etrust audit irecorder reference guide for ccure · pdf fileprovided with “restricted...

eTrust™Audit

iRecorder Reference Guide for CCURE 800/8000 1.5

SP2

This documentation and related computer software program (hereinafter referred to as the “Documentation”) is for the end user’s informational purposes only and is subject to change or withdrawal by Computer Associates International, Inc. (“CA”) at any time.

This documentation may not be copied, transferred, reproduced, disclosed or duplicated, in whole or in part, without the prior written consent of CA. This documentation is proprietary information of CA and protected by the copyright laws of the United States and international treaties.

Notwithstanding the foregoing, licensed users may print a reasonable number of copies of this documentation for their own internal use, provided that all CA copyright notices and legends are affixed to each reproduced copy. Only authorized employees, consultants, or agents of the user who are bound by the confidentiality provisions of the license for the software are permitted to have access to such copies.

This right to print copies is limited to the period during which the license for the product remains in full force and effect. Should the license terminate for any reason, it shall be the user’s responsibility to return to CA the reproduced copies or to certify to CA that same have been destroyed.

To the extent permitted by applicable law, CA provides this documentation “as is” without warranty of any kind, including without limitation, any implied warranties of merchantability, fitness for a particular purpose or noninfringement. In no event will CA be liable to the end user or any third party for any loss or damage, direct or indirect, from the use of this documentation, including without limitation, lost profits, business interruption, goodwill, or lost data, even if CA is expressly advised of such loss or damage.

The use of any product referenced in this documentation and this documentation is governed by the end user’s applicable license agreement.

The manufacturer of this documentation is Computer Associates International, Inc.

Provided with “Restricted Rights” as set forth in 48 C.F.R. Section 12.212, 48 C.F.R. Sections 52.227-19(c)(1) and (2) or DFARS Section 252.227-7013(c)(1)(ii) or applicable successor provisions.

2003 Computer Associates International, Inc.

All trademarks, trade names, service marks, and logos referenced herein belong to their respective companies.

Contents

Chapter 1: Welcome to iRecorder for CCURE 800/8000 5 What Is an iRecorder? ................................................................................................................................... 6 iRecorder Architecture.................................................................................................................................. 6

Chapter 2: Installation and Configuration 11 System Requirements.................................................................................................................................. 11

Hardware Requirements ................................................................................................................. 11 Pre-Installation Steps .................................................................................................................................. 11 Installing the iRecorder............................................................................................................................... 12

Installing the iRecorder from the eTrust Security Command Center CD ................................ 12 Installing the iRecorder Downloaded from eSupport................................................................. 12 Installing the iRecorder ................................................................................................................... 13 Silent Installation.............................................................................................................................. 13 Silent Uninstallation......................................................................................................................... 13 Generating a Response File for Custom Silent Installation ........................................................ 13

Windows Packages...................................................................................................................................... 14 Configuration and Use................................................................................................................................ 14

Starting the iRecorder ...................................................................................................................... 14 Stopping the iRecorder.................................................................................................................... 15

Chapter 3: Configuring the iRecorder 17 Enabling Debugging ........................................................................................................................ 17 Testing the iRecorder for CCURE 800/8000 (CCURE) ............................................................... 18

Chapter 4: Report Selection Criteria 21

Chapter 5: Adding the Default Policy Template for the iRecorder to the eTrust Audit Policy Manager 23

Configuring the Default Policy in the eTrust Audit Policy Manager................................................... 24 Sample Rules for CCURE 800/8000.......................................................................................................... 25

Contents iii

Chapter 6: eTrust Audit Field Mapping 27 Native Product Fields (CCURE)................................................................................................................ 27 eTrust Audit Mandatory Fields (CCURE)................................................................................................ 30 eTrust Audit Normalized Fields ............................................................................................................... 31

iv iRecorder Reference Guide for CCURE

Chapter 1: Welcome to iRecorder for CCURE 800/8000

This guide describes how to install, configure, and use the eTrust Audit iRecorder for CCURE 800/8000. This iRecorder harvests log data from CCURE 800/8000 and forwards it to an eTrust Audit Client.

CCure 800/8000 is security management system to control and manage physical access to secure areas. All personnel accessing the secure areas are required to use a badge to identify the person and associated privileges. The system is developed by Software House and further technical information on CCure 800/8000 system can be found at http://www.swhouse.com.

This iRecorder was developed using CCure 800/8000 version 7.

The CCure badge reader system consists of the following basic components:

■ Physical Tokens or badges issued to personnel

■ Badge readers mounted on various access points to the secure areas

■ Controller system that controls badge readers to allow, disallow, raise alarms, and so on when the badge is scanned by a badge reader.

■ Management system to configure and setup various authorization rules for badges and badge readers.

■ A repository for personnel and asset information created when badges are issued. This repository can be accessed through ODBC and is called the CF Database in the CCure technical documentation.

■ A repository for real-time events about badge accesses and other system activity. This repository can also be accessed through ODBC and is called the Journal database. During the life of the system, new Journals can be created as described in the CCure technical documentation. Each Journal is a separate database and is named as JL_xxxxx.db, where xxxxx is sequential number starting from 00001. Information on the current Journal Database in use can be determined from the CF Database. After the current Journal Database is identified, all events created due to user or system activity can be access from the Journal Database

Welcome to iRecorder for CCURE 800/8000 5

What Is an iRecorder?

What Is an iRecorder? eTrust Audit 1.5 recorders can be deployed in two different ways:

Recorders Recorders are one of the subcomponents packaged with eTrust Audit 1.5 Client components. These predefined recorders use the eTrust Audit Submit API (SAPI) to send log events to a Router and Action Manager for further processing as defined in the Policy Manager. This architecture leads to some restrictions in the Recorder development and deployment:

■ SAPI uses remote procedure calls (RPC), which makes recorders difficult to be easily deployed across firewalls

■ Deployments of new recorders that are not predefined require you to make manual changes to existing Routers and Action Managers

iRecorders iRecorders are new to eTrust Audit. They are developed using the iRecorder SDK, which is based on the iTechnololgy SDK. iRecorders can be easily deployed in an existing eTrust Audit environment without making significant changes to that environment. iRecorders, just like recorders, send log events to a Router and Action Manager for event processing. They require an intermediate component, known as an iRouter, which is installed on an existing eTrust Audit Client. The iRouter provides a bridge between the iRecorder and the eTrust Audit Client. The iRouter converts tokens from XML format to SAPI format and submits them to the Router.

iRecorder Architecture The iRecorder architecture allows easy deployment across firewalls and new iRecorder development does not require changes in the existing eTrust Audit deployment.

6 iRecorder Reference Guide for CCURE

iRecorder Architecture

The following diagram illustrates the flow of information from the iRecorder to the eTrust Audit Client components:

As you can see, an iRecorder really consists of several components that help capture, route, and convert the event data to SAPI format so that it can be processed by an eTrust Audit Client.

The components of iTechnology are as follows:

iGateway iGateway is a service that dynamically loads iSponsors and communicates with the other iGateways and iSponsors. The main features and functions of an iGateway are as follows:

■ Load the iSponsor

■ Locate and read .conf files associated for various iSponsors in its local directory.

— Load the corresponding iSponsor DLLs (such as iControl or iRecorder) at iGateway start up or upon request from another iSponsor (local or remote).



■ Provide configuration data found in .conf file to the corresponding iSponsor

■ Support Data Communication

The iGateway uses the HTTP/HTTPS protocol on port 5250 to handle all data communication as follows:

■ The data format for iGateway communication is based on XML.

