Audit log body format
The audit log formats are basically the same for the plan and the database. The log consists of a header portion, an action ID, and data sections that vary with the action type. The data is in clear text format and each data item is separated by a colon ( : ).
The log file entries are in the following format:
|
The log files contain the following information:
- timestamp
- Displays the date and time the action was performed in GMT time. The format is yyyy-mm-dd:hh-mm-ss.
- auditType
- Displays an eight-character value indicating the source of the log record. The following log types are supported:
- objectType
- Displays the type of the object that was affected by an action, from the following:
-
- DATABASE
- Database definition (for header only)
- DBCAL
- Database calendar definition
- DBDOMAIN
- Database domain definition
- DBJBSTRM
- Database Job Scheduler definition
- DBJOB
- Database job definition
- DBPARM
- Database parameter definition
- DBPROMPT
- Database prompt definition
- DBRES
- Database resource definition
- DBSEC
- Database security
- DBUSER
- Database user definition
- DBVARTAB
- Database variable table definition
- DBWKCLS
- Database workstation class definition
- DBWKSTN
- Database workstation definition
- PLAN
- Plan (for header only)
- PLDOMAIN
- Plan domain
- PLFILE
- Plan file
- PLJBSTRM
- Plan Job Scheduler
- PLJOB
- Plan job
- PLPROMPT
- Plan prompt
- PLRES
- Plan resource
- PLWKSTN
- Plan workstation
- actionType
- Displays what action was performed on the object. The appropriate values for this field are
dependent on which action is being performed.
For the plan, the <action_type> can be ADD, DELETE, MODIFY, or INSTALL.
For the database, the ADD, DELETE and MODIFY actions are recorded for workstation, workstation classes, domains, users, jobs, job streams, calendars, prompts, resources and parameters in the database.
The "actionType" field also records the installation of a new Security file. When makesec is run, HCL Workload Automation HCL Workload Automation records it as an INSTALL action for a Security definition object.
LIST and DISPLAY actions for objects are not logged.
For parameters, the command line with its arguments is logged.
- workstationName
- Displays the HCL Workload Automationworkstation from which the user is performing the action.
- userName
- Displays the logon user who performed the particular action. On Windows® operating systems, if the user who installed WebSphere Application Server Liberty Base was a domain user, for Log Types stageman and conman this field contains the fully qualified user ID domain\user.
- objectName
- Displays the fully qualified name of the object. The format of this field depends on the
object type as shown here:
- DATABASE
- N/A
- DBCAL
- <calendar>
- DBDOMAIN
- <domain>
- DBJBSTRM
- <workstation>#<job_stream>
- DBJOB
- <workstation>#<job>
- DBPARM
- <workstation>#<parameter>
- DBPROMPT
- <prompt>
- DBRES
- <workstation>#<resource>
- DBSEC
- N/A
- DBUSER
- [<workstation>#]<user>
- DBVARTAB
- <variable_table>
- DBWKCLS
- <workstation_class>
- DBWKSTN
- <workstation>
- PLAN
- N/A
- PLDOMAIN
- <domain>
- PLFILE
- <workstation>#<path>(<qualifier>)
- PLJBSTRM
- <workstation>#<job_stream_instance>
- PLJOB
- <workstation>#<job_stream_instance>.<job>
- PLPROMPT
- [<workstation>#]<prompt>
- PLRES
- <workstation>#<resource>
- PLWKSTN
- <workstation>
- actionDependentContents
-
Displays the action-dependents data fields. The format of this data is dependent on the "actionType " field.