Audit logs are output in the CALFHM format, which indicates the audit log format, audit log revision number, and applicable output items, in that order.

The following figure shows the audit log output format.

Figure C-1 Audit log output format

Audit logs are output to the directory specified on the Audit Log page during setup of JP1/ Software Distribution Manager.

For details about how to use the Audit Log page to specify the audit log output destination, see 4.2.21 Audit Log page in the manual Setup Guide.

There are two types of output items, common and specific, as explained below:

• Common output items
  Items output in common by all JP1 products that output audit logs.
  
• Specific output items
  Items output by a particular JP1 product that outputs audit logs.
  

(a) Common output items

The following table shows the values and contents of the common output items.

Table C-2 Common output items for audit logs

No.	Output item		Value	Contents
	Item name	Output attribute
1	Common specification identifiers	--	CALFHM	Identifier that indicates the format of the audit log
2	Common specification revision number	--	X.X	Revision number used to manage the audit log
3	Sequence number	Seqnum	Sequence number	Sequence number of the audit log
4	Message ID	msgid	KDSDxxx-x	Message ID for each product
5	Date/time	date	YYYY-MM-DDThh:mm:ss.sssTZD#1	Date/time at which the audit log was acquired and the time zone
6	Generated program name	progid	JP1/NETM/DM	Event program name
7	Generated component name	compid	Menu name of Software Distribution Manager folder: JP1_DM_SERVICE Remote Install Server JP1_DM_SETUP Setup JP1_DM_DBMANAGER Database Manager JP1_DM_NETMDM Remote Installation Manager JP1_DM_DMIVVW Inventory Viewer JP1_DM_DMCSVUTY CSV output utility JP1_DM_DMUNARC Unarchiver JP1_DM_DMPACK Packager Window name: JP1_DM_DMDRYSTP Host search JP1_DM_DMSMID Software operation information JP1_TEMPLATEVIEW Template management JP1_DM_DPTVIEW Update management#2 Command name: JP1_DM_DCMCOLL Collect files JP1_DM_DCMCSVU Export to a CSV-formatted file JP1_DM_DCMDICE Export a software inventory dictionary JP1_DM_DCMDICI Import a software inventory dictionary JP1_DM_DCMGPMNT Apply policies to all hosts JP1_DM_DCMHSTWO Detect a host on which JP1/Software Distribution is not installed JP1_DM_DCMINST Create and execute a job JP1_DM_DCMJBRM Delete a job JP1_DM_DCMJEXE Execute a job JP1_DM_DCMMONRST Store operating information in a database JP1_DM_DCMPACK Execute a package JP1_DM_DCMPKGET Acquire a backup of a package JP1_DM_DCMPKPUT Restore a package from its backup JP1_DM_DCMPKRM Delete a package JP1_DM_DCMRMGEN Delete a job definition JP1_DM_DCMRTRY Re-execute a job JP1_DM_DCMSTAT Acquire the job execution status JP1_DM_DCMSTDIV Load offline machine information JP1_DM_DCMSTSW Monitor the job execution status JP1_DM_DCMSUSP Stop and restart a file transfer JP1_DM_DCMUIDI Batch-enter the user inventory JP1_DM_DCMWSUS Register and synchronize computer groups JP1_DM_DCMADSYNC Establish directory linkage Batch command name: JP1_DM_NETMDB_UNLOAD Making a database transfer backup JP1_DM_NETMDB_RELOAD Restoration from database transfer backup JP1_DM_NETMDB_START Database startup JP1_DM_NETMDB_STOP Database stop JP1_DM_NETMDB_BACKUP Making a database backup JP1_DM_NETMDB_REORGANIZATION Database re-organization JP1_DM_NETMDB_RECLAIM Release used free pages in database JP1_DM_NETMFILE_BACKUP Acquire a backup of operation history and package files JP1_DM_NETMFILE_RESTORE Restore operation history and package files from their backup files	Menu name, window name, and command name of the Software Distribution Manager folder where the event was detected
8	Generated process ID	pid	Process ID	Process ID from which event occurrence was detected
9	Generated location	ocp:host	Host name	Name of host on which event occurred. If the host name cannot be obtained, a hyphen (-) is output.
10	Event type	ctgry	StartStop Authentication Failure ContentAccess	Identifier used to classify events output to audit logs
11	Event result	result	Success (successful) Failure (failure) Occurrence (occurrence of an event for which there is no success or failure classification)	Result of event that occurred
12	Subject identification information#3	subj:uid	JP1 user ID	Information about user associated with event that occurred
		subj:pid	Process ID	Information about process associated with event that occurred

Legend:

--: No attribute is output

#1

YYYY: year, MM: month, DD: day, hh: hour, mm: minute, ss: second, sss: millisecond

T is the delimiter between the date and the time.

TZD indicates the time zone's time differential. One of the following is output:

+hh:mm: Indicates that the time is ahead of Coordinated Universal Time (UTC) by the indicated number of hours and minutes.

-hh:mm: Indicates that the time is behind Coordinated Universal Time (UTC) by the indicated number of hours and minutes.

Z: Indicates that the time is the same as Coordinated Universal Time (UTC).

#2

No audit logs are output for operations performed from Task Scheduler.

#3

If the event is not related to the user or if user management is not used, the process ID is output.

(b) Specific output items

The following tables show the values and contents of the specific output items.

Table C-3 Specific output items for audit logs

No.	Output item		Value	Contents
	Item name	Output attribute
1	Action information	op	DMPK_REG Package registration DMPKJOB_ACT Execution of Install package job or Send package, allow client to choose job.	Information about the user operation that caused the event to occur. Operation information that does not correspond to the value is not output.
2	Permissions information	auth	JP1_DM_Admin System administrator JP1_DM_Deploy Distribution management user JP1_DM_Inventory Asset management user JP1_DM_Observe System-monitoring user JP1_DM_Collect Collection management user JP1_DM_Guest User who browses information	User permission used to execute user authentication for JP1/Base. Operation information that does not correspond to the value is not output.
3	Free description	msg	Any message	Message indicating the nature of the event

The following is an output example in which you start Remote Installation Manager from JP1/Software Distribution Manager to create a host.

To create the host:

1. Start Remote Installation Manager.
2. Execute user authentication.
3. Create a new host.
4. Quit Remote Installation Manager.

The contents of the audit log are shown in the following figure.

Figure C-2 Contents of audit log