Audit log file
The version of audit log file is 3.0. All prior versions of audit log files can be loaded and displayed without problems.
If the current log is an old version, then the log is cycled immediately when the host server starts. New version log entries and old version log entries are not mixed in the same log file.
A detail content flag is written into each log entry that indicates whether the log entry has message content and the message content type. This flag is put after the log message. The message content is appended to the detail content flag.
delete flag time source type log message
detail flag message content count length of message content1
length of message content2 …length of message contentN message content 1
message content 2 …message content N trailer
The format of the SMAT message content is one of these:
-
message format flag metadata_length metadata content
-
message format flag metadata_length mid content
-
message format flag mid (only for resend log entry)
This table shows the content flags:
Flag | Description |
---|---|
detail flag | The content flag, must be one of these values:
|
message content count | The total count of the recorded message content. |
length of message contentN | The length of the #N message content. |
message content N | The content of the #N message that is encrypted. |
message format flag | The content format flag has a fixed length of "4" and must be one
of these values:
|
metadata_length | The length of unencrypted metadata is optional. If not metadata, then the length is fixed at 8 bytes. |
metadata | The SMAT message metadata that is encrypted. |
content | The SMAT message raw data that is encrypted. |
mid | The SMAT message ID. |