B.3 Output format of audit log information
The following describes the output format, output destination, and output items of an audit log entry. Also shown is an example of audit log output.
- Organization of this subsection
(1) Audit log output format
An audit log entry consists of the string CALFHM indicating the information is formatted as an audit log, followed by the revision number of the audit log, and finally the relevant output items.
The following figure shows the output format of audit log information.
(2) Audit log output destination
Audit log information is output to the following directory:
- Audit log output destination:
-
JP1/IT-Desktop-Management 2 - Manager-installation-directory\mgr\log
(3) Output items
The items in an audit log fall into the following two categories:
-
Common output items
Items common to all JP1 products that output audit log data.
-
Fixed output items
Optional items each JP1 product can output as audit log data.
(a) Common output items
The following table lists the values output as common output items, and describes each item.
No. |
Output item |
Value |
Description |
|
---|---|---|---|---|
Item name |
Output attribute name |
|||
1 |
Common specification identifier |
-- |
CALFHM |
An ID indicating that the information is formatted as an audit log. |
2 |
Common specification revision number |
-- |
1.0 |
The revision number used to manage the audit log. |
3 |
Sequence number |
seqnum |
sequence-number |
The sequence number of the audit log entry. |
4 |
Message ID |
msgid |
message-ID |
The message ID of the product. |
5 |
Date and time |
date |
YYYY-MM-DDThh:mm:ss.sssTZD# |
The date and time at which the audit log was acquired, and the time zone. |
6 |
Generated program name |
progid |
JP1ITDM2 |
The name of the program that generated the event. |
7 |
Generated component name |
compid |
DistributionManager The following commands and functions can generate audit log entries: Menu items in the JP1_IT Desktop Management 2 - Manager or JP1_IT Desktop Management 2 - Agent folder:
Commands:
|
The name of the function that generated the event. |
8 |
Generated process ID |
pid |
process-ID |
The ID of the process where the event occurred. |
9 |
Generated location |
ocp:host |
host-name |
The host name of the host where the event occurred. If the host name could not be acquired, a hyphen (-) is output. |
10 |
Event type |
ctgry |
|
The category to which the event output to the audit log belongs. |
11 |
Event result |
result |
|
The result of the event. |
12 |
Subject identification information |
subj:uid |
The user account or Administrator |
Information about the user associated with the event. |
subj:pid |
process-ID |
Information about the process that caused the event |
(b) Fixed output items
The following table lists the values output as fixed output items, and describes each item.
No. |
Output item |
Value |
Description |
|
---|---|---|---|---|
Item name |
Output attribute name |
|||
1 |
Action information |
op |
|
Information about the user operation that caused the event to occur. Information is not output for operations that do not correspond to these values. |
2 |
Free description |
msg |
Any message |
A message describing the event. |
(4) Example of audit log output
The following shows an example of the audit log data output in the process of starting Remote Installation Manager in JP1/IT Desktop Management 2 - Manager and creating a host.
In this example, a host was created by the following procedure:
-
Start Remote Installation Manager.
-
Perform user authentication.
-
Execute a job to create a new host.
-
Exit Remote Installation Manager.
The audit log data output during this process is as follows: