H.3 Audit log output format

This appendix explains the output format and output destination of audit log data, and the items that are output in the auditlog. This appendix also provides an audit log output example.

Organization of this subsection

(1) Audit log data output format
(2) Audit log data output destination
(3) Items output in the audit log
(4) Audit log output example

(1) Audit log data output format

Each audit log entry begins with CALFHM, which indicates the audit log format, followed by an audit log revision number and the applicable output item.

The following figure shows the format of each audit log entry.

Figure H‒1: Audit log data output format

To Page Top

(2) Audit log data output destination

Audit log data is output to the folder that was specified for Audit log entry output folder in the Server Setup dialog box. The default folder is the following:

Asset-Console-installation-folder\auditlog

For details about how to specify the audit log data output destination in the Server Setup dialog box, see the explanation of the audit log entry output folder in 7.3.4 Setting Basic Information.

To Page Top

(3) Items output in the audit log

There are two types of items that are output in the audit log: common output items and fixed output items. Each type is explained below.

Common output items

These are common items that are output for all JP1 products for which audit log data is output.
Fixed output items

These items are output individually for each JP1 product for which audit log data is output.

(a) Common output items

The following table shows the values that are output for the common output items and their description.

Table H‒2: Common output items in the audit log
No.	Output item		Value	Description
No.	Item name	Output attribute name	Value	Description
1	Common specification identifier	--	`CALFHM`	Identifier that indicates the audit log format
2	Common specification revision number	--	`X.X`	Revision number for managing the audit log
3	Sequence number	`seqnum`	Sequence number	Audit log sequence number
4	Message ID	`msgid`	`KDAMxxxx`-`x`	Message ID for each product
5	Date/time	`date`	`YYYY`-`MM`-`DDThh`:`mm`:`ss`.`sssTZD`^#	Audit log acquisition date/time and time zone
6	Generated program name	`progid`	`JP1ITDM2`	Name of the program in which the event occurred
7	Generated component name	`compid`	`ac-stu` Server setup component `ac-w3c` Asset Console's job component that is executed on IIS by a browser or other product-related program	Name of the component in which the event occurred
8	Generated process ID	`pid`	Process ID	ID of the process in which the event occurred
9	Generated location	`ocp:host`	Host name	Name of the host in which the event occurred If the host name cannot be acquired, no value is displayed.
10	Event type	`ctgry`	`ConfigurationAccess` `Authentication` `ContentAccess`	Identifiers for classifying the events that are output to the audit log
11	Event result	`result`	`Success` Success `Failure` Failure `Occurrence` Occurrence of an event that does not have success or failure classification	Result of the event that occurred
12	Subject identification information	`subj:euid`	Windows account	Information about the user who caused the event
12	Subject identification information	`subj:uid`	Asset Console user ID	Information about the user who caused the event

Legend:

--: Attribute name is not output.

#

YYYY indicates the year; MM, the month; DD, the day; hh, the hour; mm, the minute; ss, the second; and sss, the millisecond.

T separates the date from the time.

TZD is the time zone identifier. One of the following is output:

+hh:mm: Indicates that the local time is ahead of GMT by hh:mm.

-hh:mm: Indicates that the local time is behind GMT by hh:mm.

Z: Indicates that the local time is the same as GMT.

(b) Fixed output items

The following table shows the values that are output for the fixed output items and their description.

Table H‒3: Fixed output items in the audit log
No.	Output item		Value	Description
No.	Item name	Output attribute name	Value	Description
1	Object information	`obj`	`acJOB` Setup (batch system) `acAuth` Authentication (login) `acClass` Asset Console's job processing	Information about the file or database that caused the event
2	Action information	`op`^#	`Login` Login `Logout` Logout `Add` Addition `Update` Update `Delete` Deletion	Information about the user operation that caused the event
3	Table name	`obj:table`^#	`Device` `Software` `Group` `User` `Location` `Software name` `License name` `Installed software name` `Role` `Managed item` `Customize Job Windows` `Customize Job Menu`	Managed class name
4	Free description	`msg`^#	Arbitrary message	Message indicating the event contents

#: For details about the messages that are output and the related items that are set in correspondence to these messages, see H.4 Audit log messages and related output items.

To Page Top

(4) Audit log output example

The following example shows the audit log output when a user logs in to Asset Console and executes server setup.

The following operations are executed in this case:

Executing server setup.
Logging in to Asset Console.
Registering device information.
Logging out of Asset Console.

The following figure shows an example of the audit log output.

Figure H‒2: Example of audit log output

To Page Top