■ An iGateway receives XML formatted data from the local iSponsors and sends it to the specified iGateway for delivery to the appropriate iSponsor.

■ An iGateway receives XML formatted data from a remote iSponsor and delivers it to the appropriate local iSponsor.

Note: Each iGateway can be associated with a digital certificate used by iRecorders to sign all outgoing events. In addition, iRecorders include the digital certificate with its associated thumbprint for the first outgoing event. For all other events, only the thumbprint is included.

iControl iControl is an iSponsor DLL that is automatically loaded by the iGateway and supports the following functions:

Store and Forward (SAF) for guaranteed delivery of events as follows: If the iGateway cannot deliver an event, it is passed onto the iControl component for SAF handling.

■ iControl stores the undelivered events in a file.

■ Periodically, iControl extracts events from the event file and attempts to deliver them using iGateway.

■ All events that are extracted successfully are marked as “old,” and periodically iControl deletes the “old” events.

Event validation

■ If it is the first event, save the digital certificate and the associated thumb print

■ For all events, use the thumbprint included in the event to retrieve the matching certificate. If the certificate is not found, generate an error.

■ Use the certificate to validate signature of the event. If the signatures do not match, generate error.

Routes events to a remote iControl The iControl.conf file contains information related to routing and which Event plug-in should be loaded.

Note: iControl can load multiple Event plug-ins and sends every event to each plug-in.



Event Plug-in (EP) The Event plug-in is a DLL used by iControl to handle specialized tasks such as converting formats, applying filters, sending events to a database, and so on.

EPAudit Plug-in If the EPAudit plug-in is configured, all events received by iControl are sent to the EPAudit plug-in to be delivered to the Router. The primary functions of EPAudit are to:

■ Convert events from XML format to eTrust Audit SAPI format.

■ Submit events to the eTrust Audit Router component running on the localhost.

EPUnicenter Plug-in If the EPUnicenter plug-in is configured, all events received by iControl are sent to the EPUnicenter to be delivered to the Event Management component of Unicenter. The primary functions of the EPUnicenter plug-in are to:

■ Convert events from XML format to Unicenter EM format.

■ Submit events to the Event Management component running on the localhost.

EPDebug Plug-in If the EPDebug plug-in is configured, all events received by iControl are sent to the EPDebug to be delivered to any Debug Viewer running on the local host.

iRecorder iRecorder is an iSponsor DLL loaded by the iGateway running on the device generating log events. Its primary functions are as follows:

■ Extract the log events from the device or from an event log repository using an API, ODBC, or file I/O.

■ Parse the event fields into tokens and create “Name–Value” pairs for each parsed token in XML format.

■ Submit XML strings containing the events to a local or remote iRouter. The iRouter sends the events to EPAudit plug-in, which in turn submits the events to eTrust Audit for further action.

■ For the first log event from the device, the iRecorder attaches the iGateway certificate as an attribute.

■ For all log events, iRecorder includes the iGateway certificate thumbprint (a unique ID for the certificate) and the signature (hash of the whole event signed by the certificate).

iRouter An iRouter is a collection of following components installed on the eTrust Audit Client machine:

■ iGateway



■ iControl

■ EPAudit plug-in

The iRouter installation package is included with the iRecorder SDK and does not require any changes. It works with the existing and new iRecorders. The iRouter forwards all events to the eTrust Audit Client using SAPI.


Chapter 2: Installation and Configuration

This chapter describes how to install and configure the iRecorder for CCURE 800/8000.

System Requirements The topics that follow describe the hardware and software requirements for the iRecorder assuming that CCURE 800/8000 is already installed and operational on some host.

Hardware Requirements

The iRecorder for CCURE 800/8000 has the following minimum hardware requirements:

■ Approximately 10 MB of disk space for the iRecorder installation.

The iRecorder for CCURE 800/8000 has the following platform requirements:

■ x86 PC running Windows 2000 with Service Pack 2

■ Access to a CCURE 800/8000 system running version 7.1

■ CCURE 7.1 Client and ODBC driver (must be pre-installed)

Pre-Installation Steps Install the CCURE Client and ODBC driver on the same machine where the iRecorder will be installed.

Before you install and setup an iRecorder, you need to install the iRouter component on a host where eTrust Audit Client components are installed. iRouter lets iRecorders communicate with eTrust Audit. During the iRecorder installation, you are prompted for the host where iRouter is installed.

For more details on how to install iRouter, see the iRouter Reference Guide.

The eTrust Audit Policy Manager must be installed somewhere on the network, along with the eTrust Audit Data Tools.

Installation and Configuration 11

Installing the iRecorder

Installing the iRecorder The following topics describe how to install the iRecorder for CCURE 800/8000 from the CD or from the web.

Installing the iRecorder from the eTrust Security Command Center CD

To install the iRecorder from the eTrust Security Command Center CD, insert CD 5 into the CD drive. The Product Explorer should automatically start and display the installation menu. If the Product Explorer does not automatically start, click Start, Run and enter the following command:

[CD-Drive]:\PE_I386.exe

where [CD-Drive] is your CD drive letter designation.

All iRecorders available on the eTrust Security Command Center CD are located as follows eTrust, Audit, iRecorders.

To install an iRecorder, select the appropriate recorder from the list and follow the detailed install instructions provided in the following sections.

Installing the iRecorder Downloaded from eSupport

You can also download and install an iRecorder from the web. To install the downloaded package, you will need two components:

1. iRecorder installation package from http://esupport.ca.com

2. Appropriate (Windows, UNIX) iGateway package from ftp://ftp.ca.com/pub/itech/downloads

Download these packages into the same directory and run the iRecorder install package. The iRecorder install package automatically installs the iGateway package, if needed. Detailed installation instructions for the iRecorder are provided in the next topic.




If the install package for the iRecorder is not running already, run the package CCureODBC _<version number>.exe to start installation of the iRecorder. It starts a wizard that guides you through installation and configuration of the iRecorder.

Silent Installation

Enter the following command to silently install the CCure iRecorder using an InstallShield response file:

CCureODBC_<version>.exe /s /f1 “ccureodbc_setup.iss”

The above example demonstrates the silent install capability provided by the iRecorder package. The response file in the example should be changed to reflect the particular conditions of the target environment. See How to Generate a Response File for Custom Silent Installation.

Silent Uninstallation

Enter the following command to silently uninstall the CCure iRecorder using an InstallShield response file:

CCureODBC_<version>.exe /s /f1 “ccureodbc_uninstall.iss”

Generating a Response File for Custom Silent Installation

The response files provided with the package contain an example of a silent install session. It is often necessary to customize the silent installation to the particular needs of the enterprise.

The sections below provide instructions on how to customize silent installation. Choose a system that is similar if not identical to the target system.


Windows Packages

Windows Packages Note: The system must not contain the iRecorder for which you want to customize the silent installation. If the system has the iRecorder installed, uninstall the iRecorder using the Add/Remove Program option of the Control Panel.

Proceed as follows to generate a custom response file:

1. Open a DOS window

2. Change directory to the folder that contains the iRecorder package

3. On the CD labeled “eTrust Audit 1.5 SP2 “ part of the eTrust Security Command Center package, the iRecorder package folder is: <CD Drive>:\eTrust\Audit\iRecorder\Winnt

For instance, if G drive is the CD drive, the iRecorder package folder is: G:\eTrust\Audit\iRecorder

Enter the following: <iRecorder package>.exe /r /f1”<pathname of response file>“

For example: CCureODBC_<version>.exe /r /f1”C:\Temp\irecorder_setup.iss”

4. Follow instructions given by the installation procedure and install the package as you would do on the target system.

5. Click Finish.

The response file is generated. It can be used for silent installation on similar target systems.

