Safeguard Audit Service Manual (G06.24+, H06.03+)
Audit File Record Formats
Safeguard Audit Service Manual—520480-014
A-5
Primary Audit Record
ZTIMEZONE-OFFSET
is, in microseconds, the local standard time zone of the auditing system as a
signed, 64-bit integer offset relative to Greenwich mean time. The offset for time
zones longitudes 0 and 180 degrees West is negative. For all others, it is positive.
ZAUDIT-FILENAME
is the name, including the volume name and subvolume name, of this audit file
when it was first opened.
ZAUDIT-FILE-PREDECESSOR
is the name of the preceding audit file, including the volume name and subvolume
name. If this audit file is the first used after the Safeguard subsystem is stopped
and then restarted, this field is blank.
ZAUDIT-FILE-SUCCESSOR
is the name, including the volume name and subvolume name, of the successor
audit file. If it is the current audit file at the time the Safeguard subsystem is
stopped, this field is blank. The field is also blank if the volume on which the audit
file resides becomes unavailable while the file is in use.
ZCLOSE-TIME
is a 64-bit GMT timestamp specifying the date and time when the audit file was
closed. This field contains zero if the Safeguard subsystem is terminated
abnormally or if the volume on which the audit file resides becomes unavailable
while the file is in use.
ZCOMPRESSION-ID
is reserved for future use.
ZSFG-VERSIONBANNER
is the version of the process that initialized this audit file.
Primary Audit Record
A primary audit record represents each audited security event. It has this definition:
DDL Definition
DEF ZSFG-DDL-PRIMARY-RECORD.
02 ZRECORD-TYPE TYPE ZSPI-DDL-ENUM.
02 ZRECORD-LEN TYPE ZSPI-DDL-UINT.
02 ZAUDITNUMBER TYPE ZSPI-DDL-BYTE OCCURS 10 TIMES.
02 ZTIME-REPORTED TYPE ZSPI-DDL-TIMESTAMP.
02 ZTIME-RECEIVED TYPE ZSPI-DDL-TIMESTAMP.
02 ZVERACITY TYPE ZSPI-DDL-ENUM.