Enterprise System Monitoring Add
Enterprise System Monitoring Add is a jXchange service that allows publishers to add one or more entries to EES. This message is designed to translate an ESMAdd to an EESAdd.
Message Flow
In Enterprise Event, the Enterprise System Monitoring Add service uses a typical exchange of request/response messages to add one or more entries to the system by translating ESMAdd to EESAdd.
Primary Request
The Third Party Consumer forwards the ESMAddRq_MType message to the Service Provider. The message contains:
- ErrOvrRdInfoArray_AType
- ESMInfoArray_AType
- JESMsgRqHdr_CType
Primary Response
The Service Provider returns the ESMAddRs_MType message to the Third Party Consumer. The message contains:
- JESMsgRsHdr_CType
Enterprise System Monitoring Add Behavior
The name of the product represented in the ESM package is required. The date and time of the ESM event, not the submission date and time of the event, is required. The date and time is expressed in ISO 8601 time format and should contain either Zulu time or local time and the UTC offset. The unique name or FQDN of the system reporting the event is required. This must uniquely identify the specific machine that is reporting the event. The event code of the registered event is required. The ESM event codes are located in the Enterprise Event Dictionary (EED). The event category and event severity are optional. These values default to the category and severity referenced to the event code in the EED. They are used to describe the nature of the event. The Event Tracking Identification, EventTrackingId, Native Event Code, NEventCode, Event application identification, EventAppId, Event Process Identification, EventProcId, Event Thread Identification, EventThreadId, and Event Correlation Identification, EventCorrelId contribute to the forensics of remediating an ESM event. Warning and Fault Message behavior requirements are forthcoming.
ESMAddRq_MType
ESMAddRq_MType
is a message MType
element.
Contains:
ESMInfoArray_AType
ErrOvrRdInfoArray_AType
JESMsRqHdr_CType
ErrOvrRdInfoArray_AType
ErrOvrRdInfoArray_AType
is an array AType
element. This is an array of overrides for faults.
Contains:
ErrOvrRd_CType
ErrOvrRd_CType
ErroOvrRd_CType
is a complex CType
element. This element is used to override errors created in a previous request. This element is optional.
Simple Elements
The simple elements contained within this complex are listed below.
ErrCode
This is the Soap Header Fault error code.
ESMInfoArray_AType
ESMInfoArray_AType
is an array AType
element. This is an array of ESM packages.
Contains:
ESMInfoRec_CType
ESMInfoRec_CType
ESMInfoRec_CType
is a complex CType
element.
Contains:
ESMEntry_CType
ESMEntry_CType
ESMEntry_CType
is a complex CType
element.
Simple Elements
The simple elements contained within this complex are listed below.
Action
Contains the action details expressed as human readable information. For events that can provide details of what occurred, this data element will contain the information. Example: If a logon failure occurred, event 130, this data may contain invalid ID/PWD combination. This data will not be automatically processed for content by the receiving system.
EventAppId
Identifies the application within a specific consumer product that created the logging message. This data element defines the application relating to the event. For example, if the ConsumerProd equals 4Sight, AppId might contain IMAGING or any other sub-categorization of the Consumer Product.
EventCat
The code of the Category of the event that occurred. Example: 3 as expressed as an integer. The category provided for a specific event. The category is optional and the default assigned to the event code will be assigned to the event.