Configuration and Use The following topics describe how to configure and use the iRecorder.

Starting the iRecorder

The iRecorder is run as a sub-component of the iTechnology-iGateway service.

To start the iRecorder on Windows 2000, start the iGateway service using either of the following methods:

■ Use the Services Management GUI (Start, Control Panel, Services or Administrative Tools, Services).


Configuration and Use

■ Issue the following command: net start igateway

Stopping the iRecorder

The iRecorder is run as a sub-component of the iTechnology-iGateway service.

To stop the iRecorder on Windows 2000, stop the iGateway service using either of the following methods:

■ Use the Services Management GUI (Start, Control Panel, Services or Administrative Tools, Services).

■ Issue the following command: net stop igateway


Chapter 3: Configuring the iRecorder iRecorder configuration parameters are kept in a configuration file usually located in the iGateway installation directory. The iRecorder configuration parameters are automatically set during iRecorder installation and do not require any changes for the normal operation of the iRecorder. If any parameters need to be modified, you must stop the iTechnology iGateway service or daemon before making the changes. After making the changes, restart the service for changes to take effect.

The iRecorder configuration file is named irecordername.conf and is found in the iGateway installation directory. For example: \Program Files\CA\iGateway on Windows and /opt/CA/igateway on UNIXx/Linux.

Sample Configuration File (CCURE)

The following is a sample CCureODBC.conf configuration file: <?xml version='1.0' encoding='UTF-8' standalone='no'?> <iSponsor> <Name>CCureODBC</Name> <ISType>DSP</ISType> <ImageName>CCureODBC</ImageName> <DispatchEP>iDispatch</DispatchEP> <ClsPath></ClsPath> <LibPath></LibPath> <Version>@VERSION@</Version> <PreLoad>true</PreLoad> <DBHost def=“localhost” prompt=“Servername where the CCure Server is installed” type=“text”>localhost</DBHost> <CFUsername def=“SYSPROGRESS” prompt=“Username used to access the CF database on the CCure Server” type=“text”>SYSPROGRESS</CFUsername> <CFPassword prompt=“User Password used to access the CF database on the CCure Server” type=“password”></CFPassword> <JNUsername def=“SYSPROGRESS” prompt=“Username used to access the JOURNAL database on the CCure Server” type=“text”>SYSPROGRESS</JNUsername> <JNPassword prompt=“User Password used to access the JOURNAL database on the CCure Server” type=“password”></JNPassword> </iSponsor>

Enabling Debugging

You can configure the iRecorder to output debugging information to a debugging application or to a file. A file containing debug information can be useful for technical support purposes.

To enable debugging and log debug information to a file, follow these steps:

1. Stop the iRecorder by stopping the iTechnology iGateway Service.

Configuring the iRecorder 17


2. Edit the iRecorder configuration file by adding the following <DebugLevel> tag between the <iSponsor> tags: <DebugLevel>{level}</DebugLevel>

where {level} is one of the following:

ISP_NOLEVEL Disables debugging.

ISP_FILE Prints all debug messages to a debug application as well as writing it to a log file, irecordername.log, in the same directory as the iRecorder. The debug file may grow very quickly; to avoid possible disk space shortage, we recommend turning off the debugging option as soon as possible by replacing ISP_FILE by ISP_NOLEVEL.

3. Save the configuration file.

4. Start the iRecorder by restarting the iTechnology iGateway Service.

5. Send the debug file to CA Technical Support for further analysis.

Testing the iRecorder for CCURE 800/8000 (CCURE)

Using the following steps, you can verify that the iRecorder is installed properly and sending events to eTrust Audit:

1. Install the iRecorder for CCURE on a Windows host.

2. Install iRouter component on a host where eTrust Audit Client components are installed.

3. Verify that the <windir>\System32\Driver\etc\services file contains the following entries:

CFSRV 2500/tcp # CCURE800: Progress CF database server # JNSRV 2501/tcp # CCURE800: Progress JOURN database server, not used, see G#2718 JNSRV1 2502/tcp # CCURE800: Progress JOURN database server 1 JNSRV2 2503/tcp # CCURE800: Progress JOURN database server 2 JNSRV3 2504/tcp # CCURE800: Progress JOURN database server 3 JNSRV4 2505/tcp # CCURE800: Progress JOURN database server 4 (not yet used) CCDRVR 2600/tcp # CCURE800: ApC Driver

4. Verify that <Program Files>\CA\iGateway contains the following files:

■ CCureODBC.dll

■ CCureODBC.conf

5. Run the eTrust Audit Policy Manager.

6. Copy the default policy for the CCURE Badge to a new one.

7. Choose the collection rule and add an action to it by right clicking on the rule, choosing properties and then actions (with a machine running the eTrust Audit Security Monitor as the target of the Security Monitor action).



8. Create a new group in the AN (Audit Node) window, then add the iRouter machine as a new CCURE Badge source.

9. Attach the newly created AN group to the policy you have just created.

10. Switch back to the Policy window.

11. Right-click the policy you created, and then select the Activate command to activate the policy.

12. On the CCURE server, log into the Administration or Monitoring Client.

You will see a Login event as soon as you open the eTrust Audit Security Monitor.

13. Verify that the generated events are displayed in the eTrust Audit Security Monitor

iRecorders also support standard iTechnology SDK tools (like TestHarness and Spin interface) to query the iRecorder for current status and configuration information. For more details on these tools, use iTechnology SDK Reference Guide.

Configuring the iRecorder 19

Chapter 4: Report Selection Criteria For events that are reported by the iRecorder and stored in the eTrust Audit Collector database, selected reports can be generated using a Report Generator.

The following table describes suggested selection criteria for reports of general interest.

The first column of the table is the Report Name. The second column is the Audit Logname that can be specified to include all events for this Logname in the report. Additional Criteria column specifies one or more additional fields that may be used to further narrows the range of events to be included in the report. Finally the Comment column specifies whether the field name is in the Audit MSGTEXT field or not. The distinction is important because the MSGTEXT field is a free form text field that may contain several fields. Since the MSGTEXT column contains multiple field name and field value pairs, the MSGTEXT field must be searched using wild card characters to select the specific field names and values.

Sample Report Selection Criteria for CCure Badge

Report Logname AND additional criteria (format field name : field value)

Comment

Login Failure CCure Badge Integer NID: 1, Integer OID: 1

OID is in MSGTEXT field

Login Success CCure Badge Integer NID: 1, Integer OID: 2

OID is in MSGTEXT field

Badge In CCure Badge Integer NID: 2, Subcat: “Badge In”

Subcat is in MSGTEXT field

Badge Out CCure Badge Integer NID: 2, Subcat: “Badge Out”

Subcat is in MSGTEXT field

Report Selection Criteria 21

Chapter 5: Adding the Default Policy Template for the iRecorder to the eTrust Audit Policy Manager

To be able to create policy for CCURE 800/8000, you must add the default policy template for the iRecorder to the Policy Manager.

To add the default template, follow these steps:

1. On the eTrust Audit Policy Manager server, open the following file: [eTrust Audit install]\bin\pmu_template_exchange.exe.

