Hitachi

JP1 Version 12 JP1/Automatic Operation Administration Guide 


A.6 Outputting audit log data

An audit log is a file kept for security purposes that contains information about the operations performed in a JP1/AO system. An audit log entry includes information about who executed what operation, on what subject, and at what time.

Organization of this subsection

(1) Event types for which audit log data is output

The event type is an identifier that categorizes the events output to the audit log. The following table lists the types of events output to the audit log, and what causes JP1/AO to output each type of event:

Table A‒17: Event types output to audit log

No.

Event type

Event name

Event description

Timing of output by JP1/AO

Output message

1

StartStop

Startup or shutdown

JP1/AO has started successfully or failed to start.

The hcmds64srv command is successfully executed with the start option specified.

KNAE23001-I

An attempt to execute the hcmds64srv command with the start option specified fails.

KNAE23017-E

JP1/AO has stopped.

The hcmds64srv command is executed with the stop option specified.

KNAE23002-I

2

Authentication

Identification and authentication

User authentication has failed.

Authentication fails at login.

KNAE20001-E

A user has logged in successfully, failed to log in, or logged out.

A user logs in successfully.

KNAE20002-I

A user attempts to log in but fails.

KNAE20003-W

A user logs out.

KNAE20004-I

3

ConfigurationAccess

Configuration definition

Indicates the outcome of an attempt to configure a user group.

A user group was created successfully.

KNAE20006-I

An attempt to create a user group has failed.

KNAE20007-E

A user group was edited successfully.

KNAE20008-I

An attempt to edit a user group has failed.

KNAE20009-E

A user group was deleted successfully.

KNAE20010-I

An attempt to delete a user group has failed.

KNAE20011-E

Indicates the outcome of an attempt to assign user groups.

A user was successfully assigned to a user group.

KNAE20044-I

An attempt to assign a user to a user group has failed.

KNAE20045-E

Indicates the outcome of an attempt to define a Connection Destination.

A Connection Destination was successfully defined.

KNAE20012-I

An attempt to define a Connection Definition has failed.

KNAE20013-E

A Connection Destination definition was successfully edited.

KNAE20014-I

An attempt to edit a Connection Destination definition has failed.

KNAE20015-E

A Connection Destination definition was successfully deleted.

KNAE20016-I

An attempt to delete a Connection Destination definition has failed.

KNAE20017-E

Indicates the outcome of an attempt to configure a Service Share Property.

A Service Share Property was successfully edited.

KNAE21005-I

An attempt to edit a Service Share Property failed.

KNAE21006-E

Indicates the outcome of an attempt to configure a service group.

A service group was successfully created.

KNAE20020-I

An attempt to create a service group has failed.

KNAE20021-E

A service group was successfully edited.

KNAE20022-I

An attempt to edit a service group has failed.

KNAE20023-E

A service group was successfully deleted.

KNAE20024-I

An attempt to delete a service group has failed.

KNAE20025-E

A user group was successfully assigned to a service group.

KNAE20078-I

An attempt to assign a user group to a service group has failed.

KNAE20079-E

A user group was successfully unallocated from the service group.

KNAE20080-I

An attempt to unallocate a user group from the service group has failed.

KNAE20081-E

Indicates the outcome of an attempt to execute a command.

A command (backupsystem/restoresystem/setupcluster/encryptpassword) was successfully executed.

KNAE23003-I

An attempt to execute a command (backupsystem/restoresystem/setupcluster/encryptpassword) has failed.

KNAE23004-E

Indicates the outcome of a task related to service template development.

A service template was successfully created.

KNAE20048-I

An attempt to create a service template has failed.

KNAE20049-E

A service template was successfully edited.

KNAE20050-I

An attempt to edit a service template has failed.

KNAE20051-E

A service template was successfully deleted.

KNAE20052-I

An attempt to delete a service template has failed.

KNAE20053-E

A service template was successfully copied.

KNAE20054-I

An attempt to copy a service template has failed.

KNAE20055-E

A service template was successfully built.

KNAE20056-I

An attempt to build a service template has failed.

KNAE20057-E

A service template was successfully released.

KNAE20058-I

An attempt to release a service template has failed.

KNAE20059-E

A plug-in was successfully created.

KNAE20060-I

An attempt to create a plug-in has failed.

KNAE20061-E

A plug-in was successfully edited.

KNAE20062-I

An attempt to edit a plug-in has failed.

KNAE20063-E

A plug-in was successfully copied.

KNAE20064-I

An attempt to copy a plug-in has failed.

KNAE20065-E

A plug-in was successfully deleted.

KNAE20066-I

An attempt to delete a plug-in has failed.

KNAE20067-E

Indicates the outcome of an attempt to create, edit, or delete an external resource provider.

An external resource provider was successfully created.

KNAE23066-I

An attempt to create an external resource provider has failed.

KNAE23067-E

An external resource provider was successfully edited.

