Common elements in audit messages

There is a set of elements that are common to all audit messages.

Code Type Description
AMID FC32

Module ID: A four‐character identifier of the module ID that generated the message. This indicates the code segment within which the audit message was generated.

ANID UI32

Node ID: The grid node ID assigned to the service that generated the message. Each service is allocated a unique identifier at the time the StorageGRID Webscale system is configured and installed. This ID cannot be changed.

ASES UI64

Audit Session Identifier: Indicates the time at which the audit system was initialized after the service started up. This time value is measured in microseconds since the operating system epoch (00:00:00 UTC on 1 January, 1970). It can be used to identify which messages were generated during a given runtime session.

ASQN UI64

Sequence Count: A counter that is incremented for each generated audit message on the grid node (ANID). This counter is reset to zero at service restart. It can be used for consistency checks to ensure that no audit messages have been lost.

ATID UI64

Trace ID: An identifier that is shared by the set of messages that were triggered by a single event.

ATIM UI64

Timestamp: The time the event was generated that triggered the audit message, measured in microseconds since the operating system epoch (00:00:00 UTC on 1 January, 1970). Note that most available tools for converting the timestamp to local date and time are based on milliseconds.

Rounding or truncation of the logged timestamp might be required. The human‐readable time that appears at the beginning of the audit message in the audit.log file is the ATIM attribute in ISO 8601 format. (That is, the date and time is represented as YYYY-MMDDTHH:MM:SS.UUUUUU, where the T is a literal string character indicating the beginning of the time segment of the date. UUUUUU are microseconds).

ATYP FC32

Event Type: A four‐character identifier of the event being logged. This governs the "payload" content of the message: the attributes that are included.

AVER UI32

Version: The version of the audit message. As the StorageGRID Webscale software evolves, new versions of services might incorporate new features in audit reporting. This field enables backward compatibility in the AMS service to process messages from older versions of services.

RSLT FC32 Result: The result of event, process, or transaction. If is not relevant for a message, NONE is used rather than SUCS so that the message is not accidently filtered.