2.2.3.5.1 AuditLogUpload Payload
The /AuditLogUpload/Payload element contains the payload data specified as:
-
<xs:schema xmlns:g="urn:groove.net" attributeFormDefault="unqualified" elementFormDefault="qualified" targetNamespace="urn:groove.net" xmlns:xs="http://www.w3.org/2001/XMLSchema"> <xs:import/> <xs:element name="fragment"> <xs:complexType> <xs:sequence> <xs:element ref="Event"/> </xs:sequence> </xs:complexType> </xs:element> <xs:element name="SE"> <xs:complexType> <xs:sequence> <xs:element name="Auth"> <xs:complexType> <xs:attribute name="MAC" type="xs:base64Binary" use="required"/> </xs:complexType> </xs:element> </xs:sequence> </xs:complexType> </xs:element> </xs:schema>
The referenced Event element is specified in the following schema:
-
<xs:schema attributeFormDefault="unqualified" elementFormDefault="qualified" xmlns:xs="http://www.w3.org/2001/XMLSchema"> <xs:import namespace="urn:groove.net"/> <xs:element name="Event"> <xs:complexType> <xs:sequence> <xs:element xmlns:g="urn:groove.net" ref="g:SE"/>" </xs:sequence> <xs:attribute name="BackupFragmentSize" type="xs:int" use="required"/> <xs:attribute name="BackupFragmentCount" type="xs:int" use="required"/> <xs:attribute name="BackupGUID" type="xs:string"/> <xs:attribute name="BackupIndexCount" type="xs:int" use="required"/> <xs:attribute name="BackupSize" type="xs:int" use="required"/> <xs:attribute name="BackupVersion" type="xs:int" use="required"/> <xs:attribute name="DomainGUID" type="xs:string" use="required"/> <xs:attribute name="GUID" type="xs:string" use="required"/> <xs:attribute name="GrooveVersion" type="xs:string" use="required"/> <xs:attribute name="IdentityURL" type="xs:string" use="required"/> <xs:attribute name="IsDeviceAccount" type="BooleanType" use="required"/> <xs:attribute name="UserDeviceGuid" type="xs:string" use="required"/> <xs:attribute name="UserDeviceName" type="xs:string" use="required"/> <xs:attribute name="_EA2" type="xs:base64Binary" use="required"/> <xs:attribute name="_EventID" type="xs:int" use="required"/> <xs:attribute name="created" type="xs:int" use="required"/> </xs:complexType> </xs:element> </xs:schema>
The referenced "g:SE" element is specified in the fragment element schema previously defined in this section. The SE element MUST be prefixed with "g:" where "g" stands for the namespace "xmlns:g="urn:groove.net".
The following table describes the payload XML elements and attributes:
XPath |
Description |
---|---|
/fragment/Event |
Service event element |
/fragment/Event/@BackupFragmentSize |
Backup fragment size |
/fragment/Event/@BackupFragmentCount |
Backup fragment count |
/fragment/Event/@BackupGUID |
Backup GUID |
/fragment/Event/@BackupIndexCount |
Backup index count |
/fragment/Event/@BackupSize |
Backup size |
/fragment/Event/@BackupVersion |
Backup version |
/fragment/Event/@DomainGuid |
Domain GUID |
/fragment/Event/@GUID |
Account GUID |
/fragment/Event/@GrooveVersion |
Client version |
/fragment/Event/@IdentityURL |
Identity URL of the account |
/fragment/Event/@IsDeviceAccount |
A Boolean value MUST be true for a device account |
/fragment/Event/@UserDeviceGuid |
Device GUID |
/fragment/Event/@UserDeviceName |
Client host name |
/fragment/Event/@_EA2 |
Base64 encoded audit log data |
/fragment/Event/@_EventID |
Event identifier |
/fragment/Event/@created |
Message creation timestamp |
/fragment/Event/SE |
Secured element |
/fragment/Event/SE/Auth |
Authenticator element |
/fragment/EventSE/Auth/@MAC |
Message Authentication Code |
The /fragment/Event/@_EA2 attribute contains data specified as:
-
<xs:element name="LU"> <xs:complexType> <xs:sequence> <xs:element name="L"> <xs:complexType> <xs:sequence> <xs:choice maxOccurs="unbounded"> <xs:element name="BH"> <xs:complexType> <xs:attribute name="_body" type="xs:base64Binary" use="required"/> <xs:attribute name="_iv" type="xs:base64Binary" use="required"/> <xs:attribute name="_key" type="xs:base64Binary" use="required"/> <xs:attribute name="_mac" type="xs:base64Binary" use="required"/> </xs:complexType> </xs:element> <xs:element maxOccurs="unbounded" name="E"> <xs:complexType> <xs:attribute name="_body" type="xs:base64Binary" use="required"/> <xs:attribute name="_iv" type="xs:base64Binary" use="required"/> <xs:attribute name="_mac" type="xs:base64Binary" use="required"/> </xs:complexType> </xs:element> <xs:element name="EH"> <xs:complexType> <xs:attribute name="_body" type="xs:base64Binary" use="required"/> <xs:attribute name="_iv" type="xs:base64Binary" use="required"/> <xs:attribute name="_mac" type="xs:base64Binary" use="required"/> </xs:complexType> </xs:element> <xs:element name="UM"> <xs:complexType> <xs:attribute name="_dt" type="xs:string" use="required"/> <xs:attribute name="_q" type="xs:int" use="required"/> </xs:complexType> </xs:element> </xs:choice> </xs:sequence> </xs:complexType> </xs:element> </xs:sequence> <xs:attribute name="_dg" type="xs:string" use="required"/> <xs:attribute name="_dgh" type="xs:base64Binary" use="required"/> <xs:attribute name="_iv" type="xs:base64Binary" use="required"/> <xs:attribute name="_lok" type="xs:base64Binary" use="required"/> <xs:attribute name="_mac" type="xs:base64Binary" use="required"/> <xs:attribute name="_v" type="xs:string" use="required"/> </xs:complexType> </xs:element>
The following table describes the elements and attributes:
XPath |
Description |
---|---|
/LU |
Log upload element |
/LU/@_dg |
Device GUID |
/LU/@_dgh |
SHA1 hash of the Device GUID. |
/LU/@_iv |
Initialization vector for the encryption and decryption |
/LU/@_lok |
Lock on key |
/LU/@_mac |
Message Authentication Code |
/LU/@_v |
The value MUST be "1,0". |
/LU/L |
Log data element |
/LU/L/BH |
Begin header element |
/LU/L/BH/@_body |
Base64 encoded log data |
/LU/L/BH/@_iv |
Initialization vector for the encryption and decryption |
/LU/L//BH/@_key |
Encryption key |
/LU/L/BH/@_mac |
Message Authentication Code |
/LU/L/E |
Entry element |
/LU/L/E/@_body |
Base64 encoded log data |
/LU/L/E/@_iv |
Initialization vector for the encryption and decryption |
/LU/L/E/@_mac |
Message Authentication Code |
/LU/L/EH |
End header element |
/LU/L/EH/@_body |
Base64 encoded log data |
/LU/L/EH/@_iv |
Initialization vector for the encryption and decryption |
/LU/L/EH/@_mac |
Message Authentication Code |
/LU/L/UM |
Upload marker element |
/LU/L/UM/@_dt |
Date time in MM/DD/YYYY hh:mm:ss format where: MM=Month, DD=Day, YYYY=year, hh=hour, mm=minute, ss=second |
/LU/L/UM/@_q |
Upload sequence number (current _q = last uploaded _q + 1) |