I'm having a heck of a time decoding a USERDATA entry in the SUMLOG. LOG_GET_ENTRY in SDASUPPORT is returning the Major 6, Minor 9 USERDATA Change entries that need to be decoded. Here's a snippet of the returned array row:
0(00000) 0 580000 010001 0 006000 91E117 ...... .-.j..
2(00002) 0 B0B4E8 431741 0 000A49 000BC1 ..Y... .....A
4(00004) 0 000000 000507 0 000000 50000B ...... ...&..
6(00006) 0 000000 00047C THRU 7(00007) .....@
8(00008) 0 000000 00001C 0 000000 000000 ...... ......
10(0000A) 0 000000 000000 0 000001 202030 ...... ......
12(0000C) 0 08C4E4 D4D4E8 0 E4C300 000000 .DUMMY UC....
14(0000E) 0 1B0000 20011F 0 000000 00000A ...... ......
16(00010) 0 000000 000000 THRU 23(00017) ......
Word 0-3 are the usual log entry words.
Word 4 has the expected data as documented in the System Log Programming Guide.
Word 5 is pointing at word 11 (hex b) for 5 words.
But, what the heck is in word 11?
I'm looking in the Security Administration Guide under USERDATAREBUILD, but the documentation is very opaque.
Does anyone out there have any familiarity with decoding these log entries?
Thanks.
On Friday, June 9, 2023 at 10:03:47 AM UTC-7, barry....@gmail.com wrote:elsewhere. The data I extracted definitely included Major 6 / Minor 9 records (and specifically function 7 usercode Modify entries, which is what you have here).
On Thursday, June 8, 2023 at 10:23:44 PM UTC+1, mpe...@gmail.com wrote: >>> I'm having a heck of a time decoding a USERDATA entry in the SUMLOG. LOG_GET_ENTRY in SDASUPPORT is returning the Major 6, Minor 9 USERDATA Change entries that need to be decoded. Here's a snippet of the returned array row:
In a previous life (nearly 10 years ago!) I wrote a SIEM agent (I can't even remember what that acronym stands for now), which extracted important security-related stuff from the logfile and sent it to a third-party monitoring program which ran
0(00000) 0 580000 010001 0 006000 91E117 ...... .-.j..
2(00002) 0 B0B4E8 431741 0 000A49 000BC1 ..Y... .....A
4(00004) 0 000000 000507 0 000000 50000B ...... ...&..
6(00006) 0 000000 00047C THRU 7(00007) .....@
8(00008) 0 000000 00001C 0 000000 000000 ...... ......
10(0000A) 0 000000 000000 0 000001 202030 ...... ......
12(0000C) 0 08C4E4 D4D4E8 0 E4C300 000000 .DUMMY UC....
14(0000E) 0 1B0000 20011F 0 000000 00000A ...... ......
16(00010) 0 000000 000000 THRU 23(00017) ......
Word 0-3 are the usual log entry words.
Word 4 has the expected data as documented in the System Log Programming Guide.
Word 5 is pointing at word 11 (hex b) for 5 words.
But, what the heck is in word 11?
I'm looking in the Security Administration Guide under USERDATAREBUILD, but the documentation is very opaque.
Does anyone out there have any familiarity with decoding these log entries? >>>
Thanks.
I still have the source code, but it resides on an MCP Express environment which is currenlty turned off (and is no longer supported). It might take me a while to locate it, but I'd be happy to try if you think it might help?
Barry.
Barry -
That sounds very much on target. If you can pull that up, it would be very much appreciated.
SIEM is Security Incident Event Manager.
On Thursday, June 8, 2023 at 10:23:44 PM UTC+1, mpe...@gmail.com wrote:elsewhere. The data I extracted definitely included Major 6 / Minor 9 records (and specifically function 7 usercode Modify entries, which is what you have here).
