A.5.3.2 Audit Log Used

This message describes the event of a person or process reading a log of audit trail information.

Note: For example, an implementation that maintains a local cache of audit information that has not been transferred to a central collection point might generate this message if its local cache were accessed by a user.

Table A.5.3.2-1 Audit Log Used Message

Real World Entities Field Name Opt. Value Constraints
Event EventID M EV (110101, DCM, “Audit Log Used”)
EventActionCode M Shall be enumerated value: R = read
EventDateTime M not specialized
EventOutcomeIndicator M not specialized
EventTypeCode U not specialized
Active Participant: Persons and or processes that started the Application (1..2) UserID M The person or process accessing the audit trail. If both are known, then two active participants shall be included (both the person and the process).
AlternativeUserID U not specialized
UserName U not specialized
UserIsRequestor M not specialized
RoleIDCode U not specialized
NetworkAccessPointTypeCode U not specialized
NetworkAccessPointID U not specialized
Participating Object: Identity of the audit log (1) ` ParticipantObjectTypeCode M Shall be: 2 = system
ParticipantObjectTypeCodeRole M Shall be: 13 = security resource
ParticipantObjectDataLifeCycle U not specialized
ParticipantObjectIDTypeCode M Shall be: 12 = URI
ParticipantObjectSensitivity U not specialized
ParticipantObjectID M The URI of the audit log
ParticipantObjectName U Shall be: “Security Audit Log”
ParticipantObjectQuery U not specialized
ParticipantObjectDetail U not specialized
ParticipantObjectDescription U not specialized
SOPClass U See A.5.2
Accession U See A.5.2
NumberOfInstances U See A.5.2
Instances U See A.5.2
Encrypted U See A.5.2
Anonymized U See A.5.2
ParticipantObjectContainsStudy U See A.5.2