Hitachi

JP1 Version 12 JP1/Performance Management - Agent Option for Microsoft(R) SQL Server

J.3 Action log output format

Information related to audit events is output to the Performance Management action log. One action log information file is output for one host (physical host and logical host). The action log file is output to either of the following hosts:

The following describes the format of the action log, the output destination, and the items that are output.

Organization of this subsection

(1) Output format

CALFHM x.x,output-item-1=value-1,output-item-2=value-2,...,output-item-n=value-n

To Page Top

(2) Output destination

On physical hosts

installation-folder\auditlog\

On logical hosts

environment-folder\jp1pc\auditlog\

The action log output destination can be changed in the jpccomm.ini file. For details about how to specify the jpccomm.ini file, see J.4 Settings for outputting action logs.

To Page Top

(3) Output items

There are two types of output items:

(a) Common output items

The following table lists and describes the common output items and their values. This table also includes the items and information output by PFM - Manager.

Table J‒2: Common output items in action logs

No.

Output item

Value

Explanation

Item name

Output attribute name

1

Common specification identifier

--

CALFHM

Indicates the action log format.

2

Common specification revision number

--

x.x

Revision number for managing action logs

3

Serial number

seqnum

serial-number

Serial number of the action log record

4

Message ID

msgid

KAVExxxxx-x

Message ID of the product

5

Date and time

date

YYYY-MM-DDThh:mm:ss.sssTZD#

Date, time, and time zone indication identifying when the action log was output

6

Program name

progid

JP1PFM

Name of the program for which the event occurred

7

Component name

compid

service-ID

Name of the component for which the event occurred

8

Process ID

pid

process-ID

Process ID of the process for which the event occurred

9

Location

ocp:host

  • host-name

  • IP-address

Location where the event occurred

10

Event type

ctgry

  • StartStop

  • Authentication

  • ConfigurationAccess

  • ExternalService

  • AnomalyEvent

  • ManagementAction

Category name used to classify the event output to the action log

11

Event result

result

  • Success

  • Failure

  • Occurrence

Result of the event

12

Subject identification information

subj:pid

process-ID

One of the following:

  • Process ID of a process running as a user operation

  • Process ID of the process that caused the event

  • Name of the user who caused the event

  • Identification information in a one-to-one correspondence with the user

subj:uid

account-identifier (PFM user/JP1 user)

subj:euid

effective-user-ID (OS user)

Legend:

--: None

#

T is a separator between the date and the time.

TZD is the time zone specifier. One of the following values is output.

+hh:mm: The time zone is hh:mm ahead of UTC.

-hh:mm: The time zone is hh:mm behind UTC.

z: The time zone is same as UTC.

(b) Fixed output items

The following table lists and describes the fixed output items and their values. This table also includes the items and information output by PFM - Manager.

Table J‒3: Fixed output items in action logs

No.

Output item

Value

Explanation

Item name

Output attribute name

1

Object information

obj

  • PFM - Agent-service-ID

  • added-deleted-or-updated-user-name (PFM user)

Intended object for the operation

obj:table

alarm-table-name

obj:alarm

alarm-name

2

Action information

op

  • Start

  • Stop

  • Add

  • Update

  • Delete

  • Change Password

  • Activate

  • Inactivate

  • Bind

  • Unbind

Information about the action that caused the event

3

Permissions information

auth

  • Administrator

  • Management

  • General user

    Ordinary

  • Windows

    Administrator

  • UNIX

    SuperUser

Permissions information of the user who executed the command or service

auth:mode

  • PFM authentication mode

    pfm

  • JP1 authentication mode

    jp1

  • OS user

    os

Authentication mode of the user who executed the command or service

4

Output source

outp:host

PFM - Manager-host-name

Host that output the action log

5

Instruction source

subjp:host

  • login-host-name

  • execution-host-name (only when the jpctool alarm command is executed)

Host that issued the instruction for the operation

6

Free description

msg

message

Message that is output when an alarm occurs or when an automated action is executed

Whether the fixed output items are output and what they contain differ depending on when the action log is output. The following describes the message ID and output information for each case.

