Common elements in audit messages
All audit messages contain the common elements.
Code | Type | Description |
---|---|---|
AMID |
FC32 |
Module ID: A four‐character identifier of the module ID that generated the message. This indicates the code segment within which the audit message was generated. |
ANID |
UI32 |
Node ID: The grid node ID assigned to the service that generated the message. Each service is allocated a unique identifier at the time the StorageGRID system is configured and installed. This ID cannot be changed. |
ASES |
UI64 |
Audit Session Identifier: In previous releases, this element indicated the time at which the audit system was initialized after the service started up. This time value was measured in microseconds since the operating system epoch (00:00:00 UTC on 1 January, 1970). Note: This element is obsolete and no longer appears in audit messages. |
ASQN |
UI64 |
Sequence Count: In previous releases, this counter was incremented for each generated audit message on the grid node (ANID) and reset to zero at service restart. Note: This element is obsolete and no longer appears in audit messages. |
ATID |
UI64 |
Trace ID: An identifier that is shared by the set of messages that were triggered by a single event. |
ATIM |
UI64 |
Timestamp: The time the event was generated that triggered the audit message, measured in microseconds since the operating system epoch (00:00:00 UTC on 1 January, 1970). Note that most available tools for converting the timestamp to local date and time are based on milliseconds. Rounding or truncation of the logged timestamp might be required. The human‐readable time that appears at the beginning of the audit message in the |
ATYP |
FC32 |
Event Type: A four‐character identifier of the event being logged. This governs the "payload" content of the message: the attributes that are included. |
AVER |
UI32 |
Version: The version of the audit message. As the StorageGRID software evolves, new versions of services might incorporate new features in audit reporting. This field enables backward compatibility in the AMS service to process messages from older versions of services. |
RSLT |
FC32 |
Result: The result of event, process, or transaction. If is not relevant for a message, NONE is used rather than SUCS so that the message is not accidentally filtered. |