of the host that received the event. The host name specified in the -x option of the pdunit operand is output. If a system switchover facility is used, the host name of the primary system is output. The NULL value is output when the name of the host that received the event cannot be identified. |
VARCHAR(32) | Yes | |
UNIT_NAME | Unit identifier that received the event. The unit identifier specified in the -u option of the pdunit operand is output. The NULL value is output when the unit identifier that received the event cannot be identified. |
CHAR(4) | Yes | |
SERVER_NAME | Name of the server that received the event. For a HiRDB single server configuration, this is the name of the single server; for a HiRDB parallel server configuration, this is the name of the front-end server. This is output when the server name can be identified. The server name specified in the -s option of the pdstart operand is output. The NULL value is output when the name of the server that received the event cannot be identified. |
VARCHAR(8) | Yes | |
CONNECT_NUMBER | Connection number of the event issuer. The NULL value is output when the connection number cannot be identified. | INTEGER | Yes | |
SQL_NUMBER | Event SQL number. The NULL value is output when the event SQL number cannot be identified. | INTEGER | Yes | |
OBJECT_SCHEMA | Object information detail#2 | Owner of the object for which the event privilege is being checked. The NULL value is output when the object owner cannot be identified. | MVARCHAR(30) | Yes |
OBJECT_NAME | Name of the object for which the event privilege is being checked. The NULL value is output when the object name cannot be identified. | MVARCHAR(30) | Yes | |
OBJECT_TYPE | Type of object for which the event privilege is being checked. The NULL value is output when the object type cannot be identified. ALS: Alias AUF: Audit trail file FNC: Function IDX: Index LST: List PRC: Procedure RDA: RDAREA SCH: Schema SEQ: Sequence generator TBL: Table TRG: Trigger TYP: Data type VIW: View table |
CHAR(3) | Yes | |
PRIVILEGE_TYPE | Privilege added, deleted, or modified by the event. The NULL value is output when the privilege cannot be identified. AUD: Audit privilege CNT: CONNECT privilege DBA: DBA privilege DEL: DELETE privilege INS: INSERT privilege RDA: RDAREA usage privilege SCH: Schema definition privilege SEL: SELECT privilege UPD: UPDATE privilege |
CHAR(3) | Yes | |
PRIVILEGE_SCHEMA | User authorization identifier added, deleted, or modified by the event. Or, the authorization identifier of the user who was the target of the event. The NULL value is output when the authorization identifier cannot be identified.
|
MVARCHAR(30) | Yes | |
SECURITY_OPERAND | Values of the security audit facility operands. These are the operand values at HiRDB startup. For all cases other than startup, the NULL value is output. For details about the operand values for the security audit facility, see (2) Operand values for the security audit facility. |
VARCHAR(256) | Yes | |
AUDIT_TRAIL_TYPE | Audit trail type. A value is output to differentiate between an audit trail showing an event result and an audit trail showing the result of privilege checking during event execution. Privilege checking: NULL Event termination: E |
CHAR(1) | Yes | |
SQL_CODE | SQL code or termination code. When an audited event is terminated, an SQL code or termination code is output for the SQL event or utility (or command). For privilege checking, the NULL value is output. This code indicates the event success or failure value that is set when the event terminates. For details about each code in the audit record entry and whether the event is successful, see (3) SQL code or termination code indicating event success or failure. |
INTEGER | Yes | |
FROM_AUDFILE_NAME | Audit trail file name at the swapping source. The NULL value is output when the audit trail cannot be identified. | MVARCHAR(30) | Yes | |
TO_AUDFILE_NAME | Audit trail file name at the swapping destination. The NULL value is output when the audit trail cannot be identified. | MVARCHAR(30) | Yes | |
SECURITY_PARM_TYPE | Modification type related to the connection security facility.#3 | CHAR(4) | Yes | |
BEFORE_SECURITY_PARM | Setting value of the connection security facility before change.#3 If the setting value is fewer than 10 characters, it is padded for output with trailing blanks (setting value + blanks = 10 characters). |
CHAR(10) | Yes | |
AFTER_SECURITY_PARM | Setting value of the connection security facility after change.#3 If the setting value is fewer than 10 characters, it is padded for output with trailing blanks (setting value + blanks = 10 characters). |
CHAR(10) | Yes | |
AUDIT_TABLE_OPTION | Audit trail table option. This item is not output for privilege checking. It is output in the following cases:
V: Manipulation-target object is a view table created using an audit trail table as the base table. L: Manipulation-target object is a list created using an audit trail table as the base table. NULL value: For cases other than those listed above or for privilege checking For details about whether audit trail table options are output, see (5) Whether audit trail table options are output. |
CHAR(1) | Yes | |
ACCESS_COUNT | Number of rows searched, inserted, updated, and deleted by the user for an object (base table, view table, or list). The access count that can be acquired ranges from 0 to 2,147,483,647. If acquisition of the access count fails, the NULL value is output. For details about the access count, see (6) Details about the access count. |
INTEGER | Yes | |
