The Security Audit Trail (SAT) is a component of SECOS and is used to log security-related events in BS2000.

BCAM informs SAT of specific events.

SAT can be set up to detect access attempts, and can detect the culprit in the event of security violations. SAT logs the events in SAT log files (SATLOG).

The SATUT utilities program evaluates the log files.

Specific security-critical events can be monitored without delay using the SAT alarm function. The alarm message appears on the operator console, so that the operator can decide what measures need to be taken.

Security personnel can specify whether the BCAM events should be recorded in SAT.

Additional information about SAT can be found in the “SECOS (BS2000)” manual.

The following events are logged in BCAM:

• TSAP opened successfully

• TSAP opened with errors

• TSAP closed successfully

• TSAP closed with errors

• Connection opened successfully

• Connection opened with errors

• Connection terminated successfully

• Connection terminated with errors

The following data is sent to SAT:

• Name type

• Application name

• Partner name

• Host name

• Partner/host name

• Application ID

• Connection ID

• Address type

• Own port number

• Partner port number

• Own IPv4 address

• Partner IPv4 address

• Own IPv6 address

• Partner IPv6 address

• Own ISO-TSEL

• Partner ISO-TSEL

• BCAM return code

For the assignment of logged data to events, see the “SECOS (BS2000) Security Control System” manuals in the “Information that can be logged for each object event” tables.