Job Management Partner 1/Client Security Control Description, User's Guide and Operator's Guide

Appendix F.3 Audit log output format

The following describes the output format, output destination, and output items of an audit log. An example of audit log output is also shown.

Organization of this subsection

(1) Output format

(2) Output destination

(3) Output items

(4) Example of audit log output

(1) Output format

An audit log consists of the string CALFHM, indicating that the information is formatted as an audit log, followed by the revision number of the audit log, and finally the relevant output items.

The following figure shows the output format of an audit log.

Figure F-1 Output format of audit log

(2) Output destination

For details about the output destinations for audit logs, see Table F-2 Audit log file names and output destinations.

(3) Output items

The items in an audit log fall into the following two categories:

Common output items
Items common to all JP1 products that output audit logs.

Fixed output items
Items that specific JP1 products can output in audit logs.

(a) Common output items

The following table lists the values output as common output items, and the content of each item.

Table F-3 Common output items in audit logs

No. Output item Value Content

Item name Output attribute name

1 Common specification identifier -- CALFHM An ID indicating that the information is formatted as an audit log

2 Common specification revision number -- X.X The revision number used to manage the audit log

3 Sequence number seqnum sequence-number The sequence number of the audit log record

4 Message ID msgid KDSLxxxx-x The message ID from the product

5 Date and time date YYYY-MM-DDThh:mm:ss.sssTZD^# The time (including timezone) when the audit log was output

6 Generated program name progid JP1/CSC The name of the program where the event occurred

7 Generated component name compid Component name

Manager
Manager program

Policy
Policy Management window

ManagerSetup
Manager Setup window

AgentSetup
Agent Setup window

RemoteOptionSetup
Remote Option Setup window

Command
A command

Agent
Agent program

RemoteOption
Remote option program

The name of the component where the event occurred

8 Generated process ID pid process-ID The ID of the process associated with the event

9 Generated location ocp:ipv4 or ocp:host IP-address-or-host-name-of-audit-log management-server The IP address or host name of the audit log management server where the event occurred

10 Event type ctgry

StartStop

Authentication

ConfigurationAccess

ContentAccess

ManagementAction

The category to which the event output to the audit log belongs

11 Event result result

Success
The event was successful.

Failure
The event was a failure.

Occurrence
There is no distinction between success or failure for the event.

The result of the event

12 Subject identification information subj:uid or subj:euid

subj:uid
JP1/AIM user

subj:euid
OS user (Administrator)

Identification information for the user who caused the event

Legend:

--: None.

#

T is a delimiter between the date and time.

ZD specifies the timezone. One of the following is output:

+hh:mm: Indicates a timezone hh:mm ahead of UTC.

-hh:mm: Indicates a timezone hh:mm behind UTC.

Z: Indicates a timezone equivalent to UTC.

(b) Fixed output items

The following table lists the values output as fixed output items, and the content of each item.

Table F-4 Fixed output items in audit logs

No. Output item Value Content

Item name Output attribute name

1 Object information obj

SecurityInfo
Judgment result information

Policy
Policy information

Config
Configuration file

NetworkControlList
Network control list file

The name of the object

2 Action information op

Start

Stop

Login

Logout

Refer

Add

Update
(includes create)

Delete

The action that generated the event

3 Permissions information^# auth

JP1/AIM permissions

OS permissions

The AIM permission is output as the permission for JP1 products.
Administrator permission is output as the OS permission.

4 Origin of request from:ipv4 IP-address-of-request-origin The IP address of the client using the Web browser

5 Message msg A message with any content. A message describing the nature of the event

#

This item is not output if the user has inadequate permission or permission information cannot be acquired.

No.	Output item	Value	Content
Item name	Output attribute name
1	Common specification identifier	--	CALFHM	An ID indicating that the information is formatted as an audit log
2	Common specification revision number	--	X.X	The revision number used to manage the audit log
3	Sequence number	seqnum	sequence-number	The sequence number of the audit log record
4	Message ID	msgid	KDSLxxxx-x	The message ID from the product
5	Date and time	date	YYYY-MM-DDThh:mm:ss.sssTZD^#	The time (including timezone) when the audit log was output
6	Generated program name	progid	JP1/CSC	The name of the program where the event occurred
7	Generated component name	compid	Component name Manager Manager program Policy Policy Management window ManagerSetup Manager Setup window AgentSetup Agent Setup window RemoteOptionSetup Remote Option Setup window Command A command Agent Agent program RemoteOption Remote option program	The name of the component where the event occurred
8	Generated process ID	pid	process-ID	The ID of the process associated with the event
9	Generated location	ocp:ipv4 or ocp:host	IP-address-or-host-name-of-audit-log management-server	The IP address or host name of the audit log management server where the event occurred
10	Event type	ctgry	StartStop Authentication ConfigurationAccess ContentAccess ManagementAction	The category to which the event output to the audit log belongs
11	Event result	result	Success The event was successful. Failure The event was a failure. Occurrence There is no distinction between success or failure for the event.	The result of the event
12	Subject identification information	subj:uid or subj:euid	subj:uid JP1/AIM user subj:euid OS user (Administrator)	Identification information for the user who caused the event

No.	Output item	Value	Content
Item name	Output attribute name
1	Object information	obj	SecurityInfo Judgment result information Policy Policy information Config Configuration file NetworkControlList Network control list file	The name of the object
2	Action information	op	Start Stop Login Logout Refer Add Update (includes create) Delete	The action that generated the event
3	Permissions information^#	auth	JP1/AIM permissions OS permissions	The AIM permission is output as the permission for JP1 products. Administrator permission is output as the OS permission.
4	Origin of request	from:ipv4	IP-address-of-request-origin	The IP address of the client using the Web browser
5	Message	msg	A message with any content.	A message describing the nature of the event

(4) Example of audit log output

The following shows an example of the audit logs output in the process of updating policy information in JP1/CSC - Manager and performing security level judgment.

In this example, the following tasks took place:

Started JP1/CSC - Manager.

Performed user authentication.

Updated policy information.

Performed security level judgment.

Stopped JP1/CSC - Manager.

The audit logs are as follows:

Figure F-2 Content of audit logs

[Contents][Back][Next]

[Trademarks]

All Rights Reserved. Copyright (C) 2009, 2011, Hitachi, Ltd.
Copyright, patent, trademark, and other intellectual property rights related to the "TMEng.dll" file are owned exclusively by Trend Micro Incorporated