I.3 Action log output format

Information related to monitored events is output to Performance Management action logs. An action log file is output for each host (physical host or logical host). The output destination hosts for action logs are as follows.

When a service is executed: Host on which the execution source service is running
When a command is executed: Host that executed the command

The output format of action logs, their output destination, and output items are explained below.

Organization of this subsection

(1) Output format
(2) Output destination
(3) Output items
(4) Output example

(1) Output format

CALFHM x.x,output-item-1 = value-1,output-item-2 = value-2,...,output-item-n = value-n

To Page Top

(2) Output destination

installation-folder\auditlog\

You can change the output destination for action logs in the jpccomm.ini file. For details about how to set up the jpccomm.ini file, see I.4 Settings for outputting action logs.

To Page Top

(3) Output items

Output items can be divided into the following two categories:

Common output items

These are common items that are output by all JP1 products that output action logs.
Fixed output items

These are optional items that are output by JP1 products that output action logs.

(a) Common output items

The table below shows the values that are output to common output items and descriptions of these items. This table also includes items that are output by PFM - Manager and their descriptions.

Table I‒2: Common output items in action logs
No.	Output item		Value	Description
No.	Item name	Attribute name that is output	Value	Description
1	Common specification identifier	--	`CALFHM`	Identifier that indicates the action log format
2	Common specification revision number	--	`x.x`	Revision number for managing action logs
3	Serial number	`seqnum`	`serial-number`	Action log record serial number
4	Message ID	`msgid`	`KAVExxxxx-x`	Product message ID
5	Date/time	`date`	`YYYY-MM-DDThh:mm:ss.sssTZD`^#	Output date/time and time zone of action log
6	Program name	`progid`	`JP1PFM`	Name of the program in which the event occurred
7	Component name	`compid`	`service-ID`	Name of the component in which the event occurred
8	Process ID	`pid`	`process-ID`	Process ID for which the event occurred
9	Location	`ocp:host`	`host-name` `IP-address`	Location where the event occurred
10	Event type	`ctgry`	`StartStop` `Authentication` `ConfigurationAccess` `ExternalService` `AnomalyEvent` `ManagementAction`	Category name for categorizing the events that are output to action logs
11	Event result	`result`	`Success` (success) `Failure` (failure) `Occurrence` (occurrence)	Event result
12	Subject identification information	`subj:pid`	`process-ID`	One of the following types of information: Process ID that runs based on user operation Process ID that caused the event User name that caused the event Identification information assigned to users on a 1:1 basis
		`subj:uid`	`account-identifier` (PFM user/JP1 user)
		`subj:euid`	`effective-user-ID` (OS user)

Legend:

--: None

#

T is a delimiter between date and time.

TZD is a time zone specifier and one of the following is output:

+hh:mm: Indicates that the time is hh:mm ahead of UTC.

-hh:mm: Indicates that the time is hh:mm behind UTC.

Z: Indicates that the time is the same as UTC.

(b) Fixed output items

The table below shows the values that are output to fixed output items, and descriptions of these items. This table also includes items that are output by PFM - Manager and their descriptions.

Table I‒3: Fixed output items in action logs
No.	Output item		Value	Description
No.	Item name	Attribute name that is output	Value	Description
1	Object information	`obj`	`PFM-RM-service-ID` `added-deleted-or-updated-user-name` (PFM user)	Target of operation
		`obj:table`	`alarm-table-name`
		`obj:alarm`	`alarm-name`
2	Action information	`op`	`Start` (start) `Stop` (stop) `Add` (add) `Update` (update) `Delete` (delete) `Change Password` (password change) `Activate` (activate) `Inactivate` (inactivate) `Bind` (bind) `Unbind` (unbind)	Information on the action that caused the event
3	Permissions information	`auth`	Management user `Management` Ordinary user `Ordinary` Windows `Administrator` UNIX `SuperUser`	Permissions information about the user who performed the operation
3	Permissions information	`auth:mode`	PFM authentication mode `pfm` JP1 authentication mode `jp1` OS user `os`	Authentication mode of the user who performed the operation
4	Output source location	`outp:host`	`PFM-Manager-host-name`	Action log output source host
5	Location that issued the instruction	`subjp:host`	`login-source-host-name` `target-host` (only when the `jpctool alarm` (`jpcalarm`) command is executed)	Host that issued the operation instruction
6	Free description	`msg`	`message`	Message that is output when an alarm occurs or an automatic action is executed

Depending on the output trigger, some fixed output items are output while others are not, and the content of the output items also varies. Message IDs and the content of fixed output items are explained below for each output trigger.

