HP Medical Archive Solution manual Audit Log File Format, Audit Message Format

Page 17

HPMA Audit Message Reference

Audit Log File Format

The audit log contains individual audit messages in the following format:

1.Date and time stamp (local time) the message was processed at the AMS, followed by the server host name and the string “AMS:”.

2.The message itself, enclosed within square brackets “[]”. The message structure is discussed in the next section on page 6.

The following is the beginning of a sample log file. Messages are

wrapped within the boundaries shown, ending after the ASQN attribute and double closing brackets “]]”. The <CR><LF> characters

at the end of each message are not shown.

Feb 12 02:37:34 an1-a-1 AMS: [AUDT[RSLT(FC32):'DSDN'][AVER(UI32):3][ATYP(FC32):'SYSU'][ATIM(UI64):11081758444743 62][ATID(UI64):9384121014334693630][ANID(UI32):15010119][AMID(FC32):'ARNI'][ASQN(UI 64):0]]

Feb 12 02:37:34 an1-a-1 AMS: [AUDT[SEID(FC32):'RCON'][CNDR(FC32):'OUTB'][SVIP(UI32):1501][DAIP(IP32):14.1.1.13][ SAIP(IP32):14.1.1.19][CNID(UI64):1716307103][RSLT(FC32):'CRFU'][AVER(UI32):3][ATYP( FC32):'ETCF'][ATIM(UI64):1108175844660669][ATID(UI64):5503182624165676149][ANID(UI3 2):15010119][AMID(FC32):'RCON'][ASQN(UI64):1]]

Feb 12 02:37:34 an1-a-1 AMS: [AUDT[SEID(FC32):'RCON'][CNDR(FC32):'OUTB'][SVIP(UI32):1501][DAIP(IP32):14.1.1.15][ SAIP(IP32):14.1.1.19][CNID(UI64):2329159112][RSLT(FC32):'CRFU'][AVER(UI32):3][ATYP( FC32):'ETCF'][ATIM(UI64):1108175854682710][ATID(UI64):7756750787035320318][ANID(UI3 2):15010119][AMID(FC32):'RCON'][ASQN(UI64):2]]

Audit Message Format

Audit messages exchanged within the grid include some standard information common to all messages, and specific content for the event or activity being reported.

Each audit message is logged as a string composed of attribute elements that are:

•Enclosed in square brackets “[ ]”