I'm having a heck of a time decoding a USERDATA entry in the SUMLOG. LOG_GET_ENTRY in SDASUPPORT is returning the Major 6, Minor 9 USERDATA Change entries that need to be decoded. Here's a snippet of the returned array row:
0(00000) 0 580000 010001 0 006000 91E117 ...... .-.j..
2(00002) 0 B0B4E8 431741 0 000A49 000BC1 ..Y... .....A
4(00004) 0 000000 000507 0 000000 50000B ...... ...&..
6(00006) 0 000000 00047C THRU 7(00007) .....@
8(00008) 0 000000 00001C 0 000000 000000 ...... ......
10(0000A) 0 000000 000000 0 000001 202030 ...... ......
12(0000C) 0 08C4E4 D4D4E8 0 E4C300 000000 .DUMMY UC....
14(0000E) 0 1B0000 20011F 0 000000 00000A ...... ......
16(00010) 0 000000 000000 THRU 23(00017) ......
Word 0-3 are the usual log entry words.
Word 4 has the expected data as documented in the System Log Programming Guide.
Word 5 is pointing at word 11 (hex b) for 5 words.
But, what the heck is in word 11?
I'm looking in the Security Administration Guide under USERDATAREBUILD, but the documentation is very opaque.
Does anyone out there have any familiarity with decoding these log entries?
Thanks.In a previous life (nearly 10 years ago!) I wrote a SIEM agent (I can't even remember what that acronym stands for now), which extracted important security-related stuff from the logfile and sent it to a third-party monitoring program which ran
I still have the source code, but it resides on an MCP Express environment which is currenlty turned off (and is no longer supported). It might take me a while to locate it, but I'd be happy to try if you think it might help?
Barry.
On 6/9/2023 10:23 AM, mpe...@gmail.com wrote:elsewhere. The data I extracted definitely included Major 6 / Minor 9 records (and specifically function 7 usercode Modify entries, which is what you have here).
On Friday, June 9, 2023 at 10:03:47 AM UTC-7, barry....@gmail.com wrote:
On Thursday, June 8, 2023 at 10:23:44 PM UTC+1, mpe...@gmail.com wrote: >>> I'm having a heck of a time decoding a USERDATA entry in the SUMLOG. LOG_GET_ENTRY in SDASUPPORT is returning the Major 6, Minor 9 USERDATA Change entries that need to be decoded. Here's a snippet of the returned array row:
In a previous life (nearly 10 years ago!) I wrote a SIEM agent (I can't even remember what that acronym stands for now), which extracted important security-related stuff from the logfile and sent it to a third-party monitoring program which ran
0(00000) 0 580000 010001 0 006000 91E117 ...... .-.j..
2(00002) 0 B0B4E8 431741 0 000A49 000BC1 ..Y... .....A
4(00004) 0 000000 000507 0 000000 50000B ...... ...&..
6(00006) 0 000000 00047C THRU 7(00007) .....@
8(00008) 0 000000 00001C 0 000000 000000 ...... ......
10(0000A) 0 000000 000000 0 000001 202030 ...... ......
12(0000C) 0 08C4E4 D4D4E8 0 E4C300 000000 .DUMMY UC....
14(0000E) 0 1B0000 20011F 0 000000 00000A ...... ......
16(00010) 0 000000 000000 THRU 23(00017) ......
Word 0-3 are the usual log entry words.
Word 4 has the expected data as documented in the System Log Programming Guide.
Word 5 is pointing at word 11 (hex b) for 5 words.
But, what the heck is in word 11?
I'm looking in the Security Administration Guide under USERDATAREBUILD, but the documentation is very opaque.
Does anyone out there have any familiarity with decoding these log entries?
Thanks.
I still have the source code, but it resides on an MCP Express environment which is currenlty turned off (and is no longer supported). It might take me a while to locate it, but I'd be happy to try if you think it might help?
Barry.
Barry -
That sounds very much on target. If you can pull that up, it would be very much appreciated.