SQL_SOURCE | The executed SQL statement. If multiple objects are manipulated by a single SQL statement, the SQL statement is recorded in the first audit trail, and the NULL value is output for the SQL statement in succeeding audit trails. The NULL value is also output in the following cases:
|
BINARY(2000000) | Yes | |
SQL_DATA | Either the embedded variable specified as the input for the executed SQL statement is output, or the data of the SQL descriptor area is output. If multiple objects are manipulated by a single SQL statement, the SQL statement is recorded in the first audit trail, and the NULL value is output for the SQL statement in succeeding audit trails. The NULL value is also output in the following cases:
|
BINARY(1000000) | Yes | |
USER_INFO_1 | If the embedded language DECLARE AUDIT INFO SET is declared and embedded variables are set in user information items 1 through 3, the value of each user information item is output. The NULL value is output in the following cases:
|
VARCHAR(100) | Yes | |
USER_INFO_2 | VARCHAR(100) | Yes | ||
USER_INFO_3 | VARCHAR(100) | Yes | ||
PRODUCT_INFO_1 | If HiRDB is linked to a related program product (Cosminexus Version 07-50 or later or Hitachi Application Server), the root application information from the related program product is recorded in the events targeted for audit records. If applicable information does not exist or if information cannot be identified, the NULL value is output. | VARCHAR(255) | Yes | |
PDLOAD_TIMESTAMP | Timestamp for the time when data is registered (loaded) in the audit trail table by executing the pdload command.#4 Uses the timestamp of the server machine in which the system manager is located. Executing pdload once outputs all the same values. |
TIMESTAMP(2) | Yes | |
PDLOAD_SEQNUM | Sequence number for registering data in the audit trail table each time the pdload command is executed.#4 Specifies a decimal number ranging from 1 to 10 digits (between 1 and (231- 1)) each time the pdload command is executed. If the maximum value (231- 1) is reached while the pdload command is executing, the number starts back at 1. |
INTEGER | Yes |
SELECT * FROM SQL_AUDIT_TRAIL WHERE UAP_NAME=CAST('UAP11' AS CHAR(30));
The following table provides details about event types and subtypes.
Table 24-21 Event types and subtypes
Audit event | Event type value | Event subtype value | Details |
---|---|---|---|
System administrator security events | SYS | STR | HiRDB startup |
STP | HiRDB termination | ||
MOD | Auditor registration or audit trail table creation (pdmod command) | ||
ARM | Audit trail file deletion (pdaudrm command) | ||
ABG | Audit trail collection startup (pdaudbegin command, HiRDB startup) | ||
AEN | Audit trail collection termination (pdaudend command, HiRDB termination) | ||
OVW | Start of audit trail file overwriting | ||
CLK | Transition to consecutive certification failure account lock state | ||
CUL | Release of consecutive certification failure account lock state | ||
PLK | Transition to password-invalid account lock state | ||
PUL | Release of password-invalid account lock state | ||
SPR | Modification of an operand related to the connection security facility | ||
ULK | Execution of the pdacnlck command | ||
Auditor security events | AUD | ALD | Data load to the audit trail table by the auditor (pdload command) |
ATL | Data load to the audit trail table by HiRDB (pdload command) | ||
ASW | Audit trail file swap (pdaudswap command) | ||
CRT | Audit event definition (CREATE AUDIT) | ||
DRP | Audit event deletion (DROP AUDIT) | ||
GRT | Auditor password change (GRANT AUDIT) | ||
ATB | Restart of the facility for automatically loading audit trail table data (pdaudatld -b command) | ||
ATT | Stopping of the facility for automatically loading audit trail table data (pdaudatld -t command, data loading failure) | ||
APT | Output to the audit log output file for JP1/NETM/Audit (pdaudput command) | ||
Session security events | SES | CNT | Connection to HiRDB (CONNECT statement) |
ATH | User modification (SET SESSION AUTHORIZATION statement) | ||
DIS | Disconnection from HiRDB (DISCONNECT statement) | ||
Privilege management events | PRV | GRT | User privilege addition (GRANT statement) |
Password change (adds information indicating a password change to the set modification type for the connection security facility) | |||
RVK | User privilege deletion (REVOKE statement) | ||
Object definition events | DEF | CRT | Object definition (CREATE type SQL) |
DRP | Object deletion (DROP type SQL) | ||
ALT | Object modification (ALTER type SQL) | ||
Object manipulation events | ACS | SEL | Table retrieval (SELECT statement) |
INS | Table row insertion (INSERT statement) | ||
UPD | Table row modification (UPDATE statement) | ||
DEL | Deletion of a row from a table (DELETE statement) | ||
PRG | Deletion of all rows from a table (PURGE TABLE statement) | ||
CAL | Execution of a stored procedure (CALL statement) | ||
LCK | Table lock control (LOCK TABLE statement) | ||
ASN | List creation (ASSIGN LIST statement) | ||
NXV | Return of the value generated by a sequence generator (NEXT VALUE expression) | ||
Utility manipulation event | UTL | LOD | Database load utility (pdload command) |
ORG | Database reorganization utility (pdrorg command) | ||
EXP | Dictionary import/export utility (pdexp command) | ||
pddefrev command | |||
CST | Integrity check utility (pdconstck command) |
The following table lists the operand values related to the security audit facility. The figure below that shows the data size for recording the operand values.
