Skip to content

Commit 3d00226

Browse files
andy-maierandy-maier
committed
Improved CADF output
Details: * Changed the CADF output format to be more consistent with the CADF standard. There are still some TBDs. See --help-format-cadf for details. * Introduced a HMC log message file that classifies a certain set of HMC log messages for CADF. That file currently defines 24 log messages, and has TODOs for 58 more. Signed-off-by: Andreas Maier <maiera@de.ibm.com>
1 parent f4ac478 commit 3d00226

File tree

3 files changed

+668
-58
lines changed

3 files changed

+668
-58
lines changed

.gitignore

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -11,7 +11,7 @@
1111
/ChangeLog
1212
/.pytest_cache/
1313
/try/
14-
/config/
14+
/.config/
1515
.DS_Store
1616
.ipynb_checkpoints/
1717
.coverage

config/zhmc_log_messages.yml

Lines changed: 257 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,257 @@
1+
---
2+
# zhmc_log_forwarder HMC log message file
3+
#
4+
# This file defines information about HMC log messages that allows translating
5+
# an HMC log message received from the HMC into a CADF event.
6+
#
7+
# For a list of the possible HMC log messages, see the Help system of a real
8+
# HMC, in section "Introduction" -> "Audit, Event, and Security Log Messages".
9+
#
10+
# For the CADF standard DSP0262, see
11+
# https://www.dmtf.org/sites/default/files/standards/documents/DSP0262_1.0.0.pdf
12+
#
13+
# The data specified for each HMC log message in this file, is:
14+
# * number (string): event-id / number of HMC log message.
15+
# * message (string): message template of HMC log message.
16+
# * action (string): CADF action. See DSP0262 "CADF Action Taxonomy".
17+
# * outcome (string): CADF outcome. See DSP0262 "CADF Outcome Taxonomy".
18+
# * target_type (string): CADF typeURI of target resource. See DSP0262
19+
# A.2 "CADF Resource Taxonomy".
20+
# * target_class (string): HMC resource class of target resource. See HMS WS
21+
# API book, 'class' property of the data models. Example: 'partition'.
22+
#
23+
# See zhmc_log_forwarder --help-log-message-file for details.
24+
25+
# HMC version to which this HMC log message file applies
26+
hmc_version: "2.14.1"
27+
28+
# TODO: Add and classify the following messages:
29+
# 37 A logon occurred in service representative mode
30+
# 38 A logon occurred in product engineering mode
31+
# 40 A logoff occurred
32+
# 115 The {1} profile {0} was created
33+
# 116 The {1} profile {0} was changed
34+
# 117 The {1} profile {0} was upgraded
35+
# 118 The {1} profile {0} was deleted
36+
# 123 A logon occurred in operator mode
37+
# 124 A logon occurred in advanced operator mode
38+
# 125 A logon occurred in access administrator mode
39+
# 126 A logon occurred in system programmer mode
40+
# 136 Local unsuccessful logon detected
41+
# 137 Operations management unsuccessful logon detected
42+
# 138 Remote operations unsuccessful logon detected
43+
# 191 Local unsuccessful logon threshold exceeded
44+
# 192 Operations management unsuccessful logon threshold exceeded
45+
# 193 Remote operations unsuccessful logon threshold exceeded
46+
# 257 Logon by {0}
47+
# 258 Logoff
48+
# 363 DCAF attempt rejected: Bad password used
49+
# 787 Domain security name or password was changed on consoles: {0}
50+
# 859 There have been {0} consecutive failed logon attempts for user {1}
51+
# 864 Root password was updated
52+
# 948 A user password was changed
53+
# 1067 Domain security name or password was changed by console {0}
54+
# 1278 The password for user {0} has changed
55+
# 1324 User {0} has been disabled for {1} minutes because of too many invalid logon attempts
56+
# 1325 User {0} is no longer disabled from logging on
57+
# 5002 Crypto adapter passphrase logon with profile {0}
58+
