Job Management Partner 1/Performance Management - Agent Option for Platform Description, User's Guide and Reference

Appendix I.3 Format of output action log data

Data related to audit events is output to the Performance Management action log. Action log data is output to one file for one host. The action log data is output to a file on either of the following hosts:

When a service is executed: The data is output to the file on the host on which the service runs.

When a command is executed: The data is output to the file on the host on which the command was executed.

The following describes the format of the action log, the output destination, and the items that are output.

Organization of this subsection

(1) Output format

(2) Output destination

(3) Output items

(4) Output example

(1) Output format

CALFHM x.x,output-item-1=value-1,output-item-2=value-2,...,output-item-n=value-n

(2) Output destination

installation-folder\auditlog\

The output destination for action log data can be changed in the jpccomm.ini file. For details about how to specify the jpccomm.ini file, see I.4 Settings for outputting action log data.

(3) Output items

There are two types of output items:

Common output items
Items that are always output by all JP1 products that output action log data

Fixed output items
Items that are optionally output by a JP1 product that outputs action log data

(a) Common output items

The following table lists and describes the common output items and their values. This table also includes the items and information output by PFM - Manager.

Table I-2 Common output items in action logs

No. Output item Value Explanation

Item name Output attribute name

1 Common specification identifier -- CALFHM Indicates the action log format

2 Common specification revision number -- x.x Revision number for managing action logs

3 Serial number seqnum serial-number Serial number of the action log record

4 Message ID msgid KAVExxxxx-x Message ID of the product

5 Date and time date YYYY-MM-DDThh:mm:ss.sssTZD^# Date, time, and time zone indication identifying when the action log was output

6 Program name progid JP1PFM Name of the program for which the event occurred

7 Component name compid service-ID Name of the component for which the event occurred

8 Process ID pid process-ID Process ID of the process for which the event occurred

9 Location ocp:host

host-name

IP-address

Location where the event occurred

10 Event type ctgry

StartStop

Authentication

ConfigurationAccess

ExternalService

AnomalyEvent

ManagementAction

Category name used to classify the event output to the action log

11 Event result result

Success

Failure

Occurrence

Result of the event

12 Subject identification information subj:pid process-ID One of the following:

Process ID of a process running as a user operation

Process ID of the process that caused the event

Name of the user who caused the event

Identification information in a one-to-one correspondence with the user

subj:uid account-identifier (PFM user/JP1 user)

subj:euid effective-user-ID (OS user)

Legend:

--: None

#

T is a separator between the date and the time.

TZD is the time zone specifier. One of the following values is output.

+hh:mm: The time zone is hh:mm ahead of UTC.

-hh:mm: The time zone is hh:mm behind UTC.

Z: The time zone is the same as UTC.

(b) Fixed output items

The following table lists and describes the fixed output items and their values. This table also includes the items and information output by PFM - Manager.

Table I-3 Fixed output items in action logs

No. Output item Value Explanation

Item name Output attribute name

1 Object information obj

PFM - Agent-service-ID

added-deleted-or-updated-user-name (PFM user)

Intended object for the operation

obj:table alarm-table-name

obj:alarm alarm-name

2 Action information op

Start

Stop

Add

Update

Delete

Change Password

Activate

Inactivate

Bind

Unbind

Information about the action that caused the event

3 Permissions information auth

Administrator
Management

General user
Ordinary

Windows
Administrator

UNIX
SuperUser

Permissions information of the user who executed the command or service

auth:mode

PFM authentication mode
pfm

JP1 authentication mode
jp1

OS user
os

Authentication mode of the user who executed the command or service

4 Output source outp:host PFM - Manager-host-name Host that output the action log

5 Instruction source subjp:host

login-host-name

execution-host-name (only when the jpctool alarm (jpcalarm) command is executed)

Host that issued the instruction for the operation

6 Descriptive text msg message Message that is output when an alarm occurs or when an automated action is executed

Whether the fixed output items are output and what they contain differ depending on when the action log data is output. The following describes the message ID and output data for each case.

n A PFM service starts or stops (StartStop)

Output host: The host on which the service is running

Output component: The service that started or stopped

Item name Attribute name Value

Message ID msgid Started: KAVE03000-I
Stopped: KAVE03001-I

Action information op Started: Start
Stopped: Stop

n Stand-alone mode starts or stops (StartStop)

Output host: PFM - Agent host

Output component: Agent Collector service and Agent Store service

Item name Attribute name Value

Message ID msgid Stand-alone mode has started: KAVE03002-I
Stand-alone mode has terminated: KAVE03003-I

Notes:

1. No fixed output items are output.

2. When PFM - Agent is started, PFM - Agent services connect to the PFM - Manager host, register node information, and obtain the latest alarm definition information. If a connection with the PFM - Manager host cannot be established, PFM - Agent starts in stand-alone mode, in which only part of its functionality, such as collection of operating information, is enabled. In addition, KAVE03002-I is output to indicate that PFM - Agent has started in stand-alone mode. From this point, the PFM - Agent services periodically attempt to connect to PFM - Manager. When the services are able to successfully register node information or obtain definition information, PFM - Agent leaves stand-alone mode and KAVE03003-I is output. In this way, the action log enables you to understand that PFM - Agent was running in an imperfect condition for the period from the output of KAVE03002-I to the output of KAVE03003-I.

n The status of the connection with PFM - Manager changes (ExternalService)

Output host: PFM - Agent host

Output component: Agent Collector service and Agent Store service

Item name Attribute name Value

Message ID msgid Sending of an event to PFM - Manager failed (queuing was started): KAVE03300-I.
An event was resent to PFM - Manager: KAVE03301-I.

