Appendix J.3 Action log output format

Information related to audit events is output to the Performance Management action log. One action log information file is output for one host (physical host and logical host). The action log file is output to either of the following hosts:

The following describes the format of the action log, the output destination, and the items that are output.

Organization of this subsection
(1) Output format
(2) Output destination
(3) Output items
(4) Output example

(1) Output format

CALFHM x.x,output-item-1=value-1,output-item-2=value-2,...,output-item-n=value-n

(2) Output destination

On physical hosts
installation-folder\auditlog\
On logical hosts
environment-folder\jp1pc\auditlog\

The action log output destination can be changed in the jpccomm.ini file. For details about how to specify the jpccomm.ini file, see J.4 Settings for outputting action logs.

(3) Output items

There are two types of output items:

(a) Common output items

The following table lists and describes the common output items and their values. This table also includes the items and information output by PFM - Manager.

Table J-2 Common output items in action logs

No.Output itemValueExplanation
Item nameOutput attribute name
1Common specification identifier--CALFHMIndicates the action log format.
2Common specification revision number--x.xRevision number for managing action logs
3Serial numberseqnumserial-numberSerial number of the action log record
4Message IDmsgidKAVExxxxx-xMessage ID of the product
5Date and timedateYYYY-MM-DDThh:mm:ss.sssTZD#Date, time, and time zone indication identifying when the action log was output
6Program nameprogidJP1PFMName of the program for which the event occurred
7Component namecompidservice-IDName of the component for which the event occurred
8Process IDpidprocess-IDProcess ID of the process for which the event occurred
9Locationocp:host
  • host-name
  • IP-address
Location where the event occurred
10Event typectgry
  • StartStop
  • Authentication
  • ConfigurationAccess
  • ExternalService
  • AnomalyEvent
  • ManagementAction
Category name used to classify the event output to the action log
11Event resultresult
  • Success
  • Failure
  • Occurrence
Result of the event
12Subject identification informationsubj:pidprocess-IDOne of the following:
  • Process ID of a process running as a user operation
  • Process ID of the process that caused the event
  • Name of the user who caused the event
  • Identification information in a one-to-one correspondence with the user
subj:uidaccount-identifier (PFM user/JP1 user)
subj:euideffective-user-ID (OS user)
Legend:
--: None
#
T is a separator between the date and the time.
TZD is the time zone specifier. One of the following values is output.
+hh:mm: The time zone is hh:mm ahead of UTC.
-hh:mm: The time zone is hh:mm behind UTC.
z: The time zone is same as UTC.

(b) Fixed output items

The following table lists and describes the fixed output items and their values. This table also includes the items and information output by PFM - Manager.

Table J-3 Fixed output items in action logs

No.Output itemValueExplanation
Item nameOutput attribute name
1Object informationobj
  • PFM - RM-service-ID
  • added-deleted-or-updated-user-name (PFM user)
Intended object for the operation
obj:tablealarm-table-name
obj:alarmalarm-name
2Action informationop
  • Start
  • Stop
  • Add
  • Update
  • Delete
  • Change Password
  • Activate
  • Inactivate
  • Bind
  • Unbind
Information about the action that caused the event
3Permissions informationauth
  • Administrator
    Management
  • General user
    Ordinary
  • Windows
    Administrator
  • UNIX
    SuperUser
Permissions information of the user who executed the command or service
auth:mode
  • PFM authentication mode
    pfm
  • JP1 authentication mode
    jp1
  • OS user
    os
Authentication mode of the user who executed the command or service
4Output sourceoutp:hostPFM - Manager-host-nameHost that output the action log
5Instruction sourcesubjp:host
  • login-host-name
  • execution-host-name (only when the jpctool alarm command is executed)
Host that issued the instruction for the operation
6Free descriptionmsgmessageMessage that is output when an alarm occurs or when an automated action is executed

Whether the fixed output items are output and what they contain differ depending on when the action log is output. The following describes the message ID and output information for each case.

A PFM service is started or stopped (StartStop)
Stand-alone mode is started or terminated (StartStop)
The status of the connection with PFM - Manager changes (ExternalService)
An automated action is executed (ManagementAction)
Note:
KAVE03500-I is output when the command execution process is successfully created. After KAVE03500-I is output, whether the command is successfully executed or not and the execution result are not output to the action log.

(4) Output example

The following is an example of action log output.

CALFHM 1.0, seqnum=1, msgid=KAVE03000-I, date=2007-01-18T22:46:49.682+09:00,
progid=JP1PFM, compid=OA1host01, pid=2076,
ocp:host=host01, ctgry=StartStop, result=Occurrence,
subj:pid=2076,op=Start,