EventCode
This is the code of the event that occurred. The event codes for the Broadcast Event are provided in the canonical values. The event codes for ESM are located in the Enterprise Event Dictionary, referred to as EED. Canonical values are:
- AcctAnlysStmt
- AcctAnlysStmtUpd
- AcctRelCodeDetail
- AcctRelCodeDetailUpd
- AcctStmt
- AcctStmtUpd
- AcctTitleDetail
- AcctTitleDetailUpd
- AllItemsTrn
- AllItemsTrnUpd
- CollatTrackItem
- CollatTrackItemDesc
- CollatTrackItemDescUpd
- CollatTrackItemUpd
- CurrTrnDetail
- CurrTrnDetailUpd
- CustAcctDetail
- CustAcctDetailUpd
- CustDetail
- CustDetailUpd
- Cust_Acct
- Cust_AcctUpd
- Cust_Email
- Cust_EmailUpd
- Cust_FileMainDetail
- Cust_FileMainDetailUpd
- Cust_IdVerifyDetail
- Cust_IdVerifyDetailUpd
- Cust_OffCodeDetail
- Cust_OffCodeDetailUpd
- Cust_Phone
- Cust_PhoneUpd
- Cust_SynapUserDefDetail
- Cust_SynapUserDefDetailUpd
- Cust_UserDefDetail
- Cust_UserDefDetailUpd
- DepAcct
- DepAcctHist
- DepAcctHistUpd
- DepAcctMemo
- DepAcctMemoUpd
- DepAcctUpd
- DepTrn
- DepTrnUpd
- Dep_AcctSweepDetail
- Dep_AcctSweepDetailUpd
- Dep_AcctTitle
- Dep_AcctTitleUpd
- Dep_AcctWavDetail
- Dep_AcctWavDetailUpd
- Dep_EFTDesc
- Dep_EFTDescUpd
- Dep_MemoPostRmk
- Dep_MemoPostRmkUpd
- Dep_StopChkDetail
- Dep_StopChkDetailUpd
- Dep_SynapUserDefDetail
- Dep_SynapUserDefDetailUpd
- Dep_TrnCodeDetail
- Dep_TrnCodeDetailUpd
- Dep_UserDefDetail
- Dep_UserDefDetailUpd
- Dep_XferDetail
- Dep_XferDetailUpd
- EFTCard
- EFTCardUpd
- EFTCardAcctId
- EFTCardAcctIdUpd
- EFTDescDetail
- EFTDescDetailUpd
- EmailDetail
- EmailDetailUpd
- EscrwDetail
- EscrwDetailUpd
- FASB91Acct
- FASB91AcctUpd
- FedActNotif
- FedShutDown
- FedStartUp
- GLAcct
- GLAcctMonthBalDetail
- GLAcctMonthBalDetailUpd
- GLAcctQtrBalDetail
- GLAcctQtrBalDetailUpd
- GLAcctUpd
- GLTrn
- GLTrnUpd
- InstAppProcDetail
- InstAppProcDetailUpd
- InstBrDetail
- InstBrDetailUpd
- InstDetail
- InstDetailUpd
- IntRateIdxDetail
- IntRateIdxDetailUpd
- LnAcct
- LnAcctHist
- LnAcctUpd
- LnAcctHistUpd
- LnAcctMemo
- LnAcctMemoUpd
- LnAcctUpd
- LnBilDetail
- LnBilDetailUpd
- LnFeeDetail
- LnFeeDetailUpd
- LnGLAppTrn
- LnGLAppTrnUpd
- LnPmtSchedDetail
- LnPmtSchedDetailUpd
- LnTrn
- LnTrnUpd
- Ln_AcctTitle
- Ln_AcctTitleUpd
- Ln_EFTDesc
- Ln_EFTDescUpd
- Ln_MemoPostRmk
- Ln_MemoPostRmkUpd
- Ln_OffCodeDetail
- Ln_OffCodeDetailUpd
- Ln_SynapUserDefDetail
- Ln_SynapUserDefDetailUpd
- Ln_UserDefDetail
- Ln_UserDefDetailUpd
- Ln_XferDetail
- Ln_XferDetailUpd
- LOCDetail
- LOCDetailUpd
- MemoPostRmkDetail
- MemoPostRmkDetailUpd
- OffCodeDetail
- OffCodeDetailUpd
- PhoneDetail
- PhoneDetailUpd
- PlnCodeDetail
- PlnCodeDetailUpd
- ProdCodeDetail
- ProdCodeDetailUpd
- SafeDepAcct
- SafeDepAcctUpd
- SafeDep_AcctTitle
- SafeDep_AcctTitleUpd
- SafeDep_UserDefDetail
- SafeDep_UserDefDetailUpd
- TimeDepAcct
- TimeDepAcctHist
- TimeDepAcctHistUpd
- TimeDepAcctMemo
- TimeDepAcctMemoUpd
- TimeDepAcctUpd
- TimeDepTrn
- TimeDepTrnUpd
- TimeDep_AcctTitle
- TimeDep_AcctTitleUpd
- TimeDep_EFTDesc
- TimeDep_EFTDescUpd
- TimeDep_MemoPostRmk
- TimeDep_MemoPostRmkUpd
- TimeDep_StopChkDetail
- TimeDep_StopChkDetailUpd
- TimeDep_SynapUserDefDetail
- TimeDep_SynapUserDefDetailUpd
- TimeDep_TaxPlnDetail
- TimeDep_TaxPlnDetailUpd
- TimeDep_UserDefDetail
- TimeDep_UserDefDetailUpd
- TrckAcct
- TrckAcctUpd
EventCorrelId
An identification provided by the consumer that correlates a group of log messages.
EventDesc
Event Description Sending system can add any additional information that may help the remediation of an event. This data will not be automatically processed for content by the receiving system.
