This section explains the audit log files provided by Systemwalker Operation Manager.
File name
mp_omgr_auditYYMMDD.log |
Description
This file records changes to definitions relating to Systemwalker Operation Manager jobs and histories of operations on jobs. This file can be viewed by only operating system administrators.
File Location
The default settings used when Systemwalker Operation Manager is installed are as shown in the following table.
See "Defining Audit Log Output" in the Systemwalker Operation Manager Installation Guide for how to change the settings.
Windows | Systemwalker installation directory\MpWalker.JM\mpcmtool\audit |
Solaris | /var/opt/FJSVftlo/audit |
File Format
The following information is recorded as a single record per line. The file format is CSV format, and each item is separated by a comma.
Item | Maximum length (bytes) | Format | Remarks |
|---|---|---|---|
Date | 29 | YYYY/MM/DD_HH:mm:SS.sss_[+|-]UTC | "_" indicates a single space. YYYY: Four-digit year MM: Two-digit month (01 to 12) DD: Two-digit day (01 to 31) HH: Two-digit hours (00 to 23) mm: Two-digit minutes (00 to 59) SS: Two-digit seconds (00 to 59) sss: Three-digit milliseconds (000 to 999) +|- UTC: Time difference as compared to UTC. The "+" or "-" will be followed by a four-digit number. |
Operation location | 1024 | String indicating the location where the operation was performed. One of the following strings will be output.
| |
Execution host | 1024 | String indicating either the name of the host where the operation requested by a client was executed, or the name of the host where a command or API was executed | |
Operator | 255 | The user ID used to log in to Systemwalker Operation Manager or the user ID used to log in to the operating system on the server. [Windows] The user name is output using either of the following formats: "computer name\user ID" or "domain name\user ID". Only the user ID is output when using the Systemwalker User Management function. Note that when multi-server monitoring is conducted using a multi-server monitoring client, the operator output to the monitored servers will differ depending on the user who has logged into the monitoring server.
| The string "server" will be output in the following situations
|
Operation type | 512 | String that classifies the content of the operation that has been performed | The operation type will be output using the following format: <operation>_<additional information> See "List of Search Keywords for Audit Logs" in the Systemwalker Operation Manager User's Guide for details. |
Operation target | 4096 | Information for identifying the operation target is output. If multiple items are output, each item will be separated by a semicolon. | See "List of Search Keywords for Audit Logs" in the Systemwalker Operation Manager User's Guide for details. |
Operation content | 4096 | The content of the operation that has been performed is output. Example: "Stopped Job A" | If definitions have been changed using a command or API, or if job operations have been performed using a command or API, the output will be as below.
|
Execution result | 1 | B: BEGIN (operation started) S: SUCCESS (operation successful) F: FAIL (operation failed) C: CANCEL | "B" (for "BEGIN") is output when processing (for a command, etc.) will take a long time, in order to indicate that the processing has started. If a "BEGIN" log has been output, another log will be then output as a single line indicating the result of the processing (either "SUCCESS", "FAIL" or "CANCEL"). |
Component | 256 | The name of the component (function) operated on will be output. | The information that is output corresponds to function names as follows: MPCMTOOLO: Common tools MPFWSEC: ACL manager MPJMCAL: Calendar, Power Control MPJOBSCH: Jobscheduler MPJMSRV: Operation Manager common infrastructure MPMJES: Job Execution Control MPSTEM: Master Schedule Management MPNJSOSV: Task link |
Additional information | 1024 | Supplementary detailed information may be output, such as the process ID when commands are executed, or the version of the client that has connected. | The following information is output in the authentication logs that are output as a pair with the log output when connected clients log in to the server:
|
Reserved area | - | - | This area is not used. |
[Additional information]
This is supplementary information for the operation type. The following table shows the main keywords.
Additional information | Description |
|---|---|
CALENDAR | Calendar information |
CARRYIEDOVERJOBNET | Carried over job net |
DAEMON/SERVICE | Daemon/service |
GROUP | Group |
JOB | Job |
JOBNET | Job net |
LGMANAGE | Password management book |
MESSAGE | Message event |
OMGR_USER | Operation Manager user |
PERMISSION | Access rights |
PROJECT | Project |
QUEUE | Queue |
SCHEDULES | Schedule |
SERVER | Server |
Information
See "List of Search Keywords for Audit Logs" in the Systemwalker Operation Manager User's Guide for keywords to search audit logs.
Reference
mpsetlogsend_omgr
Examples
"2006/09/26 11:25:12.672 +0900","10.90.100.100","host1","user1","ADD_PROJECT","SUBSYSTEM=0;PROJECT=PRJ01;"," The project is added.",S,"MPJOBSCH","PID=8045;", "2006/09/26 11:30:41.835 +0900","10.90.100.100","host1","user1","ADD_JOBNET","SUBSYSTEM=0;PROJECT=PRJ01;JOBNET=JOBNET01;"," The job net is added.",S,"MPJOBSCH","PID=8045;", "2006/09/26 11:30:45.390 +0900","10.90.100.100","host1","user1","START_JOBNET","SUBSYSTEM=0;PROJECT=PRJ01;JOBNET=JOBNET01;"," The job net is started.",S,"MPJOBSCH","PID=8045;",
