7.1.5.1.1.3. Audit Log Used

7.1.5.1.1.3.1. Trigger Events

This message is emitted by the archive when the audit record repository is accessed over archive proxy.

7.1.5.1.1.3.2. Message Structure

Table 7.9 Entities in Audit Log Used Audit Message
Event Identification
Active Participant: User
Audit Source
Participant Object Identification
Table 7.10 Event Identification
Field Name Opt Description
EventID M EV (110101, DCM, ‘Audit Log Used’)
EventActionCode M Execute ⇒ ‘E’
EventDateTime M The time at which the event occurred
EventOutcomeIndicator M Success ⇒ ‘0’
Table 7.11 Active Participant: User
Field Name Opt Description
UserID M
Secured version of archive ⇒ ‘Logged in User name’
Unsecured version of archive ⇒ ‘Remote IP address’
UserIDTypeCode U
Secured Archive ⇒ EV (113871, DCM, ‘Person ID’)
Unsecured Archive ⇒ EV (110182, DCM, ‘Node ID’)
UserTypeCode U
Person ⇒ ‘1’
AlternativeUserID MC
Process ID of Audit logger
UserIsRequestor M
true
NetworkAccessPointID U
Hostname/IP Address of the connection referenced by Audit logger
NetworkAccessPointTypeCode U
NetworkAccessPointID is host name ⇒ ‘1’
NetworkAccessPointID is an IP address ⇒ ‘2’
Table 7.12 Participant Object Identification
Field Name Opt Description
ParticipantObjectID M Audit Record Repository URL configured on archive device level
ParticipantObjectTypeCode M SystemObject ⇒ ‘2’
ParticipantObjectTypeCodeRole M SecurityResource ⇒ ‘13’
ParticipantObjectIDTypeCode M EV (12, RFC-3881, ‘URI’)
ParticipantObjectName U Security Audit Log

7.1.5.1.1.3.3. Sample Message

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<AuditMessage xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="http://www.dcm4che.org/DICOM/audit-message.rnc">

    <EventIdentification EventActionCode="R" EventDateTime="2017-01-27T14:46:32.670+01:00" EventOutcomeIndicator="0">
        <EventID csd-code="110101" codeSystemName="DCM" originalText="Audit Log Used"/>
    </EventIdentification>

    <ActiveParticipant UserID="127.0.0.1" UserTypeCode="1" AlternativeUserID="5312" UserIsRequestor="true" NetworkAccessPointID="127.0.0.1" NetworkAccessPointTypeCode="2">
        <UserIDTypeCode csd-code="110182" codeSystemName="DCM" originalText="Node ID"/>
    </ActiveParticipant>

    <AuditSourceIdentification AuditSourceID="dcm4chee-arc">
        <AuditSourceTypeCode csd-code="4"/>
    </AuditSourceIdentification>

    <ParticipantObjectIdentification ParticipantObjectID="http://archive2:5601" ParticipantObjectTypeCode="2" ParticipantObjectTypeCodeRole="13">
        <ParticipantObjectIDTypeCode csd-code="12" originalText="URI" codeSystemName="RFC-3881" />
        <ParticipantObjectName>Security Audit Log</ParticipantObjectName>
    </ParticipantObjectIdentification>

</AuditMessage>