Table 24-22 Values of security audit facility operands
Operand | Data size | Stored value |
---|---|---|
pd_audit | 1 byte | Y or N |
pd_aud_file_name | Maximum 167 bytes | Name of HiRDB file system area used for audit trail files |
pd_aud_max_generation_size | Maximum 4 bytes | 1 to 5240 |
pd_aud_max_generation_num | Maximum 3 bytes | 2 to 200 |
pd_aud_no_standby_file_opr | Maximum 10 bytes | down or forcewrite |
pd_aud_async_buff_size | Maximum 7 bytes | 0, 4096 to 6553600 |
pd_aud_async_buff_count | Maximum 4 bytes | 1 to 6500 |
pd_aud_file_wrn_pnt | Maximum 6 bytes | 0 to 100, 0 to 99 |
pd_audit_def_buffer_size# | Maximum 7 bytes | 0 to 2000000 |
pd_aud_async_buff_retry_intvl# | Maximum 4 bytes | 0 to 1000 |
pd_aud_sql_source_size# | Maximum 7 bytes | 0 to 2000000 |
pd_aud_sql_data_size# | Maximum 7 bytes | 0 to 1000000 |
pd_aud_auto_loading# | 1 byte | Y or N |
Operand name | Specification value assumed |
---|---|
pd_audit_def_buffer_size | 0 |
pd_aud_async_buff_retry_intvl | 50 |
pd_aud_sql_source_size | 0 |
pd_aud_sql_data_size | 0 |
pd_aud_auto_loading | N |
Figure 24-9 Data format for output of security audit facility operand values
The following table provides details about the SQL codes or termination codes that indicate event success or failure.
Table 24-23 SQL code or termination code indicating event success or failure
Event | SQL code or termination code value | Meaning | Event success or failure | Remarks |
---|---|---|---|---|
Various SQLs | 0 or greater | Success | S | -- |
Negative | Failure | F | ||
pdstart | 0 | Success | S | -- |
4 | Success | S | ||
8 | Failure | F | An audit trail cannot be collected in the following cases:
|
|
pdstop | 0 | Success | S | If a failure occurred after the audit trail management server process had terminated, a successful audit trail is output. |
4 | Success | S | -- | |
8 | Failure | F | ||
pdmod (auditor registration, audit trail creation) | 0 | Success | S | -- |
8 | Failure | F | ||
pdaudrm | 0 | Success | S | -- |
8 | Failure | F | ||
pdaudbegin | 0 | Success | S | -- |
4 | Partial failure | U | ||
8 | Failure | F | An audit trail cannot be collected in the following cases:
|
|
pdaudend | 0 | Success | S | -- |
8 | Failure | F | ||
pdacunlck | 0 | Success | S | -- |
8 | Failure | F | ||
pdaudswap | 0 | Success | S | During overwriting of the audit trail file, the names of the audit trail files at the swapping source and swapping destination are output. |
8 | Failure | F | During overwriting of the audit trail file, the name of the audit trail file at the swapping source is output. The NULL value is output for the audit trail file name at the swapping destination. | |
pdload | 0 | Success | S | -- |
4 | Success | S | ||
8 | Failure | F | ||
pddefrev | 0 | Success | S | -- |
4 | Success | S | ||
8 | Failure | F | ||
12 | Failure | F | ||
pdrorg | 0 | Success | S | -- |
4 | Success | S | ||
8 | Failure | F | ||
pdexp | 0 | Success | S | -- |
4 | Success | S | ||
8 | Failure | F | ||
12 | Failure | F | ||
pdconstck | 0 | Success | S | -- |
4 | Success | S | End of warning (there is an integrity violation) | |
8 | Failure | F | -- | |
pdaudatld | 0 | Success | S | -- |
4 | Success | S | End of warning (treated as success because the facility for automatically loading data has been successfully stopped) | |
8 | Success | F | -- |
The following table provides the information that is recorded when the connection security facility is used.
