Safeguard Audit Service Manual (G06.24+, H06.03+)
Audit File Record Formats
Safeguard Audit Service Manual—520480-014
A-2
Audit File Structure
•
Full name of the preceding audit file
•
Full name of the audit file
•
Full name of the next audit file
•
Time, specified as a Greenwich mean time (GMT) timestamp, when the audit file
was initialized and the header record written
•
Safeguard version number
•
Operating system TOSVERSION
•
Local time zone offset relative to Greenwich mean time
Audit Records
The audit file also contains primary audit records and secondary audit records.
For each audited event, the audit service writes one primary audit record to the current
audit file. Additional information about this event can be contained in secondary
records. Secondary records are associated with a primary record by a corresponding
audit number field in each record. This field contains a serial number, that uniquely
identifies the audited event. Primary and secondary records apply to the same event
when the audit number fields in each record match.
A single secondary record is generated when there is an audited attempt to add or
delete a Safeguard record. An audited attempt to read an object record, user record, or
group record also generates a single secondary record. The secondary record contains
an image of the affected record.
Audited attempts to change most Safeguard records result in two secondary audit
records along with the primary record. One secondary record contains the image of the
Safeguard record before the attempted change, and the other secondary record
contains an image of the Safeguard record showing the attempted change. If the
attempted change involves a user or alias authentication record, four secondary
records are generated. The two additional records represent the extension to the
authentication record. One represents the extension before the attempted change, and
the other represents the extension showing any attempted change.