Previous Topic: VMDIRECT AUDIT FileNext Topic: Audit Codes

Reference GuideCommand ReferenceAUDITEXT CommandUsing ADDMDISK with MacrosVMDIRECT AUDIT FileVMDIRECT AUDIT File Fields

VMDIRECT AUDIT File Fields

The following table describes the contents of each field in those records.

Columns

Field

Description

1 – 6

date

Date the command was issued; in yymmdd format.

7 – 12

time

Time the command was issued; in hhmmss format.

13 – 20

addr

Terminal device address associated with the processing virtual machine, or DSC if it is a disconnected virtual machine. For additional information about terminal addresses, see the section Terminal Addresses in this chapter.

All terminal addresses are leftjustified and padded with blanks:

  • Real devices are represented by four hexadecimal digits. (Example: 0024)
  • Logical device addresses begin with the letter L followed by the fourdigit hexadecimal device address. (Example: L0123)
  • IPv4 addresses are represented by eight hexadecimal digits. (Example: C7001350)
  • VTAM net name addresses (netid) represented by any eight characters. (Example: WEST0016)
  • IPV6ADDR
  • Remote addresses (resid) begin with the letter R followed by the fourdigit hexadecimal line address. (Example: R0166)

21 – 28

userid

User ID or logon ID of the processing virtual machine. The userid is left‑justified and padded with blanks.

29 – 32

cde

Audit code that represents the function performed. The audit code is a fourdigit decimal number padded to the left with leading zeros. For a description of the audit codes, see the table, AUDITEXT Command Audit Codes, in this chapter.

33 – 40

token1

First token, if any, associated with the audit code. The token is left‑justified and padded with blanks. Typically, for CA VM:Director commands, token1 is the user ID whose directory entry is being manipulated.

41 – 48

token2

Second token, if any, associated with the audit code. The token is left‑justified and padded with blanks. Typically, for CA VM:Director commands, token2 is the virtual device address of the device being manipulated.

49 – 56

token3

Third token, if any, associated with the audit code. The token is left‑justified and padded with blanks. For the contents of token3, see the table, AUDITEXT Command Audit Codes, in this chapter.

57 – 64

token4

Fourth token, if any, associated with the audit code. The token is left‑justified and padded with blanks. For the contents of token4, see the table, AUDITEXT Command Audit Codes, in this chapter.

65

Flag

Identifies the type of terminal address in columns 13‑20. Values for the flag are:

  • 0—Real device address
  • D—Disconnected
  • I—IPv4 address
  • 6—IPv6 address
  • L—Logical device
  • N—Net name; SNA logical unit name
  • R—Resid

66 ‑ 80

 

Reserved for future use.

 

 

Columns below are only present when the enhanced format for the AUDIT file is used. To convert the AUDIT file to enhanced format, see the description of the AUDRECFM configuration file statement in chapter “Configuration File Reference.”

81 ‑ 112

IPv6 terminal address

When column 65 is a ‘6’, then columns 13-20 in the record will be set to the constant value ‘IPV6ADDR’, and these columns will be set to the 32 hexadecimal digits of the IPv6 terminal address.

113 ‑ 145

IPv6 terminal address

When column 66 is a ‘6’, then columns 33-40 in the record will be set to the constant value ‘IPV6ADDR’, and these columns will be set to the 32 hexadecimal digits of the IPv6 terminal address.