Common elements in audit messages

02/04/2024 Contributors

All audit messages contain the common elements.

Code Type Description

Code	Type	Description
AMID	FC32	Module ID: A four-character identifier of the module ID that generated the message. This indicates the code segment within which the audit message was generated.
ANID	UI32	Node ID: The grid node ID assigned to the service that generated the message. Each service is allocated a unique identifier at the time the StorageGRID system is configured and installed. This ID can't be changed.
ASES	UI64	Audit Session Identifier: In previous releases, this element indicated the time at which the audit system was initialized after the service started up. This time value was measured in microseconds since the operating system epoch (00:00:00 UTC on 1 January, 1970). Note: This element is obsolete and no longer appears in audit messages.
ASQN	UI64	Sequence Count: In previous releases, this counter was incremented for each generated audit message on the grid node (ANID) and reset to zero at service restart. Note: This element is obsolete and no longer appears in audit messages.
ATID	UI64	Trace ID: An identifier that is shared by the set of messages that were triggered by a single event.
ATIM	UI64	Timestamp: The time the event was generated that triggered the audit message, measured in microseconds since the operating system epoch (00:00:00 UTC on 1 January, 1970). Note that most available tools for converting the timestamp to local date and time are based on milliseconds. Rounding or truncation of the logged timestamp might be required. The human-readable time that appears at the beginning of the audit message in the `audit.log` file is the ATIM attribute in ISO 8601 format. The date and time are represented as `YYYY-MMDDTHH:MM:SS.UUUUUU`, where the `T` is a literal string character indicating the beginning of the time segment of the date. `UUUUUU` are microseconds.
ATYP	FC32	Event Type: A four-character identifier of the event being logged. This governs the "payload" content of the message: the attributes that are included.
AVER	UI32	Version: The version of the audit message. As the StorageGRID software evolves, new versions of services might incorporate new features in audit reporting. This field enables backward compatibility in the AMS service to process messages from older versions of services.
RSLT	FC32	Result: The result of event, process, or transaction. If is not relevant for a message, NONE is used rather than SUCS so that the message is not accidentally filtered.

AMID

FC32

Module ID: A four-character identifier of the module ID that generated the message. This indicates the code segment within which the audit message was generated.

ANID

UI32

Node ID: The grid node ID assigned to the service that generated the message. Each service is allocated a unique identifier at the time the StorageGRID system is configured and installed. This ID can't be changed.

ASES

UI64

Audit Session Identifier: In previous releases, this element indicated the time at which the audit system was initialized after the service started up. This time value was measured in microseconds since the operating system epoch (00:00:00 UTC on 1 January, 1970).

Note: This element is obsolete and no longer appears in audit messages.

ASQN

UI64

Sequence Count: In previous releases, this counter was incremented for each generated audit message on the grid node (ANID) and reset to zero at service restart.

Note: This element is obsolete and no longer appears in audit messages.

ATID

UI64

Trace ID: An identifier that is shared by the set of messages that were triggered by a single event.

ATIM

UI64

Timestamp: The time the event was generated that triggered the audit message, measured in microseconds since the operating system epoch (00:00:00 UTC on 1 January, 1970). Note that most available tools for converting the timestamp to local date and time are based on milliseconds.

Rounding or truncation of the logged timestamp might be required. The human-readable time that appears at the beginning of the audit message in the audit.log file is the ATIM attribute in ISO 8601 format. The date and time are represented as YYYY-MMDDTHH:MM:SS.UUUUUU, where the T is a literal string character indicating the beginning of the time segment of the date. UUUUUU are microseconds.

ATYP

FC32

Event Type: A four-character identifier of the event being logged. This governs the "payload" content of the message: the attributes that are included.

AVER

UI32

Version: The version of the audit message. As the StorageGRID software evolves, new versions of services might incorporate new features in audit reporting. This field enables backward compatibility in the AMS service to process messages from older versions of services.

RSLT

FC32

Result: The result of event, process, or transaction. If is not relevant for a message, NONE is used rather than SUCS so that the message is not accidentally filtered.

Common elements in audit messages

Creating your file...