Audit log body format
The audit log formats are basically the same for the plan and the database. The log consists of a timestamp, a series of tags which identify the audit, object, and action type, and data sections that vary with the action type. The data is in clear text format and each data item is separated by a comma ( , ).
The log file entries are in the following format:
|
The log files contain the following information:
- timestamp
- Displays the date and time the action was performed in GMT time. The format is yyyy-mm-dd:hh-mm-ss.
- auditType
- Displays an eight-character value indicating the source of the log record. The following log
types are supported:
- CONMAN
- conman command text
- DATABASE
- Database action
- HEADER
- The log file header
- MAKESEC
- makesec run
- PARMS
- Parameter command text
- PLAN
- Plan action
- RELEASE
- release command text
- STAGEMAN
- stageman run
- objectType
- Displays the type of the object that was affected by an action,
from the following:
- DATABASE
- Database definition (for header only)
- DBCAL
- Database calendar definition
- DBDOMAIN
- Database domain definition
- DBJBSTRM
- Database Job Scheduler definition
- DBJOB
- Database job definition
- DBPARM
- Database parameter definition
- DBPROMPT
- Database prompt definition
- DBRES
- Database resource definition
- DBSEC
- Database security
- DBUSER
- Database user definition
- DBVARTAB
- Database variable table definition
- DBWKCLS
- Database workstation class definition
- DBWKSTN
- Database workstation definition
- PLAN
- Plan (for header only)
- PLDOMAIN
- Plan domain
- PLFILE
- Plan file
- PLJBSTRM
- Plan Job Scheduler
- PLJOB
- Plan job
- PLPROMPT
- Plan prompt
- PLRES
- Plan resource
- PLWKSTN
- Plan workstation
- actionType
- Displays what action was performed on the object. The
appropriate values for this field are dependent on which action is being performed.
For the plan, the "action_type" can be ADD, DELETE, MODIFY, or INSTALL.
For the database, the ADD, GET, DELETE and MODIFY actions are recorded for workstation, workstation classes, domains, users, jobs, job streams, calendars, prompts, resources and parameters in the database.
The "actionType" field also records the installation of a new Security file. When makesec is run, HCL Workload Automation records it as an INSTALL action for a Security definition object.
LIST and DISPLAY actions for objects are not logged.
For parameters, the command line with its arguments is logged.
- workstationName
- Displays the HCL Workload Automation workstation from which the user is performing the action.
- userName
- Displays the logon user who performed the particular action. On Windows® operating systems, if the user who installed WebSphere Application Server Liberty was a domain user, for Log Types stageman and conman this field contains the fully qualified user ID domain\user.
- frameworkUser
- Displays the framework user.
- objectName
- Displays the fully qualified name of the object. The format of
this field depends on the object type as shown here:
- DATABASE
- N/A
- DBCAL
- "calendar"
- DBDOMAIN
- "domain"
- DBJBSTRM
- "workstation"#"job_stream"
- DBJOB
- "workstation"#"job"
- DBPARM
- "workstation"#"parameter"
- DBPROMPT
- "prompt"
- DBRES
- "workstation"#"resource"
- DBSEC
- N/A
- DBUSER
- ["workstation"#]"user"
- DBVARTAB
- "variable_table"
- DBWKCLS
- "workstation_class"
- DBWKSTN
- "workstation"
- PLAN
- N/A
- PLDOMAIN
- "domain"
- PLFILE
- "workstation"#"path"("qualifier")
- PLJBSTRM
- "workstation"#"job_stream_instance"
- PLJOB
- "workstation"#"job_stream_instance"."job"
- PLPROMPT
- ["workstation"#]"prompt"
- PLRES
- "workstation"#"resource"
- PLWKSTN
- "workstation"
- actionDependentContents
- Displays the action-dependent data fields. The format of this data is dependent on the "actionType" field.