SIEM is Security Incident Event Manager.Metalogic CopyWriteNT can extract and convert files from a number of MCP media types, including Logical Disk .asd files. See:
http://www.metalogic.eu.com/Main/Products/CopyWrite.html
Paul
On Friday, June 9, 2023 at 6:58:30 PM UTC+1, Paul Kimpel wrote:elsewhere. The data I extracted definitely included Major 6 / Minor 9 records (and specifically function 7 usercode Modify entries, which is what you have here).
On 6/9/2023 10:23 AM, mpe...@gmail.com wrote:
On Friday, June 9, 2023 at 10:03:47 AM UTC-7, barry....@gmail.com wrote:
On Thursday, June 8, 2023 at 10:23:44 PM UTC+1, mpe...@gmail.com wrote:
I'm having a heck of a time decoding a USERDATA entry in the SUMLOG. LOG_GET_ENTRY in SDASUPPORT is returning the Major 6, Minor 9 USERDATA Change entries that need to be decoded. Here's a snippet of the returned array row:In a previous life (nearly 10 years ago!) I wrote a SIEM agent (I can't even remember what that acronym stands for now), which extracted important security-related stuff from the logfile and sent it to a third-party monitoring program which ran
0(00000) 0 580000 010001 0 006000 91E117 ...... .-.j..
2(00002) 0 B0B4E8 431741 0 000A49 000BC1 ..Y... .....A
4(00004) 0 000000 000507 0 000000 50000B ...... ...&..
6(00006) 0 000000 00047C THRU 7(00007) .....@
8(00008) 0 000000 00001C 0 000000 000000 ...... ......
10(0000A) 0 000000 000000 0 000001 202030 ...... ......
12(0000C) 0 08C4E4 D4D4E8 0 E4C300 000000 .DUMMY UC....
14(0000E) 0 1B0000 20011F 0 000000 00000A ...... ......
16(00010) 0 000000 000000 THRU 23(00017) ......
Word 0-3 are the usual log entry words.
Word 4 has the expected data as documented in the System Log Programming Guide.
Word 5 is pointing at word 11 (hex b) for 5 words.
But, what the heck is in word 11?
I'm looking in the Security Administration Guide under USERDATAREBUILD, but the documentation is very opaque.
Does anyone out there have any familiarity with decoding these log entries?
Thanks.
I still have the source code, but it resides on an MCP Express environment which is currenlty turned off (and is no longer supported). It might take me a while to locate it, but I'd be happy to try if you think it might help?
Barry.
Barry -
That sounds very much on target. If you can pull that up, it would be very much appreciated.
SIEM is Security Incident Event Manager.Metalogic CopyWriteNT can extract and convert files from a number of MCP media types, including Logical Disk .asd files. See:
http://www.metalogic.eu.com/Main/Products/CopyWrite.html
PaulThanks Paul -- Copywrite is indeed a very useful tool. But I remembered that I also have a working (and more recent) Dev Studio environment, which also happens to contain a copy of the code (albeit version 1.0.0).
I'm just working out the best way to get that from there to here, and then I'll post some snippets. I have been a little lazy in my decoding, in that I only seem to extract the usercode, and not the detail; but at least it's a start...
On Saturday, June 10, 2023 at 2:15:58 PM UTC+1, barry....@gmail.com wrote:elsewhere. The data I extracted definitely included Major 6 / Minor 9 records (and specifically function 7 usercode Modify entries, which is what you have here).
On Friday, June 9, 2023 at 6:58:30 PM UTC+1, Paul Kimpel wrote:
On 6/9/2023 10:23 AM, mpe...@gmail.com wrote:
On Friday, June 9, 2023 at 10:03:47 AM UTC-7, barry....@gmail.com wrote:
On Thursday, June 8, 2023 at 10:23:44 PM UTC+1, mpe...@gmail.com wrote:
I'm having a heck of a time decoding a USERDATA entry in the SUMLOG. LOG_GET_ENTRY in SDASUPPORT is returning the Major 6, Minor 9 USERDATA Change entries that need to be decoded. Here's a snippet of the returned array row:In a previous life (nearly 10 years ago!) I wrote a SIEM agent (I can't even remember what that acronym stands for now), which extracted important security-related stuff from the logfile and sent it to a third-party monitoring program which ran
0(00000) 0 580000 010001 0 006000 91E117 ...... .-.j..
