Job Management Partner 1/Performance Management - Agent Option for Platform Description, User's Guide and Reference
Data related to audit events is output to the Performance Management action log. Action log data is output to one file for one host. The action log data is output to a file on either of the following hosts:
- When a service is executed: The data is output to the file on the host on which the service runs.
- When a command is executed: The data is output to the file on the host on which the command was executed.
The following describes the format of the action log, the output destination, and the items that are output.
- Organization of this subsection
- (1) Output format
- (2) Output destination
- (3) Output items
- (4) Output example
(1) Output format
CALFHM x.x,output-item-1=value-1,output-item-2=value-2,...,output-item-n=value-n
(2) Output destination
installation-folder\auditlog\
The output destination for action log data can be changed in the jpccomm.ini file. For details about how to specify the jpccomm.ini file, see I.4 Settings for outputting action log data.
(3) Output items
There are two types of output items:
- Common output items
Items that are always output by all JP1 products that output action log data
- Fixed output items
Items that are optionally output by a JP1 product that outputs action log data
(a) Common output items
The following table lists and describes the common output items and their values. This table also includes the items and information output by PFM - Manager.
Table I-2 Common output items in action logs
No. Output item Value Explanation Item name Output attribute name 1 Common specification identifier -- CALFHM Indicates the action log format 2 Common specification revision number -- x.x Revision number for managing action logs 3 Serial number seqnum serial-number Serial number of the action log record 4 Message ID msgid KAVExxxxx-x Message ID of the product 5 Date and time date YYYY-MM-DDThh:mm:ss.sssTZD# Date, time, and time zone indication identifying when the action log was output 6 Program name progid JP1PFM Name of the program for which the event occurred 7 Component name compid service-ID Name of the component for which the event occurred 8 Process ID pid process-ID Process ID of the process for which the event occurred 9 Location ocp:host
- host-name
- IP-address
Location where the event occurred 10 Event type ctgry
- StartStop
- Authentication
- ConfigurationAccess
- ExternalService
- AnomalyEvent
- ManagementAction
Category name used to classify the event output to the action log 11 Event result result
- Success
- Failure
- Occurrence
Result of the event 12 Subject identification information subj:pid process-ID One of the following:
- Process ID of a process running as a user operation
- Process ID of the process that caused the event
- Name of the user who caused the event
- Identification information in a one-to-one correspondence with the user
subj:uid account-identifier (PFM user/JP1 user) subj:euid effective-user-ID (OS user)
- Legend:
- --: None
- #
- T is a separator between the date and the time.
- TZD is the time zone specifier. One of the following values is output.
- +hh:mm: The time zone is hh:mm ahead of UTC.
- -hh:mm: The time zone is hh:mm behind UTC.
- Z: The time zone is the same as UTC.
(b) Fixed output items
The following table lists and describes the fixed output items and their values. This table also includes the items and information output by PFM - Manager.
Table I-3 Fixed output items in action logs
No. Output item Value Explanation Item name Output attribute name 1 Object information obj
- PFM - Agent-service-ID
- added-deleted-or-updated-user-name (PFM user)
Intended object for the operation obj:table alarm-table-name obj:alarm alarm-name 2 Action information op
- Start
- Stop
- Add
- Update
- Delete
- Change Password
- Activate
- Inactivate
- Bind
- Unbind
Information about the action that caused the event 3 Permissions information auth
- Administrator
Management
- General user
Ordinary
- Windows
Administrator
- UNIX
SuperUser
Permissions information of the user who executed the command or service auth:mode
- PFM authentication mode
pfm
- JP1 authentication mode
jp1
- OS user
os
Authentication mode of the user who executed the command or service 4 Output source outp:host PFM - Manager-host-name Host that output the action log 5 Instruction source subjp:host
- login-host-name
- execution-host-name (only when the jpctool alarm (jpcalarm) command is executed)
Host that issued the instruction for the operation 6 Descriptive text msg message Message that is output when an alarm occurs or when an automated action is executed Whether the fixed output items are output and what they contain differ depending on when the action log data is output. The following describes the message ID and output data for each case.
n A PFM service starts or stops (StartStop)
- Output host: The host on which the service is running
- Output component: The service that started or stopped
Item name Attribute name Value Message ID msgid Started: KAVE03000-I
Stopped: KAVE03001-IAction information op Started: Start
Stopped: Stopn Stand-alone mode starts or stops (StartStop)
- Output host: PFM - Agent host
- Output component: Agent Collector service and Agent Store service
Item name Attribute name Value Message ID msgid Stand-alone mode has started: KAVE03002-I
Stand-alone mode has terminated: KAVE03003-I
- Notes:
- 1. No fixed output items are output.
- 2. When PFM - Agent is started, PFM - Agent services connect to the PFM - Manager host, register node information, and obtain the latest alarm definition information. If a connection with the PFM - Manager host cannot be established, PFM - Agent starts in stand-alone mode, in which only part of its functionality, such as collection of operating information, is enabled. In addition, KAVE03002-I is output to indicate that PFM - Agent has started in stand-alone mode. From this point, the PFM - Agent services periodically attempt to connect to PFM - Manager. When the services are able to successfully register node information or obtain definition information, PFM - Agent leaves stand-alone mode and KAVE03003-I is output. In this way, the action log enables you to understand that PFM - Agent was running in an imperfect condition for the period from the output of KAVE03002-I to the output of KAVE03003-I.
n The status of the connection with PFM - Manager changes (ExternalService)
- Output host: PFM - Agent host
- Output component: Agent Collector service and Agent Store service
Item name Attribute name Value Message ID msgid Sending of an event to PFM - Manager failed (queuing was started): KAVE03300-I.
An event was resent to PFM - Manager: KAVE03301-I.
- Notes:
- 1. No fixed output items are output.
- 2. If the Agent Store service is unable to send an event to PFM - Manager, the Agent Store service starts queuing events, up to a maximum of three. When queuing is started after a failure to send an event, KAVE03300-I is output. When the connection with PFM - Manager is restored and all queued events have been sent, KAVE03301-I is output. In this way, the action log enables you to understand that real-time sending of events to PFM - Manager was disabled for the period from the output of KAVE03000-I to the output of KAVE03001-I.
- 3. The Agent Collector service usually sends events to PFM - Manager via the Agent Store service. It directly sends events to PFM - Manager only when the Agent Store service has stopped for some reason. If sending of events fails, KAVE03300-I is output, but KAVE03301-I is not output, since no events are queued. In this way, the action log enables you to understand that some events have not been sent to PFM - Manager.
n An automated action is executed (ManagementAction)
- Output host: The host on which the action was executed
- Output component: Action Handler service
Item name Attribute name Value Message ID msgid The command execution process was created successfully: KAVE03500-I.
An attempt to create a command execution process failed: KAVE03501-W.
Email was send successfully: KAVE03502-I.
Sending of email failed: KAVE03503-WFree description msg Command execution: cmd=executed-command-line.
Email sending: mailto=destination-email-address.Note: KAVE03500-I is output when the command execution process is created successfully. Thereafter, log data about whether the command was executed and about the execution results is not output to the action log.
(4) Output example
The following is an example of output action log data.
CALFHM 1.0, seqnum=1, msgid=KAVE03000-I, date=2007-01-18T22:46:49.682+09:00, progid=JP1PFM, compid=TA1host01, pid=2076, ocp:host=host01, ctgry=StartStop, result=Occurrence, subj:pid=2076,op=Start
All Rights Reserved. Copyright (C) 2009, Hitachi, Ltd.