Audit log information format (Basic information)

Audit Log User Guide for VSP E Series

Version
93-06-8x
Audience
anonymous
Part Number
MK-97HM85024-17

The same format of the audit log information (Basic information) is used by RFC3164-compliant and RFC5424-compliant. Output values of audit log information (basic information) differ by the type of the history.



Type of history

Patten of output value

Operations configured by the management client or Maintenance PC

Pattern 1

Execution logs of remote maintenance API

Operations on encryption keys for encrypting stored data

Commands that the storage system received from hosts or computers using CCI

Pattern 2

Operations on Hitachi Storage Advisor Embedded

Events on encryption keys for encrypting stored data

Mark

Item

Pattern 1

Pattern 2

A

External interface name

  • RMI AP: Logs of Remote Method Invocation Application (RMI AP)
  • MPC: Logs of Maintenance PC
  • GUM: Logs of Maintenance Utility
  • RM AP: Logs of Remote Maintenance Application (RM AP)
  • GUM AP: Logs of Maintenance Utility Application (GUM AP)
  • No output for Create File (Event name) of AuditLog (Function name).
  • In-band OPEN: Host
  • Out-of-band: Computer using CCI, or Hitachi Storage Advisor Embedded
  • No output for events on encryption keys

B

Task name

  • The task name is output to an operation log that is registered in the Device Manager - Storage Navigator tasks.
  • No task name is output to an operations log that is not registered in the Device Manager - Storage Navigator tasks.

No output.

C

Function name

The abbreviation of the name of the function performed during the setting operation from Device Manager - Storage Navigator, RMI AP or RM AP is output.

The name of the maintenance window is output for the setting operation by Maintenance PC.

For the relation between the function and the abbreviation of the output function name, see Device Manager - Storage Navigator and Maintenance PC operation.

Commands received from the host are output as follows.

  • User Auth: User authentication command
  • Config Command: Configuration change command
  • CHAP: Device authentication command

"ENC" is output for events on encryption keys.

D

Operation name or event name

The operation name or event name that is unique to each function is output.

For the relation between the GUI operation of each program product and the operation name output to audit logs, see Using Actions menu and the following sections. For the relation between the operation on Maintenance PC and the operation name output to audit logs, see Using Maintenance button and the following sections.

For details of the event names, seeReproducing/losing Audit log.

When the function name is "User Auth", the received command is output as follows.

  • Login: Receipt of the login command
  • Logout: Receipt of the logout command

No output when commands, except for login or logout, are received.

When the function name is "ENC", the event name is output.

E

Parameter

When the configuration operation includes a parameter setting, the operation parameter is output.

No detailed information is output to the parameter part of the basic information.

No output.

F

Result of operation or receiving commands

The results of the operations are output as follows.

  • Normal end: The operation ended normally.
  • Warning (xxxx-yyyyy): The operation partly ended abnormally or was aborted.
  • Error (xxxx-yyyyy): The operation ended abnormally. "xxxxx-yyyyyy" shows an error code.

    See Hitachi Device Manager - Storage Navigator Messages for the error codes.

    No error code is added to the result of the operation that is not a Device Manager - Storage Navigator operation.

The results of receiving commands are output as follows.

  • Normal end: User authentication or CHAP authentication ended normally, or the event on encryption keys occurs.
  • Error: User authentication or CHAP authentication ended abnormally.
  • Accept: Commands from a host are received.
  • Reject: Commands from a host are rejected.

G

Serial number

The serial number of stored log information is output.

The serial number ranges from 0000000000 to 4294967295.

When the log information reaches 4,294,967,295 counts, the serial number is reset to 0000000000.