Data related to audit events is output to the Performance Management action log. Action log data is output to one file for one host. The action log data is output to a file on either of the following hosts:
The following describes the format of the action log, the output destination, and the items that are output.
CALFHM x.x,output-item-1=value-1,output-item-2=value-2,...,output-item-n=value-n |
installation-folder\auditlog\
The output destination for action log data can be changed in the jpccomm.ini file. For details about how to specify the jpccomm.ini file, see I.4 Settings for outputting action log data.
There are two types of output items:
The following table lists and describes the common output items and their values. This table also includes the items and information output by PFM - Manager.
Table I-2 Common output items in action logs
No. | Output item | Value | Explanation | |
---|---|---|---|---|
Item name | Output attribute name | |||
1 | Common specification identifier | -- | CALFHM | Indicates the action log format |
2 | Common specification revision number | -- | x.x | Revision number for managing action logs |
3 | Serial number | seqnum | serial-number | Serial number of the action log record |
4 | Message ID | msgid | KAVExxxxx-x | Message ID of the product |
5 | Date and time | date | YYYY-MM-DDThh:mm:ss.sssTZD# | Date, time, and time zone indication identifying when the action log was output |
6 | Program name | progid | JP1PFM | Name of the program for which the event occurred |
7 | Component name | compid | service-ID | Name of the component for which the event occurred |
8 | Process ID | pid | process-ID | Process ID of the process for which the event occurred |
9 | Location | ocp:host |
| Location where the event occurred |
10 | Event type | ctgry |
| Category name used to classify the event output to the action log |
11 | Event result | result |
| Result of the event |
12 | Subject identification information | subj:pid | process-ID | One of the following:
|
subj:uid | account-identifier (PFM user/JP1 user) | |||
subj:euid | effective-user-ID (OS user) |
The following table lists and describes the fixed output items and their values. This table also includes the items and information output by PFM - Manager.
Table I-3 Fixed output items in action logs
No. | Output item | Value | Explanation | |
---|---|---|---|---|
Item name | Output attribute name | |||
1 | Object information | obj |
| Intended object for the operation |
obj:table | alarm-table-name | |||
obj:alarm | alarm-name | |||
2 | Action information | op |
| Information about the action that caused the event |
3 | Permissions information | auth |
| Permissions information of the user who executed the command or service |
auth:mode |
| Authentication mode of the user who executed the command or service | ||
4 | Output source | outp:host | PFM - Manager-host-name | Host that output the action log |
5 | Instruction source | subjp:host |
| Host that issued the instruction for the operation |
6 | Descriptive text | msg | message | Message that is output when an alarm occurs or when an automated action is executed |
Whether the fixed output items are output and what they contain differ depending on when the action log data is output. The following describes the message ID and output data for each case.
Item name | Attribute name | Value |
---|---|---|
Message ID | msgid | Started: KAVE03000-I Stopped: KAVE03001-I |
Action information | op | Started: Start Stopped: Stop |
Item name | Attribute name | Value |
---|---|---|
Message ID | msgid | Stand-alone mode has started: KAVE03002-I Stand-alone mode has terminated: KAVE03003-I |
Item name | Attribute name | Value |
---|---|---|
Message ID | msgid | Sending of an event to PFM - Manager failed (queuing was started): KAVE03300-I. An event was resent to PFM - Manager: KAVE03301-I. |
Item name | Attribute name | Value |
---|---|---|
Message ID | msgid | The command execution process was created successfully: KAVE03500-I. An attempt to create a command execution process failed: KAVE03501-W. Email was send successfully: KAVE03502-I. Sending of email failed: KAVE03503-W |
Free description | msg | Command execution: cmd=executed-command-line. Email sending: mailto=destination-email-address. |
Note: KAVE03500-I is output when the command execution process is created successfully. Thereafter, log data about whether the command was executed and about the execution results is not output to the action log.
The following is an example of output action log data.
CALFHM 1.0, seqnum=1, msgid=KAVE03000-I, date=2007-01-18T22:46:49.682+09:00,
progid=JP1PFM, compid=TA1host01, pid=2076,
ocp:host=host01, ctgry=StartStop, result=Occurrence,
subj:pid=2076,op=Start