The following window appears:

2. Choose Import Policy Template from binary file, and then click Next.

3. Next, enter the path of eTrust Audit CCure iRecorder Policy.ptf. This file is in the iGateway installation directory. Click Next.

4. Select Next again. This dialog explains the description of the policy file.

5. The next dialog asks if you want to create the policy in the default policies section. Select Yes, and then click Next.

6. Enter CCure Badge as the name of the inserted subpolicy, and click Finish.

Adding the Default Policy Template for the iRecorder to the eTrust Audit Policy Manager 23

Configuring the Default Policy in the eTrust Audit Policy Manager

Configuring the Default Policy in the eTrust Audit Policy Manager

This topic is provided as a brief guide on how to configure the policy for the iRecorder. For further details, see the eTrust Audit Policy Management Guide.

1. Open the eTrust Audit Policy Manager.

2. On the left hand pane, click Audit Nodes.

3. Select the Targets node, right-click, and choose New Group from the pop-up menu.

4. Give the new group a descriptive name, such as CCure ODBC.

5. Right-click CCure ODBC, and select New AN from the pop-up menu.

6. Enter the host name of the iRouter that you have configured the iRecorder to communicate with.

7. Select the AN type as CCure ODBC.

8. Enter a description for the AN node.

9. Click OK. Repeat steps 5 through 8 for each iRouter in your network that a CCure iRecorder communicates with.

10. On the left hand pane, select Policies.

11. From the menu bar, select File, and choose New.

12. Select Policy Folder, this should be the only available option, and give the folder a name, such as CCure ODBC.

13. Right-click the CCure ODBC folder, and choose New Policy from the pop-up menu.

14. Select Policy by Template, and choose eTrust Audit CCure ODBC iRecorder Policy.

15. Enter a name, such as CCure ODBC Policy, and click Finish.

16. An action must be defined for each rule. For the purposes of this guide, we will define an action for the All Events rule.

17. Right-click the All Events rule, and choose Properties from the pop-up menu.

18. Click the Action tab.

19. Check the box, for the Collector action.

20. Click Add, and enter the host name or IP address of the eTrust Audit Collector.

21. Repeat these steps 19 and 20 for the Security Monitor action.

22. Click OK when finished.


Sample Rules for CCURE 800/8000

This causes the icon for the All Events rule to turn from a white bell, to a blue bell.

23. Click the bell to select the rule.

This turns the color of the bell to red.

24. Right-click the CCure ODBC folder, and choose Attach AN Group from the pop-up menu.

25. Select the CCure ODBC AN group, and click OK.

26. Right-click the CCure ODBC folder, and click Activate.

27. Click OK, when the confirmation dialog box appears.

28. From the left pane click Audit Nodes.

29. Select the CCure ODBC Group, and verify for each AN, that there are no errors.

If there are no errors, then there will be a key icon in the Name of each AN.

Sample Rules for CCURE 800/8000 The Report Selection CCure iRecorder Policy.ptf file includes 3 sample rules:

Badge In Detect all badge in events.

Badge Out Detect all badge out events.

Login Failure Detect login failure to CCure applications.

Adding the Default Policy Template for the iRecorder to the eTrust Audit Policy Manager 25

Chapter 6: eTrust Audit Field Mapping The following topics describe how fields in CCURE 800/8000 events are captured by the eTrust Audit iRecorder and mapped to a standard set of normalized fields. eTrust Audit requires all iRecorder to follow a standard Data Model and Taxonomy. The following topics describe how the iRecorder for CCURE 800/8000 maps the native CCURE 800/8000 fields into eTrust Audit fields

Native Product Fields (CCURE) CCure Journal Event Data Structure

Field Name Data Type Description

Jnl_ID Int Unique ID for message (max of 2 billion)

Local_DT Int Encoded Date/Time activity actually occurred

Host_DT Int Encoded Date/Time message was received at host

TZ_Offset Int Time-zone offset in half-hours

Msg_Code Int Message Code for activity

User_PID Int PID of person associated with activity

Int_Data1 Int May only contain object IDs

Int_Data2 Int May contain either Object IDs, or codes < 1000

Int_Data3 Int May contain either personnel ID (PIDs), or codes < 1000

Int_Data4 Int May not contain object IDs or PIDs

Txt_Data1 Char A message specific text string

Txt_Data2 Char Another message specific text string

eTrust Audit Field Mapping 27

Native Product Fields (CCURE)

CCure Journal Event Data Format

Msg Code Desc

User_PID Supplied

Int_ Data1

Int_ Data2

Int_ Data3

Int_ Data4

Txt_ Data1

Txt_ Data2

001

User Login/Logout PID User None

Program started - PRM$JPR_ xxx

Login/out Code - PRM$JLO_ xxx None Node

User name - if invalid

002

Card Admitted PID

DoorID

Admit Code

Sec Officer ID, if admitted manually

Card Number None None

003

Card Rejected PID

DoorID

Admit Code

Reject Code - PRM$JRE_xxx

Card Number None None

004

Log Message

SO ID; PID User

Event Object ID None None

JNL ID of related activity

Text of Log Message None

005

Object Changed State (Event, Distributd, Manual) PID

ID of Object Changing the state None State Code

StateChange Method Code/iStar Connection Code None None

006 Manual Action

SO ID; PID User

ID of Object Acted On

Action Code

Manual Action Object ID

Manual Action - PRM$JMA_xxx None None

007

System Activity (Normal) No None None

Activity Code - PRM$JSM_xxx None

Node Name

Mac Name

008 System Error No None None

System Error Code - PRM$JSE_xxx

API Error Code

Node Name

API Name


Native Product Fields (CCURE)

Msg Code Desc

User_PID Supplied

Int_ Data1

Int_ Data2

Int_ Data3

Int_ Data4

Txt_ Data1

Txt_ Data2

009

Device Activity (Normal) PID

ID of Unit or Component

Another Object ID

Activity Code - PRM$JDM_xxx None

Firmware Version None

010

Device Error / Recovery No

ID of Unit or Component

Another Object ID

Error Code - PRM$JDE_xxx

SubError Code (paging)

Firmware Version None

011 Asset Activity Asset ID None

Info Code - PRM$JAT_xxx PersonID

Access Code None None

012

Asset Movement Authorized Asset ID

Reader ID HHRId PersonID

Access Code

Tag Number AreaID

013

Asset Movement Unauthorized Asset ID

Reader ID HHRId PersonID

Access Code

Tag Number AreaID

014

Asset Movement Attempted Asset ID

Reader ID (none) PersonID

Access Code

Tag Number AreaID

015

Asset Location Update Asset ID

Area ID HHRId PersonID

Access Code

Tag Number None

016

Watchtour Action PID

Action Code ObjectID

TourGaurdID ? None None

017

Watchtour Activity No

InfoCode ObjectID

TourGaurdID ReaderID None None


eTrust Audit Mandatory Fields (CCURE)

Msg Code Desc

User_PID Supplied

Int_ Data1

Int_ Data2

Int_ Data3

Int_ Data4

Txt_ Data1

Txt_ Data2

018

Watchtour Error No

InfoCode ObjectID

TourGaurdID ? None None

019

Watchtour Stop Activity No

InfoCode ObjectID

TourGaurdID

TourStopID None None

020

NetVideo Activity PID

CameraID

NetVideoActionID None EventID

SegmentID None

eTrust Audit Mandatory Fields (CCURE) Mandatory fields are a fixed set of fields that are added to each event processed by any iRecorders. The following tables describe what values are assigned to the Mandatory Fields in the iRecorder for <irecroder>.

