Application-related audits

Application-related audit logs allow you to track user operations on IBM® Spectrum Symphony services managed by EGO, service packages, sessions, and applications.

Note: Audit logs do not exist in IBM Spectrum Symphony Developer Edition.

Audit log file	Object	Audited operation
repositoryservice.audit.log	Service packages	Add Remove
application.audit.log	Sessions	Kill Suspend Resume
application.audit.log	Applications	Enable Disable Register Unregister
egoservice.audit.log	Services managed by EGO: Session Director Repository Service Note: EGO Service Controller event logging must be turned on for service events to be logged	Start Stop

Log location

Application-related audit logs are located in the same directory as EGO audit logs and the location is defined with the parameter EGO_AUDIT_LOGDIR in the configuration file ego.conf.

Audit log file format

The log file format for application-related audit log files is the same as that of the EGO audit log files with additional possible objects and actions. The following table lists the additional objects and actions in context of the audit log file format.

Note: The service object already exists in EGO. What is additional for applications is the logging of the SD and RS service actions.

DATE/TIME	TYPE	USER	OBJECT	`ID`	`ACTION`	DETAIL
`time_stamp`	CONTROL	`user_name`	PACKAGE	application_name	added	-
`time_stamp`	CONTROL	`user_name`	PACKAGE	application_name	removed	-
`time_stamp`	CONTROL	`user_name`	PACKAGE	application_name	add fail	`msg`
`time_stamp`	CONTROL	`user_name`	PACKAGE	application_name	remove fail	`msg`
`time_stamp`	CONTROL	`user_name`	APPLICATION	application_name	enabled	-
`time_stamp`	CONTROL	`user_name`	APPLICATION	application_name	disabled	-
`time_stamp`	CONTROL	`user_name`	APPLICATION	application_name	registered	-
`time_stamp`	CONTROL	`user_name`	APPLICATION	application_name	unregistered	-
`time_stamp`	CONTROL	`user_name`	APPLICATION	application_name	enable fail	`msg`
`time_stamp`	CONTROL	`user_name`	APPLICATION	application_name	disable fail	`msg`
`time_stamp`	CONTROL	`user_name`	APPLICATION	application_name	register fail	`msg`
`time_stamp`	CONTROL	`user_name`	APPLICATION	application_name	unregister fail	`msg`
`time_stamp`	CONTROL	`user_name`	SESSION	application_name:session_ID	killed	-
`time_stamp`	CONTROL	`user_name`	SESSION	application_name:session_ID	suspended	-
`time_stamp`	CONTROL	`user_name`	SESSION	application_name:session_ID	resumed	-
`time_stamp`	CONTROL	`user_name`	SESSION	application_name:session_ID	kill fail	`msg`
`time_stamp`	CONTROL	`user_name`	SESSION	application_name:session_ID	suspend fail	`msg`
`time_stamp`	CONTROL	`user_name`	SESSION	application_name:session_ID	resume fail	`msg`
`time_stamp`	CONTROL	`user_name`	SERVICE	SD	started	-
`time_stamp`	CONTROL	`user_name`	SERVICE	SD	stopped	-
`time_stamp`	CONTROL	`user_name`	SERVICE	SD	start_failed	`msg`
`time_stamp`	CONTROL	`user_name`	SERVICE	SD	stop_failed	`msg`
`time_stamp`	CONTROL	`user_name`	SERVICE	RS	started	-
`time_stamp`	CONTROL	`user_name`	SERVICE	RS	stopped	-
`time_stamp`	CONTROL	`user_name`	SERVICE	RS	start_failed	`msg`
`time_stamp`	CONTROL	`user_name`	SERVICE	RS	stop_failed	`msg`