•Introduced by the string “AUDT”, indicating an audit message

6

HP Medical Archive

Image 17

Contents HP Medical Archive Solutions Audit Message Reference Guide Page Disclaimer Contents DCME-DICOM C-MOVE End Glossary Hpma Audit Message Reference HP Medical Archive Intended Audience PurposeCurrency Document Structure Using this GuideReferences ConventionsTerminology Contacts Audit Message Overview Chapter ContentsAudit Message Flow Overview of Auditing Audit Message Retention Message RetentionAudit Log File Access File and Message Format Audit Message Format Audit Log File FormatData Types Data TypesCommon Elements of Audit Messages Event-Specific DataCommon Elements Asqn AnidAmid Hpma Audit Message Reference HP Medical Archive Message3 Reference System Audit Messages IntroductionSystem Audit Messages Object Audit Messages Object Audit MessagesHttp Protocol Audit Messages Http Protocol Audit MessagesDicom Audit Messages Dicom Audit MessagesFile System Gateway Audit Messages File System Gateway Audit MessagesAudit Message Reference BKSB-Backup Store BeginBKSB-Backup Store Begin Fields BKSE-Backup Store End Fields BKSE-Backup Store EndCBRB-Object Receive Begin Fields CBRB-Object Receive BeginCBRE-Object Receive End Fields CBRE-Object Receive EndCBSB-Object Send Begin Fields CBSB-Object Send BeginCBSE-Object Send End Fields CBSE-Object Send EndCDAD-DICOM Study Add Fields CDAD-DICOM Study AddDASE-DICOM Association Establish DASC-DICOM Association CloseDASC-DICOM Association Close Fields DASE-DICOM Association Establish FieldsDASF-DICOM Association Fail Fields DASF-DICOM Association FailDCFE-DICOM C-FIND End Fields DCFE-DICOM C-FIND EndDCFS-DICOM C-FIND Start Fields DCFS-DICOM C-FIND StartDCGE-DICOM C-GET End Fields DCGE-DICOM C-GET EndDCME-DICOM C-MOVE End DCGS-DICOM C-GET StartDCGS-DICOM C-GET Start Fields DCME-DICOM C-MOVE End FieldsMove Direction DCMS-DICOM C-MOVE Start Fields DCMS-DICOM C-MOVE StartDCPE-DICOM C-STORE End DCMT-DICOM Storage CommitmentDCMT-DICOM Storage Commitment Fields DCPE-DICOM C-STORE End FieldsSOP Class SOP Class of the instance DCSF-DICOM C-STORE Fail DCPS-DICOM C-STORE StartDCPS-DICOM C-STORE Start Fields DCSF-DICOM C-STORE Fail FieldsDestination IP ETAF-Security Authentication Failed Fields ETAF-Security Authentication FailedETCA-TCP/IP Connection Establish Fields ETCA-TCP/IP Connection EstablishETCF-TCP/IP Connection Fail ETCC-TCP/IP Connection CloseETCC-TCP/IP Connection Close Fields ETCF-TCP/IP Connection Fail FieldsETCF-TCP/IP Connection Fail Fields FDEL-File Delete FCRE-File CreateFCRE-File Create Fields FDEL-File Delete FieldsFRNM-File Rename FMFY-File ModifyFMFY-File Modify Fields FRNM-File Rename FieldsFSWI-File Swap In Fields FSWI-File SwapFSTG-File Store to Grid FSTG-File Store to Grid FieldsFSWO-File Swap Out Fields FSWO-File Swap OutHCPE-HTTP PUT C-STORE End Fields HCPE-HTTP PUT C-STORE EndHDEL-HTTP Delete Transaction HCPS-HTTP PUT C-STORE StartHCPS-HTTP PUT C-STORE Start Fields HDEL-HTTP Delete Transaction FieldsHGEE-HTTP GET Transaction End Fields HGEE-HTTP GET Transaction EndHGES-HTTP GET Transaction Start Fields HGES-HTTP GET Transaction StartHHEA-HTTP Head Transaction Fields HHEA-HTTP Head TransactionHOPT-HTTP Options Transaction Fields HOPT-HTTP Options TransactionHPOE-HTTP Post Transaction End Fields HPOE-HTTP Post Transaction EndHPOS-HTTP Post Transaction Start Fields HPOS-HTTP Post Transaction StartHPUE-HTTP PUT Transaction End Fields HPUE-HTTP PUT Transaction EndHTSC-HTTP Session Close HPUS-HTTP PUT Transaction StartHPUS-HTTP PUT Transaction Start Fields HTSC-HTTP Session Close FieldsHTSE-HTTP Session Establish Fields HTSE-HTTP Session EstablishRPSE-Replication Session End RPSB-Replication Session BeginRPSB-Replication Session Begin Fields RPSE-Replication Session End FieldsAetm SADD-Security Audit DisableSADD-Security Audit Disable Fields SADE-Security Audit Enable Fields SADE-Security Audit EnableSCMT-Object Store Commit AeunSREM-Object Store Remove Fields SREM-Object Store RemoveSCMT-Object Store Commit Fields SVRF-Object Store Verify Fail Fields SVRF-Object Store Verify FailSVRU-Object Store Verify Unknown SYSU-Node Start SYSD-Node StopSVRU-Object Store Verify Unknown Fields SYSD-Node Stop FieldsTACE-Grid Task Action End TACB-Grid Task Action BeginTACB-Grid Task Action Begin Fields TACE-Grid Task Action End FieldsTSGC-Grid Task Stage Change Fields TSGC-Grid Task Stage ChangeTSTC-Grid Task State Change Fields TSTC-Grid Task State ChangeHpma Audit Message Reference HP Medical Archive Glossary FCS DicomFSG HpmaDicom Hpma Audit Message Reference

Related manuals

Manual 229 pages 17.97 Kb