Notes:

1. No fixed output items are output.

2. If the Agent Store service is unable to send an event to PFM - Manager, the Agent Store service starts queuing events, up to a maximum of three. When queuing is started after a failure to send an event, KAVE03300-I is output. When the connection with PFM - Manager is restored and all queued events have been sent, KAVE03301-I is output. In this way, the action log enables you to understand that real-time sending of events to PFM - Manager was disabled for the period from the output of KAVE03000-I to the output of KAVE03001-I.

3. The Agent Collector service usually sends events to PFM - Manager via the Agent Store service. It directly sends events to PFM - Manager only when the Agent Store service has stopped for some reason. If sending of events fails, KAVE03300-I is output, but KAVE03301-I is not output, since no events are queued. In this way, the action log enables you to understand that some events have not been sent to PFM - Manager.

n An automated action is executed (ManagementAction)

Output host: The host on which the action was executed

Output component: Action Handler service

Item name Attribute name Value

Message ID msgid The command execution process was created successfully: KAVE03500-I.
An attempt to create a command execution process failed: KAVE03501-W.
Email was send successfully: KAVE03502-I.
Sending of email failed: KAVE03503-W

Free description msg Command execution: cmd=executed-command-line.
Email sending: mailto=destination-email-address.

Note: KAVE03500-I is output when the command execution process is created successfully. Thereafter, log data about whether the command was executed and about the execution results is not output to the action log.

No.	Output item	Value	Explanation
Item name	Output attribute name
1	Common specification identifier	--	CALFHM	Indicates the action log format
2	Common specification revision number	--	x.x	Revision number for managing action logs
3	Serial number	seqnum	serial-number	Serial number of the action log record
4	Message ID	msgid	KAVExxxxx-x	Message ID of the product
5	Date and time	date	YYYY-MM-DDThh:mm:ss.sssTZD^#	Date, time, and time zone indication identifying when the action log was output
6	Program name	progid	JP1PFM	Name of the program for which the event occurred
7	Component name	compid	service-ID	Name of the component for which the event occurred
8	Process ID	pid	process-ID	Process ID of the process for which the event occurred
9	Location	ocp:host	host-name IP-address	Location where the event occurred
10	Event type	ctgry	StartStop Authentication ConfigurationAccess ExternalService AnomalyEvent ManagementAction	Category name used to classify the event output to the action log
11	Event result	result	Success Failure Occurrence	Result of the event
12	Subject identification information	subj:pid	process-ID	One of the following: Process ID of a process running as a user operation Process ID of the process that caused the event Name of the user who caused the event Identification information in a one-to-one correspondence with the user
subj:uid	account-identifier (PFM user/JP1 user)
subj:euid	effective-user-ID (OS user)

No.	Output item	Value	Explanation
Item name	Output attribute name
1	Object information	obj	PFM - Agent-service-ID added-deleted-or-updated-user-name (PFM user)	Intended object for the operation
obj:table	alarm-table-name
obj:alarm	alarm-name
2	Action information	op	Start Stop Add Update Delete Change Password Activate Inactivate Bind Unbind	Information about the action that caused the event
3	Permissions information	auth	Administrator Management General user Ordinary Windows Administrator UNIX SuperUser	Permissions information of the user who executed the command or service
auth:mode	PFM authentication mode pfm JP1 authentication mode jp1 OS user os	Authentication mode of the user who executed the command or service
4	Output source	outp:host	PFM - Manager-host-name	Host that output the action log
5	Instruction source	subjp:host	login-host-name execution-host-name (only when the jpctool alarm (jpcalarm) command is executed)	Host that issued the instruction for the operation
6	Descriptive text	msg	message	Message that is output when an alarm occurs or when an automated action is executed

Item name	Attribute name	Value
Message ID	msgid	Started: KAVE03000-I Stopped: KAVE03001-I
Action information	op	Started: Start Stopped: Stop

Item name	Attribute name	Value
Message ID	msgid	Stand-alone mode has started: KAVE03002-I Stand-alone mode has terminated: KAVE03003-I

Item name	Attribute name	Value
Message ID	msgid	Sending of an event to PFM - Manager failed (queuing was started): KAVE03300-I. An event was resent to PFM - Manager: KAVE03301-I.

Item name	Attribute name	Value
Message ID	msgid	The command execution process was created successfully: KAVE03500-I. An attempt to create a command execution process failed: KAVE03501-W. Email was send successfully: KAVE03502-I. Sending of email failed: KAVE03503-W
Free description	msg	Command execution: cmd=executed-command-line. Email sending: mailto=destination-email-address.

(4) Output example

The following is an example of output action log data.

CALFHM 1.0, seqnum=1, msgid=KAVE03000-I, date=2007-01-18T22:46:49.682+09:00,
progid=JP1PFM, compid=TA1host01, pid=2076,
ocp:host=host01, ctgry=StartStop, result=Occurrence,
subj:pid=2076,op=Start

[Contents][Back][Next]

[Trademarks]