Required Fields

Field Name Field Value Description Taxonomy <Category>.<System>.

<Action>.<Result>. <Severity>

See Table 2 for further breakdown of Taxonomy

Date Timestamp host_dt

TimeZone timezone in +/- seconds format (calculated from GMT)

TimeZone of system where iRecorder is installed

Src Variable Journal Name

Log CCure Badge

Location Variable Location of CCure Database

Table 1: Mapping of eTrust Audit Required fields

The table provides Field Names, Descriptions as well as Values (or possible values). Additional information about the Taxonomy field is provided in Table 2 below.


eTrust Audit Normalized Fields

Taxonomy

Taxonomy Possible Values Description Category Not defined yet

System Not defined yet

Action Not defined yet

Result Not defined yet

Severity Not defined yet

Table 2: Details of Taxonomy Field

eTrust Audit Normalized Fields Normalized Fields are eTrust Audit field names that are mapped or translated from the native event field names according to the classification of the iRecorder. Normalized fields are common across all products in the same classification. The Taxonomy field, one of the mandatory fields, defines the classification of this iRecorder.



Field Mapping for CCure Event: Message Code 001 – User Login/Logout

eTrust Audit Field Name CCure Event Field “Taxonomy” Not defined yet

“Category” System Access

“Status” See Message Code List 1

“State” See Message Code List 1

“User” User_PID

Operation “Oper” See Message Code List 1

“ObjClass” See Message Code List 1

“ObjName” See Message Code List 1

Native “OID” Int_Data3

Native ID “NID” MsgCode

Secondary “SObjClass” Program

Secondary “SObjName Program

Secondary “SObjID” Int_Data2

“Node” Txt_Data1

“Invalid User” See Message Code List 1

Info Info



Message Code List 1 Status State Oper Obj Class Obj Name

Invalid User

1 PRM$JLO_User_Logged_In S Access Login Login LoginCode

2 PRM$JLO_Login_Attempt_ Rejected F Fail Login Login LoginCode

InvalidUser

3 PRM$JLO_User_Logged_ Out S Normal Logout

Logout LogoutCode

4 PRM$JLO_Disconected F Error Logout Login LogoutCode

Message Code List 1

Field Mapping for CCure Event: Message Code 002 – Card Admitted

eTrust Audit Field Name CCure Event Field “Taxonomy” Not defined yet.

“User” User_PID

“Badge” CardNumber

“Category” Physical Security

“Location” Int_Data1



Operation “Oper” Card Access

“ObjClass” Card

“ObjName” AdmitCode



Info Info



Message Code List 1

Message Code List 1 Status State 1 PRM$JAD_Door_Unused F Admit

2 PRM$JAD_Noticed F Admit

3 PRM$JAD_Duress F Admit

4 PRM$JAD_Host F Admit

5 PRM$JAD_Manual F Admit

6 PRM$JAD_Deleted F Admit

7 PRM$JAD_Direction_IN S Admit

8 PRM$JAD_Direction_OUT S Admit

Field Mapping for CCure Event: Message Code 003 – Card Rejected


“User” User_PID

“Badge” CardNumber


“Location” Int_Data1

“Status” F

“State” Reject

Operation “Oper” Card Access

“ObjClass” Card

“ObjName” RejectCode



“AdmitCode” Int_Data2

Info Info



Message Code List 1

Message Code List 1 1 PRM$JRE_Admit

2 PRM$JRE_Unknown_Card

3 PRM$JRE_Clearence

4 PRM$JRE_Facility_Code

5 PRM$JRE_Site_code

6 PRM$JRE_PIN

7 PRM$JRE_Issue_Code

8 PRM$JRE_Lost

9 PRM$JRE_Disabled

10 PRM$JRE_Expired

11 PRM$JRE_Not_Activated

12 PRM$JRE_Not_Downloaded

13 PRM$JRE_Illegal_Reject_Code

14 PRM$JRE_Misread

15 PRM$JRE_Tailgate

16 PRM$JRE_Passback

17 PRM$JRE_Timed_AP

18 PRM$JRE_Floor

19 PRM$JRE_Linked_Asset

20 PRM$JRE_RSRV1

21 PRM$JRE_RSRV2

22 PRM$JRE_Invalid_Escort

23 PRM$JRE_No_Escort



Field Mapping for CCure Event: Message Code 004 – Log Message


“Category” Object Access

“Status” S

“State” Normal

“User” User_PID

“ObjClass” Log

“ObjName” EventID



Info LogMessage:Txt_Data1



Field Mapping for CCure Event: Message Code 005 – Object Changed State (Event, Distributed, Manual)





