Audit log body format

The audit log formats are basically the same for the plan and the database. The log consists of a timestamp, a series of tags which identify the audit, object, and action type, and data sections that vary with the action type. The data is in clear text format and each data item is separated by a comma ( , ).

The log file entries are in the following format:

"timestamp":"timestamp", "auditType":"audit_type", 
"objectType":"object_type", "actionType":"action_type", 
"workstationName""workstation_name", "userName": "user_name", 
"frameworkUser": "framework_user", "objectName":"object_name"
"actionDependentContents": "action-dependent_fields"

The log files contain the following information:

timestamp
Displays the date and time the action was performed in GMT time. The format is yyyy-mm-dd:hh-mm-ss.
auditType
Displays an eight-character value indicating the source of the log record. The following log types are supported:
CONMAN
conman command text
DATABASE
Database action
HEADER
The log file header
MAKESEC
makesec run
PARMS
Parameter command text
PLAN
Plan action
RELEASE
release command text
STAGEMAN
stageman run
objectType
Displays the type of the object that was affected by an action, from the following:
DATABASE
Database definition (for header only)
DBCAL
Database calendar definition
DBDOMAIN
Database domain definition
DBJBSTRM
Database Job Scheduler definition
DBJOB
Database job definition
DBPARM
Database parameter definition
DBPROMPT
Database prompt definition
DBRES
Database resource definition
DBSEC
Database security
DBUSER
Database user definition
DBVARTAB
Database variable table definition
DBWKCLS
Database workstation class definition
DBWKSTN
Database workstation definition
PLAN
Plan (for header only)
PLDOMAIN
Plan domain
PLFILE
Plan file
PLJBSTRM
Plan Job Scheduler
PLJOB
Plan job
PLPROMPT
Plan prompt
PLRES
Plan resource
PLWKSTN
Plan workstation
actionType
Displays what action was performed on the object. The appropriate values for this field are dependent on which action is being performed.

For the plan, the "action_type" can be ADD, DELETE, MODIFY, or INSTALL.

For the database, the ADD, GET, DELETE and MODIFY actions are recorded for workstation, workstation classes, domains, users, jobs, job streams, calendars, prompts, resources and parameters in the database.

The "actionType" field also records the installation of a new Security file. When makesec is run, HCL Workload Automation records it as an INSTALL action for a Security definition object.

LIST and DISPLAY actions for objects are not logged.

For parameters, the command line with its arguments is logged.

workstationName
Displays the HCL Workload Automation workstation from which the user is performing the action.
userName
Displays the logon user who performed the particular action. On Windows® operating systems, if the user who installed WebSphere Application Server Liberty was a domain user, for Log Types stageman and conman this field contains the fully qualified user ID domain\user.
frameworkUser
Displays the framework user.
objectName
Displays the fully qualified name of the object. The format of this field depends on the object type as shown here:
DATABASE
N/A
DBCAL
"calendar"
DBDOMAIN
"domain"
DBJBSTRM
"workstation"#"job_stream"
DBJOB
"workstation"#"job"
DBPARM
"workstation"#"parameter"
DBPROMPT
"prompt"
DBRES
"workstation"#"resource"
DBSEC
N/A
DBUSER
["workstation"#]"user"
DBVARTAB
"variable_table"
DBWKCLS
"workstation_class"
DBWKSTN
"workstation"
PLAN
N/A
PLDOMAIN
"domain"
PLFILE
"workstation"#"path"("qualifier")
PLJBSTRM
"workstation"#"job_stream_instance"
PLJOB
"workstation"#"job_stream_instance"."job"
PLPROMPT
["workstation"#]"prompt"
PLRES
"workstation"#"resource"
PLWKSTN
"workstation"
actionDependentContents
Displays the action-dependent data fields. The format of this data is dependent on the "actionType" field.