Safeguard Audit Service Manual (G06.24+, H06.03+)
SAFEART Field Descriptions
Safeguard Audit Service Manual—520480-014
7-9
Secondary Text Area
Depending on the type of operation involved, more than one secondary record might
be associated with an event. For example, if you attempt to change a disk-file
protection record, the audited event contains two secondary records. One secondary
record contains a representation of the disk-file protection record before the change,
and the other secondary record contains a representation of the attempted change.
The Outcome field in the primary record indicates whether the attempt succeeded.
The SecondaryRecordType field indicates whether the record represents a before
image. Other possible types of secondary records appear in Table 7-8 on page 7-51.
Secondary Text Area
The text area portion of the secondary record immediately follows the
SecondaryTextAreaType field. The subsystem that reported the event uses the text
area to supply additional information about the event. This information can vary from a
simple command line to a more complex Safeguard protection record. The
SecondaryTextAreaType field specifies the type of information that appears in the
SecondaryTextArea. A complete list of secondary text area types appears in Table 7-9
on page 7-51.
Because information comes from a variety of subsystems and clients, some items that
appear in the text area are variable in format and cannot be selected with SET
WHERE commands. However, you can use SET WHERE commands to select events
when a Safeguard record appears in the text area.
The secondary text area structures generated by the Safeguard subsystem allow you
to select events based on the fields within the text area. The fields contain a prefix to
help you identify the type of Safeguard record that appears in the text area.
SecondaryTimeReceived Date and
time
Specifies the date and time when the event
description was received by the audit service
collector process. You cannot use this field in
SET WHERE commands.
SecondaryTimeReported Date and
time
Specifies the date and time when the client or
subsystem sent the event description to the audit
service collector process. You cannot use this
field in SET WHERE commands.
SecondaryVeracity Enumerated Specifies the level of trust that can be placed on
the contents of this record. This level depends on
the source of the audit request, trusted or
untrusted, and the errors or lack of errors in the
audit request itself. Possible values appear in
Table 7-10
on page 7-55.
Table 7-2. Secondary Record Fields (page 2 of 2)
Field Name Field Type Description