“User” User_PID

Operation “Oper” Obj State Change

“ObjClass” See Message Code List 1

“ObjName” ObjectID



Secondary “SObjClass” State

Secondary “SObjName StateCode


“StateChange MethodCode” Int_Data4

Info Info



Message Code List 1

Message Code List 1 Status State Severity

1 PRM$OST_None S None Info Generic

2 PRM$OST_Active S Active Info Generic

3 PRM$OST_Inactive S Inactive Info Generic

4 PRM$OST_Mom_Active S Inactive Warning Generic

5 PRM$OST_On_Line S Online Info Generic

6 PRM$OST_Off_line S Offline Warning Generic

7 PRM$OST_Supervision F Error Warning Supervisor

8 PRM$OST_Grounded_Loop S Info Info Supervisor

9 PRM$OST_Shorted_Loop S Info Info Supervisor

10 PRM$OST_Open_Loop S Info Info Supervisor

11 PRM$OST_Fault S Info Info Supervisor

12 PRM$OST_Locked F Locked Info Generic

13 PRM$OST_Unlocked S Unlocked Info Generic

14 PRM$OST_Secure S Armed Info Generic

15 PRM$OST_Armed S Armed Info Generic

16 PRM$OST_Disarmed S Disarmed Info Generic

17 PRM$OST_Neutral S Undefined Info Generic

18 PRM$OST_Active_in_TimeSpec S Active Info Generic

19 PRM$OST_Active_Outside_ TimeSpec S Active Info Generic

20 PRM$OST_ADA_Unlocked S Unlocked Info Generic

21 PRM$OST_Reader_1

22 PRM$OST_Reader_2

23 PRM$OST_Door_Switch_ Monitor

24 PRM$OST_Door_Latch_Monitor

25 PRM$OST_Request_To_Exit

26 PRM$OST_Door_Forced S Forced Critical Door

27 PRM$OST_Door_Held F Held Warning Door




28 PRM$OST_Admit S Admit Info Card

29 PRM$OST_Reject F Reject Warning Card

30 PRM$OST_Visitor_Admit S Admit Info Visitor

31 PRM$OST_Visitor_Reject F Reject Warning Visitor

32 PRM$OST_Noticed_Admit S Admit Info Card

33 PRM$OST_Noticed_Reject F Reject Warning Card

34 PRM$OST_Map

35 PRM$OST_Duress F Duress Critical Card

36 PRM$OST_Comm_Port

37 PRM$OST_Tamper F Tamper Warning Generic

38 PRM$OST_Power_Failure F PowerFailure Critical Generic

39 PRM$OST_Communications_ Failure F CommFailure Warning Generic

40 PRM$OST_Communications_ Restored S Normal Info Generic

41 PRM$OST_Power_Restored S PowerRestored Info Generic

42 PRM$OST_Tamper_Cleared S Normal Info Generic

43 PRM$OST_Door_Closed S Close Info Door

44 PRM$OST_Door_Open S Open Warning Door

45 PRM$OST_Supervision_Cleared F Error Warning Supervisor

46 PRM$OST_Grounded_Loop_ Cleared S Info Info Supervisor

47 PRM$OST_Shorted_Loop_ Cleared S Info Info Supervisor

48 PRM$OST_Open_Loop_Cleared S Info Info Supervisor

49 PRM$OST_Fault_Cleared S Info Info Supervisor

50 PRM$OST_Acknowledge S Ack Info Generic

51 PRM$OST_Mom_Unlock S Locked Info Generic

52 PRM$OST_Reset_Actions

53 PRM$OST_Area_Enter_Event

54 PRM$OST_Area_Exit_Event




55 PRM$OST_Door_Enter_Area

56 PRM$OST_Door_Exit_Area

57 PRM$OST_Controlled Access S Access Info Generic

58 PRM$OST_Uncontrolled_Access S Access Warning Generic

59 PRM$OST_Elevator

60 PRM$OST_Elevator_Floor

61 PRM$OST_Connection_Failure F Error Warning Generic

62 PRM$OST_Asset_Overdue

63 PRM$OST_Event_Ack_Overdue

64 PRM$OST_In_Directional_Input

65 PRM$OST_Out_Directional_ Input

66 PRM$OST_Stationary

67 PRM$OST_Portable

68 PRM$OST_Unauthorized_ Portable

69 PRM$OST_Noticed

70 PRM$OST_Unauthorized_ Noticed

71 PRM$OST_Asset_Reject F Denied Warning Card

72 PRM$OST_Asset_Area_Enter

73 PRM$OST_Asset_Area_Exit

74 PRM$OST_Reader_3

75 PRM$OST_Reader_4

76 PRM$OST_Reader_1_2




80 PRM$OST_Reader_1_2_3_4

81 PRM$OST_Asset_Checkin S Info Info Generic




82 PRM$OST_Printer_Buffer_ Overflow F Error Warning Printer

83 PRM$OST_Printer_Abnormal F Error Warning Printer

84 PRM$OST_Printer_Paper_Jam F Error Warning Printer

85 PRM$OST_Printer_Out_Of_ Paper F Error Warning Printer

86 PRM$OST_Printer_Offline F Error Warning Printer

87 PRM$OST_Printer_General_ Error

88 PRM$OST_Printer_Normal S Active Info Printer

89 PRM$OST_Printer_Overflow_ Buffer_Cleared S Active Info Printer

90 PRM$OST_Printer_Paper_Jam_ Cleared S Active Info Printer

91 PRM$OST_Printer_Out_of_Paper_Cleared S Active Info Printer

92 PRM$OST_Printer_Online S Active Info Printer

93 PRM$OST_Printer_General_ Error_Cleared F Error Warning Printer

94 PRM$OST_PIN_Required F Error Warning Generic

95 PRM$OST_PIN_Disabled F Disabled Warning Generic

96 PRM$OST_Printer_Power_Off F Inactive Warning Printer

97 PRM$OST_Printer_Power_On S Active Info Printer

98 PRM$OST_Page_Fault F Error Warning Generic

99 PRM$OST_Email_Failed F Error Warning Generic

100 PRM$OST_Control_Zone_Mode_Secure S Secure Info Intrusion

101 PRM$OST_Control_Zone_Mode_Access S Access Warning Intrusion

102 PRM$OST_Control_Zone_Access_Input S Disarmed Warning Intrusion

103 PRM$OST_Control_Zone_Secure_Input S Armed Info Intrusion




104 PRM$OST_Control_Zone_Access_Tamper S Disarmed Warning Intrusion

105 PRM$OST_Control_Zone_Secure_Tamper S Armed Info Intrusion

106 PRM$OST_Control_Zone_Access_Output S Disarmed Warning Intrusion

107 PRM$OST_Control_Zone_Secure_Output S Armed Info Intrusion

108 PRM$OST_Control_Zone_ Violated_Output F Error Warning Intrusion

109 PRM$OST_Control_Zone_Input_Off_Normal F Error Warning Intrusion

110 PRM$OST_Control_Zone_Input_Normal S Active Info Intrusion

111 PRM$OST_Control_Zone_Door_Open S Open Warning Intrusion

112 PRM$OST_Control_Zone_Door_Closed S Close Info Intrusion

113 PRM$OST_Control_Zone_ General_Input S Active Info Intrusion

114 PRM$OST_Primary_Comm_ Method_Fail F Error Warning Generic

115 PRM$OST_Secondary_Comm_ Method_Fail F Error Warning Generic

116 PRM$OST_Control_Zone_State_Violated F Error Warning Intrusion

117 PRM$OST_Control_Zone_Not_ Secure S Access Warning Intrusion

118 PRM$OST_Control_Zone_Access_Secure_Input S Access Warning Intrusion

119 PRM$OST_Primary_Comm_ Method_Fail_Host F Error Warning Generic

120 PRM$OST_Secondary_Comm_ Test_Restored S Active Info Generic

212 PRM$OST_Slave_Master_Comm_Fail F Error Warning Generic




122 PRM$OST_Secondary_Comm_ Test_Fail F Error Warning Generic

123 PRM$OST_Low_Battery S Error Warning Generic

124 PRM$OST_Primary_Comm_ Method_Restored_Host S Active Info Generic

125 PRM$OST_Secondary_Comm_ Method_Restored_Host S Active Info Generic

126 PRM$OST_Cluster_Split S Active Info Generic

127 PRM$OST_Cluster_Not_Split S Normal Info Generic

128 PRM$OST_Secondary_Comm_ Method_Fail_Host F Error Warning Generic

129 PRM$OST_Panel_Full S Error Warning Generic

130 PRM$OST_Panel_Nearly_Full S Warning Warning Generic

131 PRM$OST_Panel_Not_Full S Active Info Generic

132 PRM$OST_Panel_Not_Nearly_ Full S Warning Warning Generic

133 PRM$OST_Admit_Reject_CCTV S Error Warning Generic

134 PRM$OST_Shunt_Expire_ Warning S Normal Info Generic

135 PRM$OST_TourStop_Input S Normal Info Generic

136 PRM$OST_Tour_End_Early S Warning Warning Generic

137 PRM$OST_Tour_End_Late S Warning Warning Generic

138 PRM$OST_TourSTop_Reached_OutOfSeq S Warning Warning Generic

139 PRM$OST_TourAtop_Reached_ Early S Warning Warning Generic

140 PRM$OST_Tour_Stop_Reached_Late S Warning Warning Generic

141 PRM$OST_RadReceiver_Battery_Fail F Error Warning Generic

142 PRM$OST_RadReceiver_Battery_Restored S Active Info Generic

143 PRM$OST_Door_Position_ Sensor S Change Warning Door




144 PRM$OST_Lock_Status_Sensor S Change Warning Generic

145 PRM$OST_Set_Event S Info Generic

146 PRM$OST_Reset_Event S Info Generic

Field Mapping for CCure Event: Message Code 006 – Manual Action



“SubCat” Action

“Status” S

“State” Normal

“User” User_PID

Operation “Oper” Scheduled

“ObjClass” Generic

“ObjName” ObjectID



Secondary “SObjClass” Action

Secondary “SObjName ActionCode


“ManualAction” Int_Data4

Info Info



Message Code List 2

Message Code List 2 Severity 1 PRM$JMA_Scheduled Info

2 PRM$JMA_Activated Info

3 PRM$JMA_Cancelled Warning

4 PRM$JMA_Deactivated Info

5 PRM$JMA_Momentary Info

6 PRM$JMA_Acknowledge Info

7 PRM$JMA_Reset_Actions Warning

Field Mapping for CCure Event: Message Code 007 – System Activity (Normal)

