The event in AA reports show in the format and time zone which is configured via the Global Admin UI. This document discusses how to configure the same.  Document also talks about one more aspect which is the format in which the DATELOGGED data is actually saved in the CA Riskauthentication database. 

Release : All releases of AA

Component : Risk Authentication

This is an informational document only. 

1. To change the format and time zone in which the admin wishes to see the audit events in the report please follow the screens shots

a. Screenshot#1 - The screens shows that "Transaction Date" is currently in the format  MM/DD/YYY HH:MM:SS (not fully visible). Click on the Global Admin name (in this case GADMIN) and you will come to screen as in Screenshot #2 in bullet b.

b. Screenshot#2 - Use the Admin UI screen to change time format edit "Date Time Format" and to change the time zone use "Time Zone". Do not forget to save your changes. 

The DB table name (ARRFSYSAUDITLOG) here has been shared with caution that in future AA versions Broadcom may not use the same table or the same column for the timestamp data of the audited event.   

Not that  there is a sql script called db-config-for-riskauth.sql  for example for MSSQL is in <ARCOT_HOME>\dbscripts\mssql. The db-config-for-riskauth.sql has a CREATE TABLE ARRFSYSAUDITLOG clause where for DATELOGGED element if DATETIME is used then the stored record will have the MM/DD/YYY HH:MM:SS format as also shown in Screenshot #3

CREATE TABLE ARRFSYSAUDITLOG
(
    INSTANCEID       NUMERIC(38,0)       NOT NULL,
    TXID             NUMERIC(18,0)   NOT NULL,
    SESSIONID        VARCHAR(32)   NULL,
    DATELOGGED      DATETIME          DEFAULT GETDATE() NOT NULL,
    CALLERID         VARCHAR(256)  NULL,
    TXNTYPE          NUMERIC(38,0)        NOT NULL,
    -- 1 - evaluateRisk, 2 - update Attributes, 3 - CreateAssociation,
    -- 4 - ShowAssociations, 5 - DeleteAssociatio
    STATUS           NUMERIC(38,0)       NOT NULL, -- 0 = success, 1 or more for corresponding error code.
    ORGNAME          VARCHAR(64)        NOT NULL,
    CONFIGVERSION       NUMERIC(38,0)         NULL, -- references ARRFSYSORGCONFIG
    CONFIGNAME          VARCHAR(128)    NULL,
    CHANNELNAME         VARCHAR(128)    NULL,
    USERNAME            NVARCHAR(256)  NULL,
    -- User input, might map to an existing user or may be incorrect value entered by user.
    HTTPDEVICEID     VARCHAR(128)  NULL, -- Input device id collected from HTTP cookie.
    FLASHDEVICEID    VARCHAR(128)  NULL, -- Input device id collected from FLASH cookie.
    JARDEVICEID      VARCHAR(128)  NULL, -- Input device id collected from cached JAR's cookie.
    DEVICESIGNATURE  VARCHAR(4000) NULL, -- JSON string.
    SHORTDEVICESIGNATURE  VARCHAR(512)  NULL, -- Compact form of the device signature

============ above not complete intentionally as only a portion is relevant for discussion=====================================================

Screenshot #3 This screenshot just shows if "datetime"  is used for DATELOGGED element in the ARSYSAUDITLOG table then the format in the DB will be in the form MM/DD/YYY HH:MM:SS