2(00002) 0 B0B4E8 431741 0 000A49 000BC1 ..Y... .....A
4(00004) 0 000000 000507 0 000000 50000B ...... ...&..
6(00006) 0 000000 00047C THRU 7(00007) .....@
8(00008) 0 000000 00001C 0 000000 000000 ...... ......
10(0000A) 0 000000 000000 0 000001 202030 ...... ......
12(0000C) 0 08C4E4 D4D4E8 0 E4C300 000000 .DUMMY UC....
14(0000E) 0 1B0000 20011F 0 000000 00000A ...... ......
16(00010) 0 000000 000000 THRU 23(00017) ......
Word 0-3 are the usual log entry words.
Word 4 has the expected data as documented in the System Log Programming Guide.
Word 5 is pointing at word 11 (hex b) for 5 words.
But, what the heck is in word 11?
I'm looking in the Security Administration Guide under USERDATAREBUILD, but the documentation is very opaque.
Does anyone out there have any familiarity with decoding these log entries?
Thanks.
I still have the source code, but it resides on an MCP Express environment which is currenlty turned off (and is no longer supported). It might take me a while to locate it, but I'd be happy to try if you think it might help?
Barry.
Barry -
That sounds very much on target. If you can pull that up, it would be very much appreciated.
SIEM is Security Incident Event Manager.Metalogic CopyWriteNT can extract and convert files from a number of MCP media types, including Logical Disk .asd files. See:
http://www.metalogic.eu.com/Main/Products/CopyWrite.html
OK - this is what I have. I'm using Report_Log_Entries to get the log records that I'm interested in, and then writing them to a remote Windows server.PaulThanks Paul -- Copywrite is indeed a very useful tool. But I remembered that I also have a working (and more recent) Dev Studio environment, which also happens to contain a copy of the code (albeit version 1.0.0).
I'm just working out the best way to get that from there to here, and then I'll post some snippets. I have been a little lazy in my decoding, in that I only seem to extract the usercode, and not the detail; but at least it's a start...
There is a big Case statement on Major type, then similar case statements on Minor type within each.
For Maj 6, Min 9 I have:
9: Begin % Userdata Change
Pu:=Pointer(U);
StandardtoDisplay(Log_0609_UPtr,Pu);
Replace P:P by
Log_06_UDfunc for * digits, comma,
Log_06_UDop for * digits, comma,
Pointer(U[0]) + 4 until = Nul, comma;
End Min 9;
U is just a temporary array for the result of the StandardtoDisplay call; Pu is a pointer to it. P is a pointer to the output record.
Defines are as follows:
RLE_Pfx = 5 #,
LinkIxF = [19:20] #,
LengthF = [23:08] #,
Log_06_UDfunc = Qmsg[RLE_Pfx + 4].[3:4] #,
Log_06_UDcopy = Qmsg[RLE_Pfx + 6].[15:16] #,
Log_06_UDop = Qmsg[RLE_Pfx + 4].[11:4] #,
Log_0609_UInx = Qmsg[RLE_Pfx + 5].LinkIxF + RLE_Pfx #,
Log_0609_ULen = Qmsg[Log_0609_UInx].LengthF #,
Log_0609_UPtr = Pointer(Qmsg[Log_0609_UInx]) #,
Qmsg is a large array for the messages received on the Queue used by Report_Log_Entries.
Hope that might be of some use...
Barry.
On 6/9/2023 10:23 AM, mpe...@gmail.com wrote:elsewhere. The data I extracted definitely included Major 6 / Minor 9 records (and specifically function 7 usercode Modify entries, which is what you have here).