EventProcId
Identifies the process for a consumer application that has created the logging message.
EventProd
This is the name of the product which is consuming the service (business product name) for the Soap Header Fault. The canonical values are:
- 4|sight
- Argo
- Episys Explorer
- Experience
- iTalk
- jXchange
- OnBoard
- StreamLine
- Synergy
This is the Product or Operating System that is reporting the event. This data element will directly relate to the type of event. Canonical values are: - 2020
- AIX
- CORE DIRECTOR
- EPISYS
- i5/OS
- SILVERLAKE
- WINDOWS
- EventProdEnv
An identification provided by the consumer that defines the environment in which the application is operating. This is the environment in which the Product or OS is operating. For example: PROD, TEST, AUDIT,SIM001, SIM101 The absence of this element will equate to PROD equals Production Environment. It will be the responsibility of the sender to send the appropriate data to identify the environment if necessary.
EventSvrty
The error severity of an event The error severity provided for a specific event. The error severity is optional and the default assigned to the event code will be assigned to the event.
EventThreadID
An element when the consumer product is executed in a multi-threaded environment.
EventTrackingId
An ID or other information used to track the origin of this event. Example: In some cases, this may be a key supplied by a source system to retrieve the data records of the event that can be used for forensics.
EventUsrId
This is the user ID that the consumer would like written in the audit as performing the requested service. It varies, but it could be the same as the user ID. It is not used to authenticate. It is used to audit the Soap Header Fault. If the event can be associated with a UserID that originated this event, this data element contains the UserID.
EventWsId
This is the workstation ID that the consumer would like written in the audit as performing the requested service for the Soap Header Fault. It varies, but it could be the same as the user ID. This is the unique name or FQDN of the system or machine, where the event occurred. This data must uniquely identify the specific machine where the event occurred. This data element is included when the event occurs at a machine other than the machine that is reporting the event. For example, if a user on a workstation is unsuccessfully attempting to access a secured resource on a server. This data element will contain the unique name or FQDN of the workstation.
InstId
Identifies the institution that has created the logging message. This is the unique ID that identifies the institution for JHA. This must be unique by institution and consistent for all applications.
ItemName
Indicates the object of the event.
LogDtTime
Date and Time the event occurred. Expressed in ISO 8601 time format and should contain either Zulu time or local time and the UTC offset. Format: [-]CCYY-MM-DDThh:mm:ss[Z|(+|-)hh:mm] Valid values
include:
- 2001-10-26T21:32:52
- 2001-10-26T21:32:52+02:00
- 2001-10-26T19:32:52Z
- 2001-10-26T19:32:52+00:00
- 2001-10-26T21:32:52
- 2001-10-26T21:32:52.12679 Examples of the same moment:
- 18:30Z
- 22:30+04
- 1130-0700
- 15:00-03:30 See http://books.xmlschemata.org/relaxng/ch19-77049.html or http://en.wikipedia.org/wiki/ISO_8601 for further reference.
NEventCode
The Native Event Code, Error Code, used in the originating system. Can be used in forensics for tracking events to their source.
NewVal
If a value has changed, this is the resulting new value.
OldVal
If a value has changed, this is the original old value.
SystemId
The workstation ID that the consumer would like written to the audit as performing the requested service for Soap Header Fault. It will vary, but it could be the same as the user ID.
This is the unique name or FQDN of the system or machine reporting the event. This data must uniquely identify the specific machine that is reporting the event. For example, if a user on a workstation is unsuccessfully attempting to access a secured resource on a server. This data element will contain the unique name or FQDN of the server assuming the server, or a process on the server, will report the event.
JESMsgRqHdr_CType
JESMsgRqHdr_CType
is a complex CType
element.
Contains:
JESHdr
of typeJESHdr_CType
JESHdr_CType
JESHdr_CType
is a complex CType
element.
Contains:
OrigConsumerInfo_CType
Simple Elements
The simple elements contained within this complex are listed below.
AuditUsrId
This is the user ID that the consumer would like written in the audit as performing the requested service. It varies, but it could be the same as the user ID. It is not used to authenticate. It is used to audit the Soap Header Fault.
AuditWsId
This is the workstation ID that the consumer would like written in the audit as performing the requested service for the Soap Header Fault. It varies, but it could be the same as the user ID.
BusCorrelId
The correlation identification as related to business functions and activities.
ConsumerProd
This is the name of the product which is consuming the service (business product name) for the Soap Header Fault. The canonical values are:
- 4|sight
- Argo
- Episys Explorer
- Experience
- iTalk
- jXchange
- OnBoard
- StreamLine
- Synergy
ConsumerRqDtTime
This is a date/time stamp that confirms the message request was made.
jXLogTrackingId
This is an identification provided by jXchange to be able to trace the request and response of a messagefrom the Third Party gateway, internal gateway, and Service Provider for the Soap Header Fault.
