7.1.5.1.1.3. Audit Log Used

7.1.5.1.1.3.1. Trigger Events

This message is emitted by the archive when the audit record repository is accessed over archive proxy.

7.1.5.1.1.3.2. Message Structure

Table 7.6 Entities in Audit Log Used Audit Message

Event Identification

Active Participant: User

Audit Source

Participant Object Identification
Table 7.7 Event Identification

Field Name

Opt

Description

EventID

M

EV (110101, DCM, ‘Audit Log Used’)

EventActionCode

M

Execute ⇒ ‘E’

EventDateTime

M

The time at which the event occurred

EventOutcomeIndicator

M

Success ⇒ ‘0’
Table 7.8 Active Participant: User

Field Name

Opt

Description

UserID

M
Secured version of archive ⇒ ‘Logged in User name’
Unsecured version of archive ⇒ ‘Remote IP address’

UserIDTypeCode

U
Secured Archive ⇒ EV (113871, DCM, ‘Person ID’)
Unsecured Archive ⇒ EV (110182, DCM, ‘Node ID’)

UserTypeCode

U
Person ⇒ ‘1’

AlternativeUserID

MC
Process ID of Audit logger

UserIsRequestor

M
true

NetworkAccessPointID

U
Hostname/IP Address of the connection referenced by Audit logger

NetworkAccessPointTypeCode

U
NetworkAccessPointID is host name ⇒ ‘1’
NetworkAccessPointID is an IP address ⇒ ‘2’
Table 7.9 Participant Object Identification

Field Name

Opt

Description

ParticipantObjectID

M

Audit Record Repository URL configured on archive device level

ParticipantObjectTypeCode

M

SystemObject ⇒ ‘2’

ParticipantObjectTypeCodeRole

M

SecurityResource ⇒ ‘13’

ParticipantObjectIDTypeCode

M

EV (12, RFC-3881, ‘URI’)

ParticipantObjectName

U

Security Audit Log

7.1.5.1.1.3.3. Sample Message

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<AuditMessage xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="http://www.dcm4che.org/DICOM/audit-message.rnc">

    <EventIdentification EventActionCode="R" EventDateTime="2017-01-27T14:46:32.670+01:00" EventOutcomeIndicator="0">
        <EventID csd-code="110101" codeSystemName="DCM" originalText="Audit Log Used"/>
    </EventIdentification>

    <ActiveParticipant UserID="127.0.0.1" UserTypeCode="1" AlternativeUserID="5312" UserIsRequestor="true" NetworkAccessPointID="127.0.0.1" NetworkAccessPointTypeCode="2">
        <UserIDTypeCode csd-code="110182" codeSystemName="DCM" originalText="Node ID"/>
    </ActiveParticipant>

    <AuditSourceIdentification AuditSourceID="dcm4chee-arc">
        <AuditSourceTypeCode csd-code="4"/>
    </AuditSourceIdentification>

    <ParticipantObjectIdentification ParticipantObjectID="http://archive2:5601" ParticipantObjectTypeCode="2" ParticipantObjectTypeCodeRole="13">
        <ParticipantObjectIDTypeCode csd-code="12" originalText="URI" codeSystemName="RFC-3881" />
        <ParticipantObjectName>Security Audit Log</ParticipantObjectName>
    </ParticipantObjectIdentification>

</AuditMessage>