On Friday, June 9, 2023 at 10:03:47 AM UTC-7, barry....@gmail.com wrote:
On Thursday, June 8, 2023 at 10:23:44 PM UTC+1, mpe...@gmail.com wrote: >>> I'm having a heck of a time decoding a USERDATA entry in the SUMLOG. LOG_GET_ENTRY in SDASUPPORT is returning the Major 6, Minor 9 USERDATA Change entries that need to be decoded. Here's a snippet of the returned array row:
In a previous life (nearly 10 years ago!) I wrote a SIEM agent (I can't even remember what that acronym stands for now), which extracted important security-related stuff from the logfile and sent it to a third-party monitoring program which ran
0(00000) 0 580000 010001 0 006000 91E117 ...... .-.j..
2(00002) 0 B0B4E8 431741 0 000A49 000BC1 ..Y... .....A
4(00004) 0 000000 000507 0 000000 50000B ...... ...&..
6(00006) 0 000000 00047C THRU 7(00007) .....@
8(00008) 0 000000 00001C 0 000000 000000 ...... ......
10(0000A) 0 000000 000000 0 000001 202030 ...... ......
12(0000C) 0 08C4E4 D4D4E8 0 E4C300 000000 .DUMMY UC....
14(0000E) 0 1B0000 20011F 0 000000 00000A ...... ......
16(00010) 0 000000 000000 THRU 23(00017) ......
Word 0-3 are the usual log entry words.
Word 4 has the expected data as documented in the System Log Programming Guide.
Word 5 is pointing at word 11 (hex b) for 5 words.
But, what the heck is in word 11?
I'm looking in the Security Administration Guide under USERDATAREBUILD, but the documentation is very opaque.
Does anyone out there have any familiarity with decoding these log entries?
Thanks.
I still have the source code, but it resides on an MCP Express environment which is currenlty turned off (and is no longer supported). It might take me a while to locate it, but I'd be happy to try if you think it might help?
Barry.
Barry -
That sounds very much on target. If you can pull that up, it would be very much appreciated.
SIEM is Security Incident Event Manager.Metalogic CopyWriteNT can extract and convert files from a number of MCP media types, including Logical Disk .asd files. See:
http://www.metalogic.eu.com/Main/Products/CopyWrite.html
Paul
On Friday, June 9, 2023 at 10:58:30 AM UTC-7, Paul Kimpel wrote:elsewhere. The data I extracted definitely included Major 6 / Minor 9 records (and specifically function 7 usercode Modify entries, which is what you have here).
On 6/9/2023 10:23 AM, mpe...@gmail.com wrote:
On Friday, June 9, 2023 at 10:03:47 AM UTC-7, barry....@gmail.com wrote: >>>> On Thursday, June 8, 2023 at 10:23:44 PM UTC+1, mpe...@gmail.com wrote: >>>>> I'm having a heck of a time decoding a USERDATA entry in the SUMLOG. LOG_GET_ENTRY in SDASUPPORT is returning the Major 6, Minor 9 USERDATA Change entries that need to be decoded. Here's a snippet of the returned array row:
In a previous life (nearly 10 years ago!) I wrote a SIEM agent (I can't even remember what that acronym stands for now), which extracted important security-related stuff from the logfile and sent it to a third-party monitoring program which ran
0(00000) 0 580000 010001 0 006000 91E117 ...... .-.j..
2(00002) 0 B0B4E8 431741 0 000A49 000BC1 ..Y... .....A
4(00004) 0 000000 000507 0 000000 50000B ...... ...&..
6(00006) 0 000000 00047C THRU 7(00007) .....@
8(00008) 0 000000 00001C 0 000000 000000 ...... ......
10(0000A) 0 000000 000000 0 000001 202030 ...... ......
12(0000C) 0 08C4E4 D4D4E8 0 E4C300 000000 .DUMMY UC....
14(0000E) 0 1B0000 20011F 0 000000 00000A ...... ......
