A.2 Outputting audit log entries
An audit log is a file containing information about the operations performed in a JP1/AO system. An audit log entry includes information about who executed what operation, at what time.
- Organization of this subsection
(1) Event types output to audit log
The event type is an identifier that categorizes the events output to the audit log. The following table lists the types of event output to the audit log, and when JP1/AO outputs each type of event.
|
No. |
Event type |
Event name |
Description |
When output by JP1/AO |
Output message |
|---|---|---|---|---|---|
|
1 |
StartStop |
Startup or shutdown |
JP1/AO has started successfully or has failed to start. |
A user successfully executes the hcmdssrv /start command |
KNAE23001-I |
|
A user attempts to execute the hcmdssrv /start command, but the attempt fails |
KNAE23017-E |
||||
|
JP1/AO has stopped. |
A user successfully executes the hcmdssrv /stop command |
KNAE23002-I |
|||
|
2 |
Authentication |
Identification and authentication |
User authentication has failed. |
User authentication fails at login |
KNAE20001-E |
|
A user has logged in successfully, login has failed, or a user has logged out. |
A user logs in successfully |
KNAE20002-I |
|||
|
A user attempts to log in, but the attempt fails |
KNAE20003-W |
||||
|
A user logs out successfully |
KNAE20004-I |
||||
|
3 |
ConfigurationAccess |
Configuration definition |
A user group has been configured successfully, or an attempt to configure a user group has failed. |
A user successfully creates a user group |
KNAE20006-I |
|
A user attempts to create a user group, but the attempt fails |
KNAE20007-E |
||||
|
A user successfully edits a user group |
KNAE20008-I |
||||
|
A user attempts to edit a user group, but the attempt fails |
KNAE20009-E |
||||
|
A user successfully deletes a user group |
KNAE20010-I |
||||
|
A user attempts to delete a user group, but the attempt fails |
KNAE20011-E |
||||
|
An attempt to assign a user group was successful or failed. |
A user successfully assigns a user group |
KNAE20044-I |
|||
|
A user attempts to assign a user group, but the attempt fails |
KNAE20045-E |
||||
|
An attempt to define a connection destination was successful or failed. |
A user successfully creates a connection destination |
KNAE20012-I |
|||
|
A user attempts to create a connection destination, but the attempt fails |
KNAE20013-E |
||||
|
A user successfully edits a connection destination |
KNAE20014-I |
||||
|
A user attempts to edit a connection destination, but the attempt fails |
KNAE20015-E |
||||
|
A user successfully deletes a connection destination |
KNAE20016-I |
||||
|
A user attempts to delete a connection destination, but the attempt fails |
KNAE20017-E |
||||
|
An attempt to set a shared service property was successful or failed. |
A user successfully edits a shared service property |
KNAE21005-I |
|||
|
A user attempted to edit a shared service property, but the attempt fails |
KNAE21006-E |
||||
|
An attempt to configure a resource group was successful or failed. |
A user successfully creates a resource group |
KNAE20020-I |
|||
|
A user attempts to create a resource group, but the attempt fails |
KNAE20021-E |
||||
|
A user successfully edits a resource group |
KNAE20022-I |
||||
|
A user attempts to edit a resource group, but the attempt fails |
KNAE20023-E |
||||
|
A user successfully deletes a resource group |
KNAE20024-I |
||||
|
A user attempts to delete a resource group, but the attempt fails |
KNAE20025-E |
||||
|
An attempt to execute a command was successful or failed. |
A user successfully executes a command (backupsystem/restoresystem/setupcluster/encryptpassword) |
KNAE23003-I |
|||
|
A user attempts to execute a command (backupsystem/restoresystem/setupcluster/encryptpassword), but the attempt fails |
KNAE23004-E |
||||
|
An attempt to develop a service template was successful or failed. |
A user successfully creates a service template |
KNAE20048-I |
|||
|
A user attempts to create a service template, but the attempt fails |
KNAE20049-E |
||||
|
A user successfully edits a service template |
KNAE20050-I |
||||
|
A user attempts to edit a service template, but the attempt fails |
KNAE20051-E |
||||
|
A user successfully deletes a service template |
KNAE20052-I |
||||
|
A user attempts to delete a service template, but the attempt fails |
KNAE20053-E |
||||
|
A user successfully duplicates a service template |
KNAE20054-I |
||||
|
A user attempts to duplicate a service template, but the attempt fails |
KNAE20055-E |
||||
|
A user successfully builds a service template |
KNAE20056-I |
||||
|
A user attempts to build a service template, but the attempt fails |
KNAE20057-E |
||||
|
A user successfully releases a service template |
KNAE20058-I |
||||
|
A user attempts to release a service template, but the attempt fails |
KNAE20059-E |
||||
|
A user successfully creates a plug-in |
KNAE20060-I |
||||
|
A user attempts to create a plug-in, but the attempt fails |
KNAE20061-E |
||||
|