# 5003 Crypto adapter group passphrase logon with profile {0}
59+
# 5004 Crypto adapter group member passphrase logon with member {0}
60+
# 5005 Crypto adapter smart card logon with profile {0}. Logon key ID: {1}. Card ID: {2}
61+
# 5006 Crypto adapter group smart card logon with profile {0}
62+
# 5007 Crypto adapter group member smart card logon with member {0}. Logon key ID: {1}
63+
# 5008 Crypto adapter logoff for profile {0}
64+
# 5012 Crypto adapter passphrase logon failure with profile {0}
65+
# 5013 Crypto adapter group passphrase logon failure with profile {0}
66+
# 5014 Crypto adapter group member passphrase logon failed for member {0}
67+
# 5015 Crypto adapter smart card logon failure with profile {0}. Card ID: {1}
68+
# 5016 Crypto Adapter Group Smart Card Logon Failure with Profile {0}
69+
# 5017 Crypto Adapter Group Member Smart Card Logon Failed for Member {0}
70+
# 5018 Crypto Adapter Logoff failed
71+
# 5019 Crypto Adapter Change Passphrase Failure with Profile {0}
72+
# 5200 A valid PIN was entered for {0} in {1}. Card ID: {2}, Zone ID: {3}
73+
# 5250 Failure during PIN entry for {0} in {1}. Card ID: {2}, Zone ID: {3}
74+
# 5251 Tried to access a {0} with a blocked PIN. Card ID: {1}, Zone ID: {2}, Operation: {3}
75+
# 5310 Host user ID {0} logged onto host {1} with mixed case password support set to {2}
76+
# 5311 Logoff host {0}
77+
# 5313 Host user ID {0} logged onto group {1} with mixed case password support set to {2}
78+
# 5410 User {0} logon failed for host {1} with mixed case password support set to {2}
79+
# 5412 User {0} logon failed for group {1} with mixed case password support set to {2}
80+
# 5780 A logon key pair was generated on {0} ({1})
81+
# 5781 A logon key pair generation failure occurred
82+
# 5809 Failure getting crypto adapter logon information.\nError Code: {0}
83+
# 5810 {0} PIN was set or changed on {1}. Card ID: {2}, Card description: {3}
84+
# 5811 Failed to set or change the PIN on {0}
85+
# 5812 The PIN was unblocked on {0}. Card ID: {1}, Card Description: {2}
86+
# 5813 Failure occurred unblocking {0} PIN
87+
88+
# The HMC log messages that will be recognized by zhmc_log_forwarder
89+
messages:
90+
-
91+
number: '216'
92+
message: "User {0} has logged on in {1} mode"
93+
action: authenticate/logon
94+
outcome: success
95+
target_type: service
96+
target_class: console
97+
-
98+
number: '522'
99+
message: "User {0} attempted to log on with a user identification or password that was not valid"
100+
action: authenticate/logon
101+
outcome: failed
102+
target_type: service
103+
target_class: console
104+
-
105+
number: '687'
106+
message: "User {0} was logged on automatically at the console"
107+
action: authenticate/logon
108+
outcome: success
109+
target_type: service
110+
target_class: console
111+
-
112+
number: '756'
113+
message: "User {0} logged off from a Platform Independent Remote Console (PIRC) at IP address {1}"
114+
action: authenticate/logoff
115+
outcome: success
116+
target_type: service
117+
target_class: console
118+
-
119+
number: '757'
120+
message: "User {0} was logged off from a Platform Independent Remote Console (PIRC) at IP address {1} due to inactivity"
121+
action: authenticate/forced_logoff
122+
outcome: success
123+
target_type: service
124+
target_class: console
125+
-
126+
number: '1279'
127+
message: "User {0} has logged on"
128+
action: authenticate/logon
129+
outcome: success
130+
target_type: service
131+
target_class: console
132+
-
133+
number: '1280'
134+
message: "User {0} has logged off"
135+
action: authenticate/logoff
136+
outcome: success
137+
target_type: service
138+
target_class: console
139+
-
140+
number: '1283'
141+
message: "{0} was forcibly disconnected by Hardware Management Console user {2} on {1}"
142+