eTrust Audit Field Name CCure Event Field “Taxonomy” Note defined yet

“Category” Security Systems

“SubCat” System

“Status” S

“State” Normal


“ObjClass” SysActivity

“ObjName” ActivityCode



Secondary “SObjClass” Node

Secondary “SObjName NodeName

Secondary “SObjID” Txt_Data1

“Mac Name” Txt_Data2

Info Info



Message Code List 1

Message Code List 1 Severity Oper 1 PRM$JSM_System_Startup Info Startup

2 PRM$JSM_System_Shutdown Info Shutdown

3 PRM$JSM_Journal_File_Changed Info FileChange

4 PRM$JSM_System_Backup_Start Info Backup

5 PRM$JSM_Controller_Denied Warning Rejected

Field Mapping for CCure Event: Message Code 008 – System Error

eTrust Audit Field Name CCure Event Field “Category” System Access

“SubCat” System

“Status” F

“State” Error

“Severity” Critical

“API Code” See Message Code List 1





Secondary “SObjClass” Node

Secondary “SObjName NodeName

Secondary “SObjID” Txt_Data1

Info System Error



Message Code List 1

Message Code List 1 API Code 1 PRM$JSE_Disk_error

2 PRM$JSE_Database_error

3 PRM$JSE_API_Call_Failed int_data4

4 PRM$JSE_Thread_Init_Failure

5 PRM$JSE_Using_Mouse_Port

6 PRM$JSE_Error_While_Allocating_Port

7 PRM$JSE_Disk_Space_Low

8 PRM$JSE_Site_Expired

9 PRM$JSE_Site_Will_Expire

10 PRM$JSE_SSA_Expired

11 PRM$JSE_SSA_Will_Expire

12 PRM$JSE_Badging_Expired

13 PRM$JSE_Badging_Will_Expire

14 PRM$JSE_Invalid_Sentinel

15 PRM$JSE_Unknown_Panel

16 PRM$JSE_NTEventLogError

17 PRM$JSE_Asset_Tracking_Will_Expire

18 PRM$JSE_Asset_Tracking_Expired

19 PRM$JSE_Paging_Will_Expire

20 PRM$JSE_Paging_Expired



Field Mapping for CCure Event: Message Code 009 – Device Activity (Normal)


“Category” General

“SubCat” System

“Status” S

“State” Normal

“Severity” Info

“User” User_PID






Secondary “SObjClass” Unit

Secondary “SObjName UnitID


“Another ObjectID” Int_Data2

Info Device Activity (Normal)



