SADD: Security Audit Disable
This message indicates that the originating service (node ID) has turned off audit message logging; audit messages are no longer being collected or delivered.
Code | Field | Description |
---|---|---|
AETM |
Enable Method |
The method used to disable the audit. |
AEUN |
User Name |
The user name that executed the command to disable audit logging. |
RSLT |
Result |
This field has the value NONE. RSLT is a mandatory message field, but is not relevant for this message. NONE is used rather than SUCS so that this message is not filtered. |
The message implies that logging was previously enabled, but has now been disabled. This is typically used only during bulk ingest to improve system performance. Following the bulk activity, auditing is restored (SADE) and the capability to disable auditing is then permanently blocked.