Table 24-24 Information that is output when the connection security facility is used
Facility | Event type | Event subtype | Modification type | Value that is output after modification |
---|---|---|---|---|
Permitted number of consecutive certification failures | SYS | SPR | ECNT | 1-10 or NULL value |
Account lock period | LCKM | 10-44640, UNLIMITED, or NULL value | ||
Minimum number of bytes for a password | MINL | 1-15 or NULL value | ||
Authorization identifier specification prohibition | USID | RESTRICT, UNRESTRICT, or NULL value | ||
Single character-type specification prohibition | SMLN | |||
Password change# | PRV or AUD | GRT | CPWD | NULL value |
Table 24-25 Modification types that are output when a password is changed
Does a password exist for the registered user? | GRANT CONNECT, DBA, or AUDIT execution result | Modification type |
---|---|---|
Password exists. | Password change | CPWD |
Password deletion | CPWD | |
No password change | NULL value | |
Password does not exist. | Changes to Password exists. | CPWD |
Retains Password does not exist. | NULL value |
The following table shows whether audit trail table options are output.
Table 24-26 Audit trail table option output
Execution result | Failure cause | Is audit trail table option output? |
---|---|---|
Success | -- | Output |
Failure# | The target object does not exist. | Not output (NULL value) |
An error occurred because the target object is an audit trail table. | Output | |
Error other than one listed above | Output (not output when information cannot be collected) |
Legend:
--: Not applicable
The following table provides access count details.
Table 24-27 Details about the access count
Access method | Access count | |
---|---|---|
SQL | SELECT | Number of rows accessed (fetched until CLOSE was successful or failed) by the user on the result set using the SELECT statement. For block transfer, the number of rows in a block is treated as the access count. If multiple tables are specified for a query, the same access count is used for all the applicable tables. The access count is set to the NULL value in either of the following cases:
|
INSERT | Number of rows inserted | |
UPDATE | Number of rows updated | |
DELETE | Number of rows deleted | |
Utility | pdload | Data load count per table |
pdrorg | Unload count per table and reload count per table | |
pdconstck | Total number of key values resulting in limitation violation |
Table 24-28 Access count by subquery
Specified location in table | Access count | Remarks | |
---|---|---|---|
Scalar subquery | Where a value expression is permitted | NULL value | For an example, see Figure 24-16 Output example of access count (part 7) |
Row subquery | Where a row value constructor is permitted | NULL value | For an example, see Figure 24-17 Output example of access count (part 8) |
SET clause in UPDATE statement | NULL value | For an example, see Figure 24-18 Output example of access count (part 9) | |
Table subquery | Right-hand term of IN predicate | NULL value | For an example, see Figure 24-19 Output example of access count (part 10) |
Right-hand term of qualified predicate | NULL value | For an example, see Figure 24-20 Output example of access count (part 11) | |
EXISTS predicate | NULL value | For an example, see Figure 24-21 Output example of access count (part 12) | |
Derived table in FROM clause | Non-NULL value# | For an example, see Figure 24-22 Output example of access count (part 13) |
Figure 24-10 Output example of access count (part 1) through Figure 24-23 Output example of access count (part 14) show output examples of the access count when the access method is SELECT.
Figure 24-10 Output example of access count (part 1)
Figure 24-11 Output example of access count (part 2)
Figure 24-12 Output example of access count (part 3)
Note: The actual table is the same as in Figure 24-11 Output example of access count (part 2).
Figure 24-13 Output example of access count (part 4)
Note: The actual table is the same as in Figure 24-11 Output example of access count (part 2).
Figure 24-14 Output example of access count (part 5)
Figure 24-15 Output example of access count (part 6)
Note: The actual table is the same as in Figure 24-14 Output example of access count (part 5).
Figure 24-16 Output example of access count (part 7)
Note: The actual table is the same as in Figure 24-14 Output example of access count (part 5).
