IBM Content Manager, Version 8.5.0.3

Event logging

IBM® Content Manager can log system administration and item events for audit purposes. Logging is optional.

System administration events include actions performed by an administrator, either within the system administration client or in a custom application. These system administration events include events that define users, assign privileges, and assign access control lists to objects such as data objects, item types, or processes, events that allow others to access the database, and events that control where objects will reside and who will have access to them. These events are stored in the ICMSTSYSADMEVENTS table.

Important: Common Criteria users must enable logging of all events.

To enable or disable logging of system administration events, modify the library server configuration. Specifically, modify the log and trace information on the Log and Trace page of the library server configuration.

To view the contents of the ICMSTSYSADMEVENTS table, select one of the following methods according to your database type.

Table 1. Viewing methods for the ICMSTSYSADMEVENTS table
Database	Viewing method
DB2®	Use the DB2 Control Center to view the contents of the table.
Oracle	Use the Oracle Enterprise Manager to view the contents of the table.

Item events are actions performed against specific objects within the resource manager, or the indexing information of the object within the library server. These events are stored in the ICMSTITEMEVENTS table. To enable or disable logging of item events, modify the item types you want to log. For each item type that you want to enable logging for, you can specify which actions to log: create, retrieve, update, or delete. You can log any combination of the four actions.

The following information is logged:

The event type (a code value), such as attempts to log on to the system and access objects.
The user ID of the user who performed the action and if the action succeeded or failed.
The date and time the event occurred.
As many as four free-form text strings, which include information pertinent to the event.
For item events only, the item ID of the object acted upon.

Important: For FIPS compliance, you must enable full logging of all events.

Because the data is stored in DB2 tables, you can issue various SQL select statements against the tables to filter events, search and sort the data, and create audit reports as needed. In addition, a list of event types (in text form, corresponding to the event codes in the event tables) is stored in the ICMSTNLSKEYWORDS table. By joining the event table with the keywords table, you can create an audit report which includes the event description instead of an event code. The text description of the event type can be used in SQL select statements and to search and sort data.