Audit log body format

The audit log formats are basically the same for the plan and the database. The log consists of a header portion, an action ID, and data sections that vary with the action type. The data is in clear text format and each data item is separated by a colon ( : ).

The log file entries are in the following format:

"timestamp":"timestamp", "auditType":"audit_type", 
"objectType":"object_type", "actionType":"action_type", 
"workstationName""workstation_name", "userName": "user_name", 
"frameworkUser": "framework_user", "objectName":"object_name"
"actionDependentContents": "action-dependent_fields"

The log files contain the following information:

timestamp

Displays the date and time the action was performed in GMT time. The format is yyyy-mm-dd:hh-mm-ss.

auditType

Displays an eight-character value indicating the source of the log record. The following log types are supported:

CONMAN

conman command text

DATABASE

Database action

HEADER

The log file header

MAKESEC

makesec run

PARMS

Parameter command text

PLAN

Plan action

RELEASE

release command text

STAGEMAN

stageman run

objectType

Displays the type of the object that was affected by an action, from the following:

DATABASE

Database definition (for header only)

DBCAL

Database calendar definition

DBDOMAIN

Database domain definition

DBJBSTRM

Database Job Scheduler definition

DBJOB

Database job definition

DBPARM

Database parameter definition

DBPROMPT

Database prompt definition

DBRES

Database resource definition

DBSEC

Database security

DBUSER

Database user definition

DBVARTAB

Database variable table definition

DBWKCLS

Database workstation class definition

DBWKSTN

Database workstation definition

PLAN

Plan (for header only)

PLDOMAIN

Plan domain

PLFILE

Plan file

PLJBSTRM

Plan Job Scheduler

PLJOB

Plan job

PLPROMPT

Plan prompt

PLRES

Plan resource

PLWKSTN

Plan workstation

actionType

Displays what action was performed on the object. The appropriate values for this field are dependent on which action is being performed.

For the plan, the <action_type> can be ADD, DELETE, MODIFY, or INSTALL.

For the database, the ADD, DELETE and MODIFY actions are recorded for workstation, workstation classes, domains, users, jobs, job streams, calendars, prompts, resources and parameters in the database.

The "actionType" field also records the installation of a new Security file. When makesec is run, HCL Workload Automation HCL Workload Automation records it as an INSTALL action for a Security definition object.

LIST and DISPLAY actions for objects are not logged.

For parameters, the command line with its arguments is logged.

workstationName

Displays the HCL Workload Automationworkstation from which the user is performing the action.

userName

Displays the logon user who performed the particular action. On Windows® operating systems, if the user who installed WebSphere Application Server Liberty Base was a domain user, for Log Types stageman and conman this field contains the fully qualified user ID domain\user.

objectName

Displays the fully qualified name of the object. The format of this field depends on the object type as shown here:

DATABASE

N/A

DBCAL

<calendar>

DBDOMAIN

<domain>

DBJBSTRM

<workstation>#<job_stream>

DBJOB

<workstation>#<job>

DBPARM

<workstation>#<parameter>

DBPROMPT

<prompt>

DBRES

<workstation>#<resource>

DBSEC

N/A

DBUSER

[<workstation>#]<user>

DBVARTAB

<variable_table>

DBWKCLS

<workstation_class>

DBWKSTN

<workstation>

PLAN

N/A

PLDOMAIN

<domain>

PLFILE

<workstation>#<path>(<qualifier>)

PLJBSTRM

<workstation>#<job_stream_instance>

PLJOB

<workstation>#<job_stream_instance>.<job>

PLPROMPT

[<workstation>#]<prompt>

PLRES

<workstation>#<resource>

PLWKSTN

<workstation>

actionDependentContents

Displays the action-dependents data fields. The format of this data is dependent on the "actionType " field.