16(00010) 0 000000 000000 THRU 23(00017) ......
Word 0-3 are the usual log entry words.
Word 4 has the expected data as documented in the System Log Programming Guide.
Word 5 is pointing at word 11 (hex b) for 5 words.
But, what the heck is in word 11?
I'm looking in the Security Administration Guide under USERDATAREBUILD, but the documentation is very opaque.
Does anyone out there have any familiarity with decoding these log entries?
Thanks.
Metalogic CopyWriteNT can extract and convert files from a number of MCP
I still have the source code, but it resides on an MCP Express environment which is currenlty turned off (and is no longer supported). It might take me a while to locate it, but I'd be happy to try if you think it might help?
Barry.
Barry -
That sounds very much on target. If you can pull that up, it would be very much appreciated.
SIEM is Security Incident Event Manager.
media types, including Logical Disk .asd files. See:
http://www.metalogic.eu.com/Main/Products/CopyWrite.html
Paul
Paul -
Thanks for the reference. However, we need to do this on-box.
If I'm reading your code right, the only place you're looking at word 11 is via Log_06_UDcopy. Do you use that value anywhere?
I'm having a heck of a time decoding a USERDATA entry in the SUMLOG. LOG_GET_ENTRY in SDASUPPORT is returning the Major 6, Minor 9 USERDATA Change entries that need to be decoded. Here's a snippet of the returned array row:
0(00000) 0 580000 010001 0 006000 91E117 ...... .-.j..
2(00002) 0 B0B4E8 431741 0 000A49 000BC1 ..Y... .....A
4(00004) 0 000000 000507 0 000000 50000B ...... ...&..
6(00006) 0 000000 00047C THRU 7(00007) .....@
8(00008) 0 000000 00001C 0 000000 000000 ...... ......
10(0000A) 0 000000 000000 0 000001 202030 ...... ......
12(0000C) 0 08C4E4 D4D4E8 0 E4C300 000000 .DUMMY UC....
14(0000E) 0 1B0000 20011F 0 000000 00000A ...... ......
16(00010) 0 000000 000000 THRU 23(00017) ......
Word 0-3 are the usual log entry words.
Word 4 has the expected data as documented in the System Log Programming Guide.
Word 5 is pointing at word 11 (hex b) for 5 words.
But, what the heck is in word 11?
I'm looking in the Security Administration Guide under USERDATAREBUILD, but the documentation is very opaque.
Does anyone out there have any familiarity with decoding these log entries?
Thanks.
On Thursday, June 8, 2023 at 4:23:44 PM UTC-5, mpe...@gmail.com wrote:
I'm having a heck of a time decoding a USERDATA entry in the SUMLOG. LOG_GET_ENTRY in SDASUPPORT is returning the Major 6, Minor 9 USERDATA Change entries that need to be decoded. Here's a snippet of the returned array row:
0(00000) 0 580000 010001 0 006000 91E117 ...... .-.j..
2(00002) 0 B0B4E8 431741 0 000A49 000BC1 ..Y... .....A
4(00004) 0 000000 000507 0 000000 50000B ...... ...&..
6(00006) 0 000000 00047C THRU 7(00007) .....@
8(00008) 0 000000 00001C 0 000000 000000 ...... ......
10(0000A) 0 000000 000000 0 000001 202030 ...... ......
12(0000C) 0 08C4E4 D4D4E8 0 E4C300 000000 .DUMMY UC....
14(0000E) 0 1B0000 20011F 0 000000 00000A ...... ......
16(00010) 0 000000 000000 THRU 23(00017) ......
Word 0-3 are the usual log entry words.
Word 4 has the expected data as documented in the System Log Programming Guide.
Word 5 is pointing at word 11 (hex b) for 5 words.
But, what the heck is in word 11?
I'm looking in the Security Administration Guide under USERDATAREBUILD, but the documentation is very opaque.
Does anyone out there have any familiarity with decoding these log entries?