Message Code List 1 Message Code List 1 Oper

1 PRM$JDM_Memory_Erased Memory

2 PRM$JDM_Hardware_Reset Reset

3 PRM$JDM_Power_Recycle Recycle

4 PRM$JDM_Download_Started Download

5 PRM$JDM_Download_Completed Download

6 PRM$JDM_Host_Init_Connection_Started Init

7 PRM$JDM_Host_Init_Connection_Completed Init

8 PRM$JDM_Panel_Init_Connection_Started

9 PRM$JDM_Panel_Init_Connection_Completed

10 PRM$JDM_Flash_Started Flash

11 PRM$JDM_Flash_Completed Flash

12 PRM$JDM_Email_Sent Email

13 PRM$JDM_Page_Sent Page

14 PRM$JDM_Grace_All Grace

15 PRM$JDM_Grace_Card Grace

16 PRM$JDM_Download_UnitIsFull Download

17 PRM$JDM_iStar_Dialup_Connected Dialup

18 PRM$JDM_iStar_Dialup_Started Dialup

19 PRM$JDM_RAD_BUSY_SECOND

20 PRM$JDM_RAD_COMPUTER_ERROR

21 PRM$JDM_RAD_COMPUTER_RESTORED

22 PRM$JDM_RAD_PHONE_LINE_FAIL

23 PRM$JDM_RAD_PHONE_LINE_RESTORED

24 PRM$JDM_RAD_ACCOUNT_CLOSE

25 PRM$JDM_RAD_ACCOUNT_OPEN

26 PRM$JDM_RAD_UNKNOWN_MSG

27 PRM$JDM_RAD_CRC_ERROR

28 PRM$JDM_RAD_RECEIVER_NUM_WRONG



Message Code List 1 Oper

29 PRM$JDM_RAD_ACCOUNT_CLOSE_ZN

30 PRM$JDM_RAD_ACCOUNT_OPEN_ZN

31 PRM$JDM_RAD_ACCOUNT_CLOSE_ID

32 PRM$JDM_RAD_ACCOUNT_OPEN_ID

33 PRM$JDM_RAD_ACCOUNT_CLOSE_AREA

34 PRM$JDM_RAD_ACCOUNT_OPEN_AREA

35 PRM$JDM_RAD_ACCOUNT_CLOSE_AREA_ID

36 PRM$JDM_RAD_ACCOUNT_OPEN_AREA_ID

37 PRM$JDM_RAD_ACCOUNT_UNKNOWN_MSG

38 PRM$JDM_RAD_ALARM

39 PRM$JDM_RAD_ALARM_RESTORE

40 PRM$JDM_RAD_ALARM_ZONE

41 PRM$JDM_RAD_ALARM_RESTORE_ZONE

42 PRM$JDM_RAD_ALARM_AREA

43 PRM$JDM_RAD_ALARM_RESTORE_AREA

44 PRM$JDM_RAD_LINE_CARD_TROUBLE

45 PRM$JDM_RAD_LINE_CARD_RESTORE

46 PRM$JDM_RAD_PRINTER_TROUBLE

47 PRM$JDM_RAD_PRINTER_RESTORE

48 PRM$JDM_RAD_ACCOUNT_DIAGNOSTIC

49 PRM$JDM_RAD_ACCOUNT_DIAGNOSTIC_ZONE

50 PRM$JDM_RAD_ACCOUNT_BATTERY_FAIL

51 PRM$JDM_RAD_ACCOUNT_BATTERY_RESTORE

52 PRM$JDM_RAD_ACCOUNT_AC_FAIL

53 PRM$JDM_RAD_ACCOUNT_AC_RESTORE

54 PRM$JDM_RAD_ACCOUNT_REBOOT

55 PRM$JDM_RAD_ACCOUNT_POINT_BUS_FAIL

56 PRM$JDM_RAD_ACCOUNT_POINT_BUS_RESTORE

57 PRM$JDM_RAD_ACCOUNT_SDI_FAIL

58 PRM$JDM_RAD_ACCOUNT_SDI_RESTORE




59 PRM$JDM_RAD_FIRE_ALARM_POINT

60 PRM$JDM_RAD_FIRE_ALARM_RESTORE_POINT

61 PRM$JDM_RAD_FIRE_ALARM_AREA

62 PRM$JDM_RAD_FIRE_ALARM_RESTORE_AREA

63 PRM$JDM_RAD_ALARM_TROUBLE

64 PRM$JDM_RAD_ALARM_TROUBLE_POINT

65 PRM$JDM_RAD_ALARM_TROUBLE_AREA_POINT

66 PRM$JDM_RAD_FIRE_ALARM_TROUBLE

67 PRM$JDM_RAD_FIRE_ALARM_TROUBLE_POINT

68 PRM$JDM_RAD_FIRE_ALARM_TROUBLE_AREA_ POINT

69 PRM$JDM_RAD_PRINTER_TEST

70 PRM$JDM_RAD_PRINTER_ONLINE

71 PRM$JDM_RAD_PRINTER_OFFLINE

72 PRM$JDM_RAD_CANCEL_ALARM_ID

73 PRM$JDM_RAD_CANCEL_ALARM_AREA_ID

74 PRM$JDM_RAD_CANCEL_FIRE_ALARM_AREA_ID

75 PRM$JDM_WatchFlash_Download_Started

76 PRM$JDM_WatchFlash_Download_Completed

77 PRM$JDM_WatchFlash_Swapped

78 PRM$JDM_WatchFlash_Upload_Started

79 PRM$JDM_WatchFlash_Upload_Completed

80 PRM$JDM_Watch_Flash_Loading_Canceled

81 PRM$JDM_NetVideo_Server_Comm_Error

82 PRM$JDM_NetVideo_Server_Comm_Restored

83 PRM$JDM_NetVideo_Status_Retry

84 PRM$JDM_NetVideo_Pipe_Server_Timeout

85 PRM$JDM_NetVideo_Server_Error

86 PRM$JDM_NetVideo_Camera_Error

87 PRM$JDM_NetVideo_Action_Error




88 PRM$JDM_NetVideo_Server_Comm_Success

89 PRM$JDM_BID_Receiver_JnlMsg

90 PRM$JDM_BID_Action_JnlMsg1






96 PRM$JDM_BID_Receiver_JnlMsg1

97 PRM$JDM_BID_Action_No_Command

98 PRM$JDM_BID_Action_Empty_Command

99 PRM$JDM_BID_Action_Set_Command_Err

101 PRM$JDM_BID_Action_Device_Comm_Err

102 PRM$JDM_Watch_Loading_Canceled



Field Mapping for CCure Event: Message Code 010 – Device Error/Recovery


“Category” General

“SubCat” System

“Status” F

“State” Error

“Severity” Critical

Operation “Oper” UnitAccess

“ObjClass” Error

“ObjName” ErrorCode



Secondary “SObjClass” Unit

Secondary “SObjName UnitID


“Another ObjectID” Int_Data2

“SubErrorCode” Int_Data4

Info Info

Message Code List 1 Message Code List 1

1 PRM$JDE_Download_Aborted

2 PRM$JDE_Buffer_Full

3 PRM$JDE_Wrong_Firmware

4 PRM$JDE_Sequence_Error

5 PRM$JDE_Encryption_Error

6 PRM$JDE_Unable_To_Contact_Panel

7 PRM$JDE_Unable_To_Contact_Host



Message Code List 1

8 PRM$JDE_Host_Init_Connection_Failure

9 PRM$JDE_Panel_Init_Connection_Failure

10 PRM$JDE_Received_Call_Inuse_Panel

11 PRM$JDE_Manual_Connect_Failed

12 PRM$JDE_Password_Verification_Error

13 PRM$JDE_Panel_Reported_Password_Error

14 PRM$JDE_Panel_Reported_Modem_Error

15 PRM$JDE_Received_Call_Offline_Panel

16 PRM$JDE_Unable_To_Flash

17 PRM$JDE_Flash_Aborted

18 PRM$JDE_Flash_Too_Big

19 PRM$JDE_Flash_Error

20 PRM$JDE_Flash_Bad_Version

21 PRM$JDE_Unable_Cancel_Flash

22 PRM$JDE_No_Flash_Chip

23 PRM$JDE_Email_Failed

24 PRM$JDE_Page_Failed

25 PRM$JDE_Control_Zone_Violated

26 PRM$JDE_ControlZone_Secure_Failed

27 PRM$JDE_ControlZone_Access_Failed

28 PRM$JDE_Flash_CRC_Error

29 PRM$JDE_Flash_NoFlashMemory

30 PRM$JDE_Flash_NoDramMemory

31 PRM$JDE_Flash_FallbackImage

32 PRM$JDE_Event_Buffer_Full

33 PRM$JDE_Event_Buffer_HighWaterMark

34 PRM$JDE_Flash_NotRequestedFlashImage

35 PRM$JDE_iSTAR_Dialup_Disconnect

36 PRM$JDE_iSTAR_Dialup_Communication_failed

37 PRM$JDE_Need_KGI_Image



Message Code List 1

38 PRM$JDE_WatchFlash_Download_Error

39 PRM$JDE_WatchFlash_Swap_Error

40 PRM$JDE_WatchFlash_Upload_Error

41 PRM$JDE_Watch_Loading_Error

Field Mapping for CCure Event: Message Code 011 – Asset Activity



“SubCat” Asset

“Status” S

“State” Warning

“Severity” Info

“Asset” user_pid

User int_data3

Operation “Oper” AssetActivity

“ObjClass” AssetInfo

“ObjName” AssetInfoCode



Secondary “SObjClass” AssetAccess

Secondary “SObjName AccessCode


Info Info



Message Code List 1

Message Code List 1 1 PRM$JAT_Overdue

2 PRM$JAT_Checkout

3 PRM$JAT_Checkin

Field Mapping for CCure Event: Message Code 012 – Asset Movement Authorized



“SubCat” Asset

“Status” S

“State” Normal

“Severity” Info


“User” int_data3

Operation “Oper” AssetMove


“ObjName” HHRID






“ReaderID” Int_Data1

“Tag Number” Txt_Data1

“AreaID” Txt_Data2

Info Info

Field Mapping for CCure Event: Message Code 013 – Asset Movement Unauthorized





“SubCat” Asset

“Status” F

“State” Reject

“Severity” Warning





“ObjName” HHRID









Info Info



Field Mapping for CCure Event: Message Code 014 – Asset Movement Attempted



“SubCat” Asset

“Status” F

“State” Reject












Info Info



Field Mapping for CCure Event: Message Code 015 – Asset Location Update



“SubCat” Asset

“Status” S

“State” Normal

“Severity” Info





“ObjName” HHRID








Info Info



Field Mapping for CCure Event: Message Code 016 – Watchtour Action



“SubCat” WatchTour

“Status” S

“State” Normal

“Severity” Info

“User” user_pid

Operation “Oper” WatchTourAction

“ObjClass” WatchTourAction

“ObjName” WatchTourActionCode



Secondary “SObjClass” Object

Secondary “SObjName ObjectID


“TourGaurdID” Int_Data3

Info Info



Field Mapping for CCure Event: Message Code 017 – Watchtour Activity




“Status” S

“State” Normal

“Severity” Info

Operation “Oper” WatchTourActivity

“ObjClass” WatchTourInfo

“ObjName” WatchTourInfoCode








Info Info



Field Mapping for CCure Event: Message Code 018 – Watchtour Error




“Status” F

“State” Error











Info Info



Field Mapping for CCure Event: Message Code 019 – Watchtour Stop Activity




“Status” S

“State” Normal

“Severity” Info










Info Info




Field Mapping for CCure Event: Message Code 020 – NetVideo Activity



“SubCat” NetVideo

“Status” S

“State” Normal

“Severity” Info

“User” User_PID

Operation “Oper” NetVideoActivity

“ObjClass” Camera

“ObjName” CameraID



Secondary “SObjClass” NetVideoAction

Secondary “SObjName NetVideoActionID


“EventID” Int_Data4

Info Info

etrust audit irecorder reference guide for ccure · pdf fileprovided with “restricted...

Documents