KNAE23068-I

An attempt to edit an external resource provider has failed.

KNAE23069-E

An external resource provider was successfully imported.

KNAE23070-I

An attempt to import an external resource provider has failed.

KNAE23071-E

An external resource provider was successfully updated.

KNAE23072-I

An attempt to update an external resource provider has failed.

KNAE23073-E

An external resource provider was successfully deleted.

KNAE23074-I

An attempt to delete an external resource provider has failed.

KNAE23075-E

4

ContentAccess

Access to important information

Indicates the outcome of an attempt to add, edit, delete, or execute a service.

A service was successfully added.

KNAE20026-I

An attempt to add a service failed.

KNAE20027-E

A service was successfully edited.

KNAE20028-I

The counter for a service were successfully reset.

An attempt to edit a service has failed.

KNAE20029-E

An attempt to reset the counter for a service has failed.

A service was successfully deleted.

KNAE20030-I

An attempt to delete a service has failed.

KNAE20031-E

A service was successfully submitted for execution.

KNAE22014-I

An attempt to submit a service for execution has failed.

KNAE22015-E

Indicates the outcome of an attempt to suspend, resume, or cancel a task.

A task schedule was successfully suspended.

KNAE20034-I

An attempt to suspend a task schedule has failed.

KNAE20035-E

A task schedule was successfully resumed.

KNAE20036-I

An attempt to resume a task schedule has failed.

KNAE20037-E

A task schedule was successfully canceled.

KNAE20038-I

An attempt to cancel a task schedule has failed.

KNAE20039-E

Indicates the outcome of an attempt to stop execution of a task.

Execution of a task has successfully stopped.

KNAE20040-I

An attempt to stop execution of a task has failed.

KNAE20041-E

Indicates the outcome of an attempt to forcibly stop a task.

A task was forcibly stopped.

KNAE20068-I

An attempt to forcibly stop a task has failed.

KNAE20069-E

Indicates the outcome of an attempt to retry a task.

A task was successfully retried from a failed step.

KNAE20070-I

An attempt to retry a task from a failed step has failed.

KNAE20071-E

A task was successfully retried from the step after a failed step.

KNAE20072-I

An attempt to retry a task from the step after a failed step has failed.

KNAE20073-E

Indicates the outcome of an attempt to archive tasks, delete task histories, delete debug tasks, or edit a task.

Tasks were successfully archived.

KNAE20042-I

An attempt to archive a task has failed.

KNAE20046-E

Task histories were successfully deleted.

KNAE20043-I

An attempt to delete task histories has failed.

KNAE20047-E

Debug tasks were successfully deleted.

KNAE20076-I

An attempt to delete debug tasks has failed.

KNAE20077-E

Tasks were automatically archived.

KNAE21001-I

An attempt to automatically archive tasks has failed.

KNAE21003-E

Tasks were periodically archived. #

KNAE21001-I

An attempt to periodically archive tasks has failed. #

KNAE21003-E

Task histories were automatically deleted.

KNAE21002-I

An attempt to automatically delete task histories has failed.

KNAE21004-E

Debug tasks were automatically deleted.

KNAE21007-I

An attempt to automatically delete debug tasks has failed.

KNAE21008-E

A task was successfully edited.

KNAE23023-I

An attempt to edit a task has failed.

KNAE23024-E

Indicates the outcome of an attempt to debug a service template.

A service template was successfully debugged.

KNAE20074-I

An attempt to debug a service template has failed.

KNAE20075-E

Indicates the outcome of an attempt to delete a service template, import a service template, or update the service template associated with the service.

A service template was successfully deleted.

KNAE22005-I

An attempt to delete a service template has failed.

KNAE22006-E

A service template was successfully imported.

KNAE22007-I

An attempt to import a service template has failed.

KNAE22008-E

The service template associated with the service was successfully updated.

KNAE22009-I

An attempt to update the service template associated with the service has failed.

KNAE22010-E

Indicates the outcome of an attempt to edit a service property.

A service property was successfully edited.

KNAE20082-I

An attempt to edit a service property has failed.

KNAE20083-E

Indicates the outcome of an attempt to execute a command.

The submittask command was successfully executed.

KNAE23005-I

An attempt to execute the submittask command has failed.

KNAE23006-E

The stoptask command was successfully executed.

KNAE23007-I

An attempt to execute the stoptask command has failed.

KNAE23008-E

The listtasks command was successfully executed.

KNAE23009-I

An attempt to execute the listtasks command has failed.

KNAE23010-E

The listservices command was successfully executed.

KNAE23011-I

An attempt to execute the listservices command has failed.

KNAE23012-E

The importservicetemplate command was successfully executed.

KNAE23013-I

An attempt to execute the importservicetemplate command has failed.

KNAE23014-E

The deleteservicetemplate command was successfully executed.

KNAE23015-I

An attempt to execute the deleteservicetemplate command has failed.