Figure 24-17 Output example of access count (part 8)
Note: The actual table is the same as in Figure 24-14 Output example of access count (part 5).
Figure 24-18 Output example of access count (part 9)
Note: The actual table is the same as in Figure 24-14 Output example of access count (part 5).
Figure 24-19 Output example of access count (part 10)
Note: The actual table is the same as in Figure 24-14 Output example of access count (part 5).
Figure 24-20 Output example of access count (part 11)
Note: The actual table is the same as in Figure 24-14 Output example of access count (part 5).
Figure 24-21 Output example of access count (part 12)
Note: The actual table is the same as in Figure 24-14 Output example of access count (part 5).
Figure 24-22 Output example of access count (part 13)
Note: The actual table is the same as in Figure 24-14 Output example of access count (part 5).
Figure 24-23 Output example of access count (part 14)
Note: The actual table is the same as in Figure 24-14 Output example of access count (part 5).
The following figure shows the SQL data structure.
Figure 24-24 SQL data structure
Note 1: The number in parentheses ( ) indicates the size of the area (in bytes).
Note 2: The endian format to be recorded depends on the server's OS.
The HEADER area, SQLDA (SQL descriptor area), and the input data area, which comprise SQL data, are explained below.
The following figure shows the structure of the HEADER area. The table below shows details of the individual configuration elements.
Figure 24-25 HEADER area structure
Note: The number in parentheses ( ) indicates the size of the area (in bytes).
Table 24-29 Details of the configuration elements of the HEADER area
Level number# | Area name | Data type | Size | Description | |
---|---|---|---|---|---|
1 | 1 | HEADER | -- | 16 | SQL data management information |
2 | SQLDATALEN | unsigned long | 4 | Data size of SQL data before recording | |
2 | SQLARRAY | long | 4 | Number of array elements when data for multiple lines is specified using an array type variable. If an array type variable is not used, 1 is set. | |
2 | RESERVED | char | 8 | Area reserved by the system |
The following figure shows the structure of SQLDA and the input data area. For details about the structure of SQLDA (SQL descriptor area), see the HiRDB Version 9 UAP Development Guide.
Figure 24-26 Structure of SQLDA and the input data area
Note 1: The number in parentheses ( ) indicates the size of the area (in bytes).
Note 2: The dotted-line arrows indicate offsets from SQLDA.
The structure of the input value that comprises the input data area differs according to the elements shown below. For details, see the relevant figure indicated in the Reference destination column.
Figure 24-27 Structure of input value with a simple structure (with indicator variables)
Figure 24-28 Structure of input value with a simple structure (without indicator variables)
Note: The dotted-line arrows indicate offsets from SQLDA.
Figure 24-29 Structure of input value with a repetition structure (with indicator variables)
Figure 24-30 Structure of input value with a repetition structure (without indicator variables)
Note 1: The number in parentheses ( ) indicates the size of the area (in bytes).
Note 2: The dotted-line arrows indicate offsets from SQLDA.
#1: Stores the indicator variables for the entire repetition structure.
#2: Stores the indicator variable of each element.
Figure 24-31 Structure of an input value that is a fixed-size data type and uses an array (with indicator variables)
Figure 24-32 Structure of an input value that is a fixed-size data type and uses an array (without indicator variables)
Note: The dotted-line arrows indicate offsets from SQLDA.
Figure 24-33 Structure of an input value that is a variable-size data type and uses an array (with indicator variables)
Figure 24-34 Structure of an input value that is a variable-size data type and uses an array (without indicator variables)
Note: The dotted-line arrows indicate offsets from SQLDA.
An example of SQL data that is output to an audit trail follows.
Data is added to an inventory table. The following table lists the embedded variables and data types used, as well as the content of the data:
Column name | Embedded variable | Data type | Data content |
---|---|---|---|
Product code | xpcode | char(5) | 202M |
Product name | xpname | char(17) | Polo shirt |
Color | xcol | char(3) | Red |
Unit price | xuntprc | int | 3640 |
Quantity | xgqty | int | 0 |
Quantity | igqty | short | -1 |
The following SQL statement is executed:
EXEC SQL INSERT INTO STOCK(PRODCODE,PRODNAME,COL,UNTPRC,SQTY) VALUES(:xpcode,:xpname,:xcol,:xuntprc,:xgqty:igqty);
When the SQL statement is executed, the SQL data in the audit trail is recorded as follows:
All Rights Reserved. Copyright (C) 2011, 2015, Hitachi, Ltd.