action: authenticate/forced_logoff
143+
outcome: success
144+
target_type: service
145+
target_class: console
146+
-
147+
number: '1284'
148+
message: "User {0} of session {1} has forcibly disconnected user {2} of session {3} in order to log on locally"
149+
action: authenticate/forced_logoff
150+
outcome: success
151+
target_type: service
152+
target_class: console
153+
-
154+
number: '1285'
155+
message: "User {0} was not permitted to log on or reconnect since another user is already logged on"
156+
action: authenticate/logon
157+
outcome: failed
158+
target_type: service
159+
target_class: console
160+
-
161+
number: '1286'
162+
message: "User {0} was not permitted to log on since the userid is disabled"
163+
action: authenticate/logon
164+
outcome: failed
165+
target_type: service
166+
target_class: console
167+
-
168+
number: '1287'
169+
message: "User {0} was not permitted to log on since the userid is not allowed remote access"
170+
action: authenticate/logon
171+
outcome: failed
172+
target_type: service
173+
target_class: console
174+
-
175+
number: '1340'
176+
message: "An attempt for user {0} to log on failed"
177+
action: authenticate/logon
178+
outcome: failed
179+
target_type: service
180+
target_class: console
181+
-
182+
number: '1408'
183+
message: "User {0} has {logged on|reconnected} from {2} to session id {4}. The user's maximum role is {5}"
184+
action: authenticate/logon
185+
outcome: success
186+
target_type: service
187+
target_class: console
188+
-
189+
number: '1409'
190+
message: "User {0} has {logged off|disconnected} from session id {2} for the reason: {3}"
191+
action: authenticate/logoff
192+
outcome: success
193+
target_type: service
194+
target_class: console
195+
-
196+
number: '1410'
197+
message: "User {0} of session {1} has forcibly {logged off|disconnected} user {3} of session {4}"
198+
action: authenticate/forced_logoff
199+
outcome: success
200+
target_type: service
201+
target_class: console
202+
-
203+
number: '1691'
204+
message: "User {0} has attempted to log on from location {1} with a user identification or password that was not valid. The user''s maximum role is {2}"
205+
action: authenticate/logon
206+
outcome: failed
207+
target_type: service
208+
target_class: console
209+
-
210+
number: '1692'
211+
message: "An attempt for user {0} to log on from location {1} failed"
212+
action: authenticate/logon
213+
outcome: failed
214+
target_type: service
215+
target_class: console
216+
-
217+
number: '1941'
218+
message: "User {0} has logged on to Web Services API session {1} from location {2}"
219+
action: authenticate/logon
220+
outcome: success
221+
target_type: service
222+
target_class: console
223+
-
224+
number: '1942'
225+
message: "User {0} has logged off from Web Services API session {1} due to {2}"
226+
action: authenticate/logoff
227+
outcome: success
228+
target_type: service
229+
target_class: console
230+
-
231+
number: '2031'
232+
message: "User {0} was not permitted to log on since the userid is disabled due to inactivity"
233+
action: authenticate/logon
234+
outcome: failed
235+
target_type: service
236+
target_class: console
237+
-
238+
number: '2033'
239+
message: "The shared secret key for user {0} has been reset"
240+
action: "TBD(Rene)"
241+
outcome: success
242+
target_type: service
243+
target_class: console
244+
-
245+
number: '2042'
246+
message: "User {0} has logged on to BCPii API session {1} from source {2}"
247+
action: authenticate/logon
248+
outcome: success
249+
target_type: service
250+
target_class: console
251+
-
252+
number: '2043'
253+
message: "User {0} has logged off from BCPii API session {1} due to {2}"
254+
action: authenticate/logoff
255+
outcome: success
256+
target_type: service
257+
target_class: console

0 commit comments

Comments
 (0)