Safeguard Audit Service Manual (G06.29+, H06.08+, J06.03+)
Audit File Record Formats
Safeguard Audit Service Manual — 520480-031
A - 13
Primary Audit Record
ZSFG-VAL-OPER-UPDATE
indicates the same type of operation as ZSFG-VAL-OPER-READWRITE.
ZSFG-VAL-OPER-USETAPE
indicates a USETAPE operation.
ZSFG-VAL-OPER-VERIFYUSER
indicates a user authentication and subsequent logon performed by the
operating system or the Safeguard subsystem.
ZSFG-VAL-OPER-WRITE
indicates an attempt to open an object for a write operation.
ZSFG-VAL-OPER-TACLLOGOFF
indicates an attempt to audit the TACL session Logoff events..
ZOUTCOME
is the outcome of the operation described by ZOPERATION. For Safeguard
events, ZOUTCOME indicates the Safeguard ruling on the operation. The actual
success of the operation might depend on a client subsystem.
Two sets of outcomes are defined. Their applicability depends on the type of
operation. If the operation is an authentication, ZSFG-VAL-OPER-VERIFYUSER or
ZSFG-VAL-OPER-AUTHENTICATE, the possible outcomes are:
ZSFG-VAL-AUTH-USER-EXPIRED
The authentication attempt failed because the user ID expired.
ZSFG-VAL-AUTH-USER-FAILED
The authentication attempt failed because the number of failed attempt
s by the
user exceeded the configured maximum.
ZSFG-VAL-AUTH-USER-FROZEN
The authentication attempt failed because the user ID was frozen.
ZSFG-VAL-AUTH-USER-INVALID
The authentication attempt failed because the user was invalid or unknown to
the system.
Note. This value is supported only on systems running J06.03 and later J-series
RVUs, H06.14 and later H-series RVUs, and G06.32 and later G-series RVUs.