A user successfully edits a plug-in |
KNAE20062-I |
||||
|
A user attempts to edit a plug-in, but the attempt fails |
KNAE20063-E |
||||
|
A user successfully duplicates a plug-in |
KNAE20064-I |
||||
|
A user attempts to duplicate a plug-in, but the attempt fails |
KNAE20065-E |
||||
|
A user successfully deletes a plug-in |
KNAE20066-I |
||||
|
A user attempts to delete a plug-in, but the attempt fails |
KNAE20067-E |
||||
|
4 |
ContentAccess |
Access to critical information |
An attempt to add, edit, delete, or submit a service was successful or failed. |
A user successfully adds a service |
KNAE20026-I |
|
A user attempts to add a service, but the attempt fails |
KNAE20027-E |
||||
|
A user successfully edits a service |
KNAE20028-I |
||||
|
A user attempts to edit a service, but the attempt fails |
KNAE20029-E |
||||
|
A user successfully deletes a service |
KNAE20030-I |
||||
|
A user attempts to delete a service, but the attempt fails |
KNAE20031-E |
||||
|
A user successfully submits a service |
KNAE20032-I |
||||
|
A user attempts to submit a service, but the attempt fails |
KNAE20033-E |
||||
|
An attempt to suspend, resume, or cancel a task schedule was successful or failed. |
A user successfully suspends a task schedule |
KNAE20034-I |
|||
|
A user attempts to suspend a task schedule, but the attempt fails |
KNAE20035-E |
||||
|
A user successfully resumes a task schedule |
KNAE20036-I |
||||
|
A user attempts to resume a task schedule, but the attempt fails |
KNAE20037-E |
||||
|
A user successfully cancels a task schedule |
KNAE20038-I |
||||
|
A user attempts to cancel a task schedule, but the attempt fails |
KNAE20039-E |
||||
|
An attempt to stop a task was successful or failed. |
A user successfully stops execution of a task |
KNAE20040-I |
|||
|
A user attempts to stop execution of a task, but the attempt fails |
KNAE20041-E |
||||
|
An attempt to forcibly stop a task was successful or failed. |
A user successfully performs forced stop of a task |
KNAE20068-I |
|||
|
A user attempts to forcibly stop a task, but the attempt fails |
KNAE20069-E |
||||
|
An attempt to retry a task was successful or failed. |
A user successfully retries the failed step of a task |
KNAE20070-I |
|||
|
A user attempts to retry the failed step of a task, but the attempt fails |
KNAE20071-E |
||||
|
A user successfully retries the step after the failed one of a task |
KNAE20072-I |
||||
|
A user attempts to retry the step after the failed one of a task, but the attempt fails |
KNAE20073-E |
||||
|
An attempt to archive tasks, delete task histories, and delete debug tasks were successful or failed. |
A user successfully archives tasks |
KNAE20042-I |
|||
|
A user attempts to archive tasks, but the attempt fails |
KNAE20046-E |
||||
|
A user successfully deletes task histories |
KNAE20043-I |
||||
|
A user attempts to delete task histories, but the attempt fails |
KNAE20047-E |
||||
|
A user successfully deletes a debug task |
KNAE20076-I |
||||
|
A user attempts to delete a debug task, but the attempt fails |
KNAE20077-E |
||||
|
A user successfully archives tasks automatically |
KNAE21001-I |
||||
|
A user attempts to archive tasks automatically, but the attempt fails |
KNAE21003-E |
||||
|
A user successfully deletes task histories automatically |
KNAE21002-I |
||||
|
A user attempts to delete task histories automatically, but the attempt fails |
KNAE21004-E |
||||
|
A user successfully deletes a debug task automatically |
KNAE21007-I |
||||
|
A user attempts to delete a debug task automatically, but the attempt fails |
KNAE21008-E |
||||
|
An attempt to debug a service template was successful or failed. |
A user successfully debugs a service template |
KNAE20074-I |
|||
|
A user attempts to debug a service template, but the attempt fails |
KNAE20075-E |
||||
|
An attempt to execute a command was successful or failed. |
A user successfully executes the submittask command |
KNAE23005-I |
|||
|
A user attempts to execute the submittask command, but the attempt fails |
KNAE23006-E |
||||
|
A user successfully executes the stoptask command |
KNAE23007-I |
||||
|
A user attempts to execute the stoptask command, but the attempt fails |
KNAE23008-E |
||||
|
A user successfully executes the listtasks command |
KNAE23009-I |
||||
|
A user attempts to execute the listtasks command, but the attempt fails |
KNAE23010-E |
||||
|
A user successfully executes the listservices command |
KNAE23011-I |
||||
|
A user attempts to execute the listservices command, but the attempt fails |
KNAE23012-E |
||||
|
A user successfully executes the importservicetemplate command |
KNAE23013-I |
||||
|
A user attempts to execute the importservicetemplate command, but the attempt fails |
KNAE23014-E |
||||
|
A user successfully executes the deleteservicetemplate command |
KNAE23015-I |
||||
|
A user attempts to execute the deleteservicetemplate command, but the attempt fails |
KNAE23016-E |
(2) Storage format of audit log output
The following table shows the names of the files to which JP1/AO outputs audit log entries.