KNAE23016-E

Tasks were successfully re-submitted using the submittask command.

KNAE23018-I

An attempt to re-submit tasks using the submittask command has failed.

KNAE23019-E

An attempt to re-submit tasks using the submittask command has partially failed.

KNAE23020-W

The listtasks command was used to successfully output detailed task information.

KNAE23021-I

An attempt to use the listtasks command to output detailed task information has failed.

KNAE23022-E

The listremoteconnections command was successfully executed.

KNAE23059-I

An attempt to execute the listremoteconnections command has failed.

KNAE23060-E

The setremoteconnection command was executed successfully.

KNAE23061-I

An attempt to execute the setremoteconnection command has failed.

KNAE23062-E

The deleteremoteconnection command was executed successfully.

KNAE23063-I

An attempt to execute the deleteremoteconnection command has failed.

KNAE23064-E

The setremoteconnection command has partially failed.

KNAE23065-W

Indicates the outcome of an attempt to create, edit, or delete the external server entry.

The external server entry was successfully created.

KNAE23035-I

An attempt to create the external server entry has failed.

KNAE23036-E

The external server entry was successfully edited.

KNAE23037-I

An attempt to edit the external server entry has failed.

KNAE23038-E

The external server entry was successfully deleted.

KNAE23039-I

An attempt to delete the external server entry has failed.

KNAE23040-E

#

The function that automatically archives tasks is internally used by the function that periodically archives tasks, so both functions are output to the same audit logs.

(2) Storage format of audit log data

The output destination for audit log data and the file names assigned to audit log files are described below.

Audit log data is not output by default. You can specify whether to output audit log data in the user-specified properties file. In this file, you can also set the output destination and other parameters for audit logs.

Output destination

JP1/AO-installation-directory\logs or /var/opt/jp1ao/logs

Output file name

Auditn.log

n is replaced with an integer representing the number of the log file.

Definition example

The following is a definition example for a situation in which audit log data is output to a shared disk used by Windows machines in a cluster configuration.

logger.Audit.enable = 1
logger.Audit.path = shared-disk\\jp1ao\\logs

(3) Output format of audit log data

This section describes the destination to which JP1/AO outputs audit log data, and the contents of entries in audit log files.

(a) Audit log output format

An audit log entry consists of the string CALFHM indicating the information is formatted as an audit log, followed by the revision number of the audit log, and finally the relevant output items.

The following figure shows the format in which audit log entries are output:

Figure A‒2: Audit log output format

[Figure]

(b) Output destination of audit log entries

For details on the output destination of audit log entries, see A.6(2) Storage format of audit log data.

(c) Output items

There are three types of information output to the audit log:

  • Header information

    The date and time when the event was output to event log or syslog, and other information derived from the operating system.

  • Common information

    Information used to categorize and monitor the event that triggered the audit log entry.

  • Event-specific information

    Detailed information about the event that triggered the audit log entry.

The following table lists the items output to the audit log:

Table A‒18: Items output to audit log

No.

Output item

Value

Type

Name

Output attribute name

1

Header information

Common specification identifier

--

CALFHM

2

Common specification revision number

--

1.0

3

Common information

Sequence number

seqnum

sequence-number

4

Message ID

msgid

message-ID

5

Date and time

date

date-and-time

6

Source program name

progid

JP1AO

7

Source component

compid

  • api

  • Command

  • GUI

  • Server

8

Source process ID

pid

process-ID

9

Location information

ocp:host/ipv4/ipv6

host-name

outp:host/ipv4/ipv6

host-name

subjp:host/ipv4/ipv6

host-name

dtp:host/ipv4/ipv6

host-name

agent:host/ipv4/ipv6

host-name

10

Event type

ctgry

  • Authentication

  • ConfigurationAccess

  • ContentAccess

  • StartStop

11

Event result

result

  • Success

  • Failure

12

Subject identification information

subj:uid

login-user-ID

subj:euid

Windows-user-ID

subj:pid

process-ID

13

Event-specific information

Object information

obj

  • autoAuth

  • autoJOB

14

Operation information

op

  • Add

  • Delete

  • Login

  • Logout

  • Start

  • Stop

  • Update

15

Log type information

logtype

BasicLog

16

Optional message

msg

message

Legend:

--: Not output.

(d) Example of audit log output

An example of audit log output is shown below.

CALFHM 1.0, seqnum=1, msgid=KNAE23001-I, date=2012-01-01T00:00:00.000+09:00, progid=JP1AO, compid=Command, pid=1234, ocp:host=host01, ctgry=StartStop, result=Success, subj:euid=user01, obj=autoJOB, op=Start, logtype=BasicLog, msg="A service has started."

(4) Configuring JP1/AO to output audit log data

You can configure audit log output by entering settings in the user-specified properties file (config_user.properties). For details on the user-specified properties file, see the JP1/Automatic Operation Configuration Guide.