Thanks.There is a procedure exported by JOBFORMATTER called ANALYZETHELOG that will format most SUMLOG records.
Doug Dobson
On Thursday, July 6, 2023 at 11:29:03 AM UTC-7, Doug Dobson wrote:are even GO TO statements inside a CASE block. It is headache inducing.
On Thursday, June 8, 2023 at 4:23:44 PM UTC-5, mpe...@gmail.com wrote:
I'm having a heck of a time decoding a USERDATA entry in the SUMLOG. LOG_GET_ENTRY in SDASUPPORT is returning the Major 6, Minor 9 USERDATA Change entries that need to be decoded. Here's a snippet of the returned array row:
0(00000) 0 580000 010001 0 006000 91E117 ...... .-.j..
2(00002) 0 B0B4E8 431741 0 000A49 000BC1 ..Y... .....A
4(00004) 0 000000 000507 0 000000 50000B ...... ...&..
6(00006) 0 000000 00047C THRU 7(00007) .....@
8(00008) 0 000000 00001C 0 000000 000000 ...... ......
10(0000A) 0 000000 000000 0 000001 202030 ...... ......
12(0000C) 0 08C4E4 D4D4E8 0 E4C300 000000 .DUMMY UC....
14(0000E) 0 1B0000 20011F 0 000000 00000A ...... ......
16(00010) 0 000000 000000 THRU 23(00017) ......
Word 0-3 are the usual log entry words.
Word 4 has the expected data as documented in the System Log Programming Guide.
Word 5 is pointing at word 11 (hex b) for 5 words.
But, what the heck is in word 11?
I'm looking in the Security Administration Guide under USERDATAREBUILD, but the documentation is very opaque.
Does anyone out there have any familiarity with decoding these log entries?
Thanks.There is a procedure exported by JOBFORMATTER called ANALYZETHELOG that will format most SUMLOG records.
Doug DobsonI'm trying to dial out some specific user code change activities. I'd rather not convert the log into text to be scanned. The information is there, but there's no documentation on how to decode it.
The JOBFORMATTER code is a bit arcane. There are very few comments. The only comments in that area have 59 MarkIDs. At least someone figured out that a few breadcrumbs are helpful. Also, there are multiple defines that reference other defines. There
I'm having a heck of a time decoding a USERDATA entry in the SUMLOG. LOG_GET_ENTRY in SDASUPPORT is returning the Major 6, Minor 9 USERDATA Change entries that need to be decoded. Here's a snippet of the returned array row:
0(00000) 0 580000 010001 0 006000 91E117 ...... .-.j..
2(00002) 0 B0B4E8 431741 0 000A49 000BC1 ..Y... .....A
4(00004) 0 000000 000507 0 000000 50000B ...... ...&..
6(00006) 0 000000 00047C THRU 7(00007) .....@
8(00008) 0 000000 00001C 0 000000 000000 ...... ......
10(0000A) 0 000000 000000 0 000001 202030 ...... ......
12(0000C) 0 08C4E4 D4D4E8 0 E4C300 000000 .DUMMY UC....
14(0000E) 0 1B0000 20011F 0 000000 00000A ...... ......
16(00010) 0 000000 000000 THRU 23(00017) ......
Word 0-3 are the usual log entry words.
Word 4 has the expected data as documented in the System Log Programming Guide.
Word 5 is pointing at word 11 (hex b) for 5 words.
But, what the heck is in word 11?
I'm looking in the Security Administration Guide under USERDATAREBUILD, but the documentation is very opaque.
Does anyone out there have any familiarity with decoding these log entries?
Thanks.
| Sysop: | Keyop |
|---|---|
| Location: | Huddersfield, West Yorkshire, UK |
| Users: | 494 |
| Nodes: | 16 (3 / 13) |
| Uptime: | 35:49:56 |
| Calls: | 9,741 |
| Calls today: | 1 |
| Files: | 13,741 |
| Messages: | 6,183,472 |