■ A PFM service is started or stopped (StartStop)

  • Output host: The host on which the service is running

  • Output component: The service that was started or stopped

    Item name

    Attribute name

    Value

    Message ID

    msgid

    Started: KAVE03000-I

    Stopped: KAVE03001-I

    Action information

    op

    Started: Start

    Stopped: Stop

■ Stand-alone mode is started or terminated (StartStop)

  • Output host: PFM - Agent host

  • Output component: Agent Collector service and Agent Store service

    Item name

    Attribute name

    Value

    Message ID

    msgid

    Stand-alone mode has started: KAVE03002-I

    Stand-alone mode has terminated: KAVE03003-I
    #1

    No fixed output items are output.

    #2

    When PFM - Agent for Microsoft SQL Server is started, PFM - Agent for Microsoft SQL Server services connect to the PFM - Manager host, register node information, and obtain the latest alarm definition information. If a connection with the PFM - Manager host cannot be established, PFM - Agent for Microsoft SQL Server starts in stand-alone mode, in which only part of its functionality, such as collection of operating information, is enabled. In addition, KAVE03002-I is output to indicate that PFM - Agent for Microsoft SQL Server has started in stand-alone mode. From this point, the PFM - Agent for Microsoft SQL Server services periodically attempt to connect to PFM - Manager. When the services are able to successfully register node information or obtain definition information, PFM - Agent for Microsoft SQL Server leaves stand-alone mode and KAVE03003-I is output. In this way, the action log enables you to understand that PFM - Agent for Microsoft SQL Server was running in an imperfect condition for the period from the output of KAVE03002-I to the output of KAVE03003-I.

■ The status of the connection with PFM - Manager changes (ExternalService)

  • Output host: PFM - Agent host

  • Output component: Agent Collector service and Agent Store service

    Item name

    Attribute name

    Value

    Message ID

    msgid

    Sending of an event to PFM - Manager failed (queuing was started): KAVE03300-I

    An event was resent to PFM - Manager: KAVE03301-I

    Stand-alone mode has started: KAVE03302-I

    Restore from stand-alone: KAVE03303-I
    #1

    No fixed output items are output.

    #2

    When sending of an event to PFM - Manager fails, Agent Store service starts queuing events. The maximum capacity of the queue is 3 events. KAVE03300-I is output when sending of an event to PFM - Manager fails and queuing starts. After the connection with PFM - Manager restores and the queued events are resent, KAVE03301-I is output. From this sequence of the log, you can judge that the period when an event-sending to PFM - Manager is not real time is specifiable.

    #3

    The Agent Collector service normally sends events to PFM - Manager via the Agent Store service. The Agent Collector service directly sends events to PFM - Manager only when the Agent Store service stops for any reason. If the Agent Collector service fails to send events directly to PFM - Manager, KAVE03300-I is output. In this case, KAVE03301-I is no output because the queuing does not start. From this sequence of the log, you can judge that there are events that are not sent to PFM - Manager.

■ An automated action is executed (ManagementAction)

  • Output host: The host on which the action was executed

  • Output component: Action Handler service

    Item name

    Attribute name

    Value

    Message ID

    msgid

    The command execution process was created successfully: KAVE03500-I.

    An attempt to create a command execution process failed: KAVE03501-W.

    E-mail was send successfully: KAVE03502-I.

    Sending of e-mail failed: KAVE03503-W

    Free description

    msg

    Command execution: cmd=executed-command-line.

    E-mail sending: mailto=destination-email-address.

Note:

KAVE03500-I is output when the command execution process is successfully created. After KAVE03500-I is output, whether the command is successfully executed or not and the execution result are not output to the action log.

To Page Top

(4) Output example

The following is an example of action log output.

CALFHM 1.0, seqnum=1, msgid=KAVE03000-I, date=2007-01-18T22:46:49.682+09:00,
progid=JP1PFM, compid=QA1host01, pid=2076,
ocp:host=host01, ctgry=StartStop, result=Occurrence,
subj:pid=2076,op=Start,

To Page Top

Copyright (C) 2019, 2021,Hitachi, Ltd.

Copyright (C) 2019, 2021,Hitachi Solutions, Ltd.