ValidConsmName
The consumer name that can be validated by enterprise governance. The canonical values are managed in a consumer/product enterprise table.
ValidConsmProd
The consumer product name that can be validated by enterprise governance. The canonical values are managed in a consumer/product enterprise table.
WorkflowCorrelId
The correlation identification as related to workflow functions and activities.
OrigConsumerInfo_CType
OrigConsumerInfo_CType
is a complex CType
element.
Contains:
AuthenUsrCred_CType
Simple Elements
The simple elements contained within this complex are listed below.
MachNameIPAddr
Specifies the machine name used with the current channel, which may be the DNS name of the computer or IP Address.
AuthenUsrCred_CType
AuthenUsrCred_CType
is a complex CType
element. This element represents Authentication of the end User Credentials in the form of a WS Security Element that contains a single SAML V2.0 Assertion.
http://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf
Simple Elements
The simple elements contained within this complex are listed below.
Security
This element defines the wsse:Security SOAP header element per Section 4.
ESMAddRs_MType
ESMAddRs_MType
is a message MType
element.
Contains:
JESMsgRsHdr_CType
Simple Elements
The simple elements contained within this message are listed below.
RsStat
This is the status of the response. Canonical values are:
- Fail
- Success
JESMsgRsHdr_CType
JESMsgRsHdr_CType
is a complex CType
element. This element is optional.
Contains:
JESHdr
of typeJESHdr_CType
MsgRecInfoArray
of typeMsgRecInfoArray_AType
JESHdr_CType
JESHdr_CType
is a complex CType
element.
Contains:
OrigConsumerInfo_CType
Simple Elements
The simple elements contained within this complex are listed below.
AuditUsrId
This is the user ID that the consumer would like written in the audit as performing the requested service. It varies, but it could be the same as the user ID. It is not used to authenticate. It is used to audit the Soap Header Fault.
AuditWsId
This is the workstation ID that the consumer would like written in the audit as performing the requested service for the Soap Header Fault. It varies, but it could be the same as the user ID.
BusCorrelId
The correlation identification as related to business functions and activities.
ConsumerProd
This is the name of the product which is consuming the service (business product name) for the Soap Header Fault. The canonical values are:
- 4|sight
- Argo
- Episys Explorer
- Experience
- iTalk
- jXchange
- OnBoard
- StreamLine
- Synergy ConsumerRqDtTime
This is a date/time stamp that confirms the message request was made.
jXLogTrackingId
This is an identification provided by jXchange to be able to trace the request and response of a message from the Third Party gateway, internal gateway, and Service Provider for the Soap Header Fault.
ValidConsmName
The consumer name that can be validated by enterprise governance. The canonical values are managed in a consumer/product enterprise table.
ValidConsmProd
The consumer product name that can be validated by enterprise governance. The canonical values are managed in a consumer/product enterprise table.
WorkflowCorrelId
The correlation identification as related to workflow functions and activities.
SOrigConsumerInfo_CType
OrigConsumerInfo_CType
is a complex CType
element.
Contains:
AuthenUsrCred_CType
Simple Elements
The simple elements contained within this complex are listed below.
MachNameIPAddr
Specifies the machine name used with the current channel, which may be the DNS name of the computer or IP Address.
AuthenUsrCred_CType
AuthenUsrCred_CType
is a complex CType
element. This element represents Authentication of the end User Credentials in the form of a WS Security Element that contains a single SAML V2.0 Assertion.
http://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf
Simple Elements
The simple elements contained within this complex are listed below.
Security
This element defines the wsse:Security SOAP header element per Section 4.
MsgRecInfoArray_AType
MsgRecInfoArray_AType
is an array AType
element. This is an array of messages that can be returned in a
response.
Contains:
MsgRec_CType
MsgRec_CTypeMsgRec_CType
is a complexCType
element.
Simple Elements
The simple elements contained within this complex are listed below.
ErrCat
This is the Soap Header Fault error category.
ErrCode
This is the Soap Header Fault error code.
ErrDesc
This is the Soap Header Fault error description.
ErrElem
The Soap Header Fault when an error or fault occurs. This optional element contains the element which is causing the error condition.
ErrElemVal
The Soap Header Fault when an error or fault occurs. This optional element contains the value of the element which is causing the error condition.
ErrLoc
This is the Soap Header Fault error location. This is typically the program that generated the error condition.