How to understand the Audit Trail log file
search cancel

How to understand the Audit Trail log file

book

Article ID: 89128

calendar_today

Updated On:

Products

CA Automic Dollar Universe

Issue/Introduction

Affects Release version(s): 5.x

Dollar Universe

Environment

Release:
Component: ADLRUN

Resolution

Subject

How to understand the Audit Trail log file

Application Validation Tests

The FAQ "How to use the audit trail?" discussed the purpose of audit trail and how to enable it. This FAQ will explain how to get useful information from it.

Explanation

A record consists of several fields.

First 2 columns: data and time stamp when concerned operation was performed
3rd and 4th columns: the concerned OS user
5th and 6th columns: the concerned $U user
7th and 8th columns: $U profile of this user
9th and 10th columns: the $U node name, where the operation was performed from
11th and 12th columns: the program that was used to perform this operation
13th and 14th columns: operation performed
15th and 16th columns: the record or object that has been changed

Let's consider the following records from the uxiotrns.log; the explanation is followed.

20040914 120532 : user_system [user1] user_universe [univa] profil [PROFADM] node [DA_US_W_04] prog [GraphicJobMonitor] DELETE CTL key [S1 0000055TRAILER 0000152DA_US_U_05]

The above line records the following information:
On 2004-09-14 at 12:05:32, system user "user1" with Dollar Universe user "univa" with the profile "PROFADM", using the program "Graphic Job Monitor" on a node DA_US_W_04, deleted a record from the job monitor. The record is for session S1 with session number: 0000055; and the uproc is a TRAILER with a uproc number: 0000152 in the MU DA_US_U_05.

The following are some common key codes used in the uxiotrns.log file.

CREATE LPR : Created a launch
SURVYE LPR : Launch under surveillance, e.g. with uxalrjob command
RELAUNCH LPR : Released a launch
CANCEL LPR : Stopped a launch while executing, manually or with surveillance commands
HOLD LPR : Suspended a launch
RELEASE LPR : Released a suspended a launch
DELETE LPR : Deleted a launch from the Expected Launch window
DELETE UPR : Deleted a uproc
UPDATE UPR : Updated a uproc
UNLOCK UPR : Unlocked a uproc to make it available to edit
DUPLICATE UPR : Duplicated a uproc
STOP ATM : Stopped an engine
START ATM : Started an engine
CREATE USER : Created a new Dollar Universe User
DELETE USER : Deleted a Dollar Universe User
UPDATE TSK : Updated a task
HOLD TSK : Disabled a task from the Scheduled Task window
RELEASE TSK : Re-enabled a disabled task
DUPLICATE TSK : Duplicated a task
DELETE CTL : Purged a record from the Job Monitor
DELETE EVT : Deleted an event
DELETE HSDST : Delete a distribution history record

Powered by Wolken Software