■ PFM service start/stop (StartStop)

Output host: Host on which the service is running

Output component: Service that executes start/stop

Item name	Attribute name	Value
Message ID	`msgid`	Start: `KAVE03000-I` Stop: `KAVE03001-I`
Action information	`op`	Start: `Start` Stop: `Stop`

Item name

Attribute name

Value

Message ID

msgid

Start: KAVE03000-I

Stop: KAVE03001-I

Action information

op

Start: Start

Stop: Stop

■ Stand-alone mode start/stop (StartStop)

Output host: PFM - RM host

Output component: Remote Monitor Collector service or Remote Monitor Store service

Item name	Attribute name	Value
Message ID	`msgid`	When the stand-alone mode starts: `KAVE03002-I` When the stand-alone mode stops: `KAVE03003-I`

Item name

Attribute name

Value

Message ID

msgid

When the stand-alone mode starts: KAVE03002-I

When the stand-alone mode stops: KAVE03003-I

Note 1: Fixed output items are not output.

Note 2: When a service of PFM - RM for Virtual Machine starts, it connects to the PFM - Manager host to register node information and collect the latest alarm definition information. If the service cannot connect to the PFM - Manager host, the service starts in the mode that enables only some functions such as operating information collection (stand-alone mode). In such a case, to indicate the stand-alone mode, message KAVE03002-I is issued. Thereafter, the service tries to connect to PFM - Manager at specified intervals, and if it succeeds in registering the node information and collecting the definition information, it recovers from the stand-alone mode, and message KAVE03003-I is issued. Therefore, based on this action log, you can know that PFM - RM for Virtual Machine has started in an incomplete state as long as messages KAVE03002-I and KAVE03003-I are being issued.

■ Change in the status of connection with PFM - Manager (ExternalService)

Output host: PFM - RM host

Output component: Remote Monitor Collector service or Remote Monitor Store service

Item name	Attribute name	Value
Message ID	`msgid`	Sending of an event to PFM - Manager failed (queuing has started): `KAVE03300-I` Resending of an event to PFM - Manager was completed: `KAVE03301-I`

Item name

Attribute name

Value

Message ID

msgid

Sending of an event to PFM - Manager failed (queuing has started): KAVE03300-I

Resending of an event to PFM - Manager was completed: KAVE03301-I

Note 1: Fixed output items are not output.

Note 2: If the Remote Monitor Store service fails to send an event to PFM - Manager, it starts event queuing, and from then on, a maximum of 3 cases are accumulated in the queue for each event. Message KAVE03300-I is issued when sending of the event fails and queuing begins. After the connection with PFM - Manager is restored, when sending of the queued event is completed, message KAVE03301-I is issued. Based on this action log, you can know that sending of the event to PFM - Manager did not succeed on a real-time basis as long as messages KAVE03300-I and KAVE03301-I are being issued.

Note 3: The Remote Monitor Collector service normally sends an event to PFM - Manager via the Remote Monitor Store service. Only when the Remote Monitor Store service is stopped for some reason, the event is sent directly to PFM - Manager. But if sending fails, message KAVE03300-I is issued. In this case, queuing does not start, and therefore message KAVE03301-I is not issued. Based on this action log, you know that there is an event that was not able to be sent to PFM - Manager.

■ Execution of automatic action (ManagementAction)

Output host: Host that executed the action

Output component: Action Handler service

Item name	Attribute name	Value
Message ID	`msgid`	Command execution process generation succeeded: `KAVE03500-I` Command execution process generation failed: `KAVE03501-W` Email transmission succeeded: `KAVE03502-I` Email transmission failed: `KAVE03503-W`
Free description	`msg`	Command execution: `cmd =` `executed-command-line` Email transmission: `mailto =` `destination-mail-address`

Item name

Attribute name

Value

Message ID

msgid

Command execution process generation succeeded: KAVE03500-I

Command execution process generation failed: KAVE03501-W

Email transmission succeeded: KAVE03502-I

Email transmission failed: KAVE03503-W

Free description

msg

Command execution: cmd = executed-command-line

Email transmission: mailto = destination-mail-address

Note: When a command execution process is successfully generated, message KAVE03500-I is issued. Thereafter, neither a log indicating whether the command was executed nor an execution result log is output to the action log.

To Page Top

(4) Output example

An action log output example follows.

CALFHM 1.0, seqnum = 1, msgid = KAVE03000-I, date = 2007-01-18T22:46:49.682 + 09:00,
progid = JP1PFM, compid = 8A1host01, pid = 2076,
ocp:host = host01, ctgry = StartStop, result = Occurrence,
subj:pid = 2076,op = Start

To Page Top