SESAM/SQL logs security relevant events with the help of the component SAT (Security Audit Trail) of the software product SECOS.
An overview of this function is given in the “ Core manual”, in the section “Logging securityrelevant events with SAT”. For more information about SAT and the SAT evaluation routine SATUT, refer to the “ Security Control System - Audit” manual.
For each security relevant event, a log record (SATLOG record) is written in the protected SATLOG file. The SATLOG file can be analyzed later using the SATUT evaluation routine.
SATLOG records consist of a fixed part which is constantly supplied, and a variable part which contains information about the security relevant event from SESAM/SQL.
The following fields in the fixed part of every SATLOG record are always assigned values:
user ID and TSN of the DBH task (user-id, tsn)
logging time (timestp)
abbreviated name of the event (evt) and result of the event (res)
chipcard ID if a chipcard is used
Fieldname | al/ fil | exit | Meaning and values of information: SDF data type or keywords |
auditid | * | 0001 | Audit subject identification |
evt | 00F3 | Abbreviated name of the event | |
res | 00F5 | Result of the event | |
timestp | 00F1 | Logging time | |
tsn | 00F4 | TSN of the DBH task | |
user-id | 00F6 | User ID of the DBH task |
Table 51: Field names and values for every SATLOG record
These fields are therefore no longer mentioned in the following SESAM-specific tables. For the meaning of the column headers see "Auditable information for every SESAM object event".