IBM Tivoli Monitoring > Version 6.3 Fix Pack 2 > Administrator's Guide > Audit logging

IBM Tivoli Monitoring, Version 6.3 Fix Pack 2


Audit log XML example

The following sample audit record was generated during start-up and indicates that self-describing agent services on a particular monitoring server is disabled.

In this example the following questions can be answered:

Question Tag(s) Value Interpretation
Who UserID Empty The empty UserID tag indicates that this event was generated by an unknown UserID or an autonomous process performing an action that was not initiated directly by a user.
AuthID SYSTEM Indicates the ID that this event was authorized under.
What Op Self-Describing Agent Status The "Self-Describing Agent Status" operation was successfully completed (Result 0) with the explanatory message indicating that the self-describing agent feature has been disabled.
Msg Self-Describing Feature disabled at the local TEMS.
Result 0
Type Disable Indicates that this particular operation is of the generic "disable" type. Operations are typically self-explanatory, but they are all classified into a generic event model type (GEM), as specified by the Tivoli Security and Information Event Manager.
When ITM 1110610162443106 The time that the event was generated (not logged) in Coordinated Universal Time (UTC) format (CYYMMDDhhmmssms). This date reads: June 10, 2011 at 04:24:43 106 ms.
OnWhat Name SDA Services The object name is the affected code, component, of other contextually relevant identifier that receives the operation. In this example, the object "SDA Services" received the operation "Self-Describing Agent Status" which successfully completed (with a result of 0) on the object "SDA Services".
Where SYSID HUB_NC051039 This is where the event was logged. The application KMS on Managed System ID HUB_NC051039 (IP 10.1.1.1) logged this event. This system identifies itself as the Tivoli Enterprise Monitoring Server.
Addr 10.1.1.1
Name Tivoli Enterprise Monitoring Server
App KMS
WhereFrom SYSID HUB_NC051039 This event was initiated on MSN HUB_NC051039 (IP 10.1.1.1). This system identifies itself as the Tivoli Enterprise Monitoring Server.
Addr 10.1.1.1
Name Tivoli Enterprise Monitoring Server
WhereTo SYSID HUB_NC051039 The event is targeted at MSN HUB_NC051039 (IP 10.1.1.1). This target system is identified as the Tivoli Enterprise Monitoring Server.
Addr 10.1.1.1
Name Tivoli Enterprise Monitoring Server


Parent topic:

Audit logging

+

Search Tips   |   Advanced Search