Skip to main content

Common elements in audit messages

Contributors

All audit messages contain the common elements.

Code Type Description

AMID

FC32

Module ID: A four-character identifier of the module ID that generated the message. This indicates the code segment within which the audit message was generated.

ANID

UI32

Node ID: The grid node ID assigned to the service that generated the message. Each service is allocated a unique identifier at the time the StorageGRID system is configured and installed. This ID can't be changed.

ASES

UI64

Audit Session Identifier: In previous releases, this element indicated the time at which the audit system was initialized after the service started up. This time value was measured in microseconds since the operating system epoch (00:00:00 UTC on 1 January, 1970).

Note: This element is obsolete and no longer appears in audit messages.

ASQN

UI64

Sequence Count: In previous releases, this counter was incremented for each generated audit message on the grid node (ANID) and reset to zero at service restart.

Note: This element is obsolete and no longer appears in audit messages.

ATID

UI64

Trace ID: An identifier that is shared by the set of messages that were triggered by a single event.

ATIM

UI64

Timestamp: The time the event was generated that triggered the audit message, measured in microseconds since the operating system epoch (00:00:00 UTC on 1 January, 1970). Note that most available tools for converting the timestamp to local date and time are based on milliseconds.

Rounding or truncation of the logged timestamp might be required. The human-readable time that appears at the beginning of the audit message in the audit.log file is the ATIM attribute in ISO 8601 format. The date and time are represented as YYYY-MMDDTHH:MM:SS.UUUUUU, where the T is a literal string character indicating the beginning of the time segment of the date. UUUUUU are microseconds.

ATYP

FC32

Event Type: A four-character identifier of the event being logged. This governs the "payload" content of the message: the attributes that are included.

AVER

UI32

Version: The version of the audit message. As the StorageGRID software evolves, new versions of services might incorporate new features in audit reporting. This field enables backward compatibility in the AMS service to process messages from older versions of services.

RSLT

FC32

Result: The result of event, process, or transaction. If is not relevant for a message, NONE is used rather than SUCS so that the message is not accidentally filtered.