|
Environment |
Output destination |
Output file name |
|---|---|---|
|
Non-cluster environment |
JP1/AO-installation-folder\logs#1 |
Auditn.log#2 |
|
Cluster environment |
shared-folder\jp1ao\logs |
- #1
-
You can change the output destination for audit logs. To change the output destination, alter the setting in a property file.
- #2
-
n is replaced with the number of the log file.
Related topics
-
Properties file (config_user.properties) in the Job Management Partner 1/Automatic Operation Configuration Guide
(3) Output format of audit log entries
This section describes the files to which JP1/AO outputs audit log entries, and the contents of these audit log entries.
(a) Audit log output format
An audit log entry consists of the string CALFHM indicating the information is formatted as an audit log, followed by the revision number of the audit log, and finally the relevant output items.
The following figure shows the format in which audit log entries are output:
|
|
![[Figure]](GRAPHICS/UG0A0010.GIF)
(b) Output destination of audit log entries
For details about the output destination for audit logs, see A.2(2) Storage format of audit log output.
(c) Output items
There are three types of information output to the audit log:
-
Header information
The date and time when the log entry was output, and other information derived from the OS.
-
Common information
Information used to categorize and monitor the event that triggered the audit log entry.
-
Event-specific information
Detailed information about the event that triggered the audit log entry.
The following table lists the items output to the audit log:
|
No. |
Output item |
Value |
||
|---|---|---|---|---|
|
Type |
Name |
Output attribute name |
||
|
1 |
Header information |
Common specification identifier |
-- |
CALFHM |
|
2 |
Common specification revision number |
-- |
1.0 |
|
|
3 |
Common information |
Sequence number |
seqnum |
sequence-number |
|
4 |
Message ID |
msgid |
message-ID |
|
|
5 |
Date and time |
date |
date-and-time |
|
|
6 |
Source program name |
progid |
JP1AO |
|
|
7 |
Source component |
compid |
|
|
|
8 |
Source process ID |
pid |
process-ID |
|
|
9 |
Location information |
ocp:host/ipv4/ipv6 |
host-name |
|
|
outp:host/ipv4/ipv6 |
host-name |
|||
|
subjp:host/ipv4/ipv6 |
host-name |
|||
|
dtp:host/ipv4/ipv6 |
host-name |
|||
|
agent:host/ipv4/ipv6 |
host-name |
|||
|
10 |
Event type |
ctgry |
|
|
|
11 |
Event result |
result |
|
|
|
12 |
Subject identification information |
subj:uid |
login-user-ID |
|
|
subj:euid |
Windows-user-ID |
|||
|
subj:pid |
process-ID |
|||
|
13 |
Event-specific information |
Object information |
obj |
|
|
14 |
Operation information |
op |
|
|
|
15 |
Log type information |
logtype |
BasicLog |
|
|
16 |
Optional message |
msg |
message |
|
- Legend
-
--: Not output.
(d) Example of audit log output
The following is an example of the information output in an audit log entry.
CALFHM 1.0, seqnum=1, msgid=KNAE23001-I, date=2012-01-01T00:00:00.000+09:00, progid=JP1AO, compid=Command, pid=1234, ocp:host=host01, ctgry=StartStop, result=Success, subj:euid=user01, obj=autoJOB, op=Start, logtype=BasicLog, msg="A service has started"
(4) Configuring JP1/AO to output audit logs
You can configure JP1/AO to output audit logs by a setting in a property file (config_user.properties). For details on the property file (config_user.properties), see the Job Management Partner 1/Automatic Operation Configuration Guide.
Related topics
-
Properties file (config_user.properties) in the Job Management Partner 1/Automatic Operation Configuration Guide