2.2.3.5.1 AuditLogUpload Payload

Article
10/15/2020

The /AuditLogUpload/Payload element contains the payload data specified as:

 <xs:schema xmlns:g="urn:groove.net" attributeFormDefault="unqualified" elementFormDefault="qualified" targetNamespace="urn:groove.net" xmlns:xs="http://www.w3.org/2001/XMLSchema">
  <xs:import/>
  <xs:element name="fragment">
  <xs:complexType>
   <xs:sequence>
    <xs:element ref="Event"/>
   </xs:sequence>
  </xs:complexType>
  </xs:element>
  <xs:element name="SE">
  <xs:complexType>
   <xs:sequence>
   <xs:element name="Auth">
    <xs:complexType>
    <xs:attribute name="MAC" type="xs:base64Binary" use="required"/>
    </xs:complexType>
   </xs:element>
   </xs:sequence>
  </xs:complexType>
  </xs:element>
 </xs:schema>

The referenced Event element is specified in the following schema:

 <xs:schema attributeFormDefault="unqualified" elementFormDefault="qualified" xmlns:xs="http://www.w3.org/2001/XMLSchema">
  <xs:import namespace="urn:groove.net"/>
  <xs:element name="Event">
  <xs:complexType>
   <xs:sequence>
   <xs:element xmlns:g="urn:groove.net" ref="g:SE"/>"
   </xs:sequence>
   <xs:attribute name="BackupFragmentSize" type="xs:int"
  use="required"/>
   <xs:attribute name="BackupFragmentCount" type="xs:int" use="required"/>
   <xs:attribute name="BackupGUID" type="xs:string"/>
   <xs:attribute name="BackupIndexCount" type="xs:int" use="required"/>
   <xs:attribute name="BackupSize" type="xs:int" use="required"/>
   <xs:attribute name="BackupVersion" type="xs:int" use="required"/>
   <xs:attribute name="DomainGUID" type="xs:string" use="required"/>
   <xs:attribute name="GUID" type="xs:string" use="required"/>
   <xs:attribute name="GrooveVersion" type="xs:string" use="required"/>
   <xs:attribute name="IdentityURL" type="xs:string" use="required"/>
   <xs:attribute name="IsDeviceAccount" type="BooleanType" use="required"/>
   <xs:attribute name="UserDeviceGuid" type="xs:string" use="required"/>
   <xs:attribute name="UserDeviceName" type="xs:string" use="required"/>
   <xs:attribute name="_EA2" type="xs:base64Binary" use="required"/>
   <xs:attribute name="_EventID" type="xs:int" use="required"/>
   <xs:attribute name="created" type="xs:int" use="required"/>
  </xs:complexType>
  </xs:element>
 </xs:schema>

The referenced "g:SE" element is specified in the fragment element schema previously defined in this section. The SE element MUST be prefixed with "g:" where "g" stands for the namespace "xmlns:g="urn:groove.net".

The following table describes the payload XML elements and attributes:

XPath	Description
/fragment/Event	Service event element
/fragment/Event/@BackupFragmentSize	Backup fragment size
/fragment/Event/@BackupFragmentCount	Backup fragment count
/fragment/Event/@BackupGUID	Backup GUID
/fragment/Event/@BackupIndexCount	Backup index count
/fragment/Event/@BackupSize	Backup size
/fragment/Event/@BackupVersion	Backup version
/fragment/Event/@DomainGuid	Domain GUID
/fragment/Event/@GUID	Account GUID
/fragment/Event/@GrooveVersion	Client version
/fragment/Event/@IdentityURL	Identity URL of the account
/fragment/Event/@IsDeviceAccount	A Boolean value MUST be true for a device account
/fragment/Event/@UserDeviceGuid	Device GUID
/fragment/Event/@UserDeviceName	Client host name
/fragment/Event/@_EA2	Base64 encoded audit log data
/fragment/Event/@_EventID	Event identifier
/fragment/Event/@created	Message creation timestamp
/fragment/Event/SE	Secured element
/fragment/Event/SE/Auth	Authenticator element
/fragment/EventSE/Auth/@MAC	Message Authentication Code

The /fragment/Event/@_EA2 attribute contains data specified as:

 <xs:element name="LU">
  <xs:complexType>
  <xs:sequence>
   <xs:element name="L">
   <xs:complexType>
    <xs:sequence>
    <xs:choice maxOccurs="unbounded">
     <xs:element name="BH">
     <xs:complexType>
      <xs:attribute name="_body" type="xs:base64Binary" use="required"/>
      <xs:attribute name="_iv" type="xs:base64Binary" use="required"/>
      <xs:attribute name="_key" type="xs:base64Binary" use="required"/>
      <xs:attribute name="_mac" type="xs:base64Binary" use="required"/>
     </xs:complexType>
     </xs:element>
     <xs:element maxOccurs="unbounded" name="E">
     <xs:complexType>
      <xs:attribute name="_body" type="xs:base64Binary" use="required"/>
      <xs:attribute name="_iv" type="xs:base64Binary" use="required"/>
      <xs:attribute name="_mac" type="xs:base64Binary" use="required"/>
     </xs:complexType>
     </xs:element>
     <xs:element name="EH">
     <xs:complexType>
      <xs:attribute name="_body" type="xs:base64Binary" use="required"/>
      <xs:attribute name="_iv" type="xs:base64Binary" use="required"/>
      <xs:attribute name="_mac" type="xs:base64Binary" use="required"/>
     </xs:complexType>
     </xs:element>
     <xs:element name="UM">
     <xs:complexType>
      <xs:attribute name="_dt" type="xs:string" use="required"/>
      <xs:attribute name="_q" type="xs:int" use="required"/>
     </xs:complexType>
     </xs:element>
    </xs:choice>
    </xs:sequence>
   </xs:complexType>
   </xs:element>
  </xs:sequence>
  <xs:attribute name="_dg" type="xs:string" use="required"/>
  <xs:attribute name="_dgh" type="xs:base64Binary" use="required"/>
  <xs:attribute name="_iv" type="xs:base64Binary" use="required"/>
  <xs:attribute name="_lok" type="xs:base64Binary" use="required"/>
  <xs:attribute name="_mac" type="xs:base64Binary" use="required"/>
  <xs:attribute name="_v" type="xs:string" use="required"/>
  </xs:complexType>
 </xs:element>

The following table describes the elements and attributes:

XPath	Description
/LU	Log upload element
/LU/@_dg	Device GUID
/LU/@_dgh	SHA1 hash of the Device GUID.
/LU/@_iv	Initialization vector for the encryption and decryption
/LU/@_lok	Lock on key
/LU/@_mac	Message Authentication Code
/LU/@_v	The value MUST be "1,0".
/LU/L	Log data element
/LU/L/BH	Begin header element
/LU/L/BH/@_body	Base64 encoded log data
/LU/L/BH/@_iv	Initialization vector for the encryption and decryption
/LU/L//BH/@_key	Encryption key
/LU/L/BH/@_mac	Message Authentication Code
/LU/L/E	Entry element
/LU/L/E/@_body	Base64 encoded log data
/LU/L/E/@_iv	Initialization vector for the encryption and decryption
/LU/L/E/@_mac	Message Authentication Code
/LU/L/EH	End header element
/LU/L/EH/@_body	Base64 encoded log data
/LU/L/EH/@_iv	Initialization vector for the encryption and decryption
/LU/L/EH/@_mac	Message Authentication Code
/LU/L/UM	Upload marker element
/LU/L/UM/@_dt	Date time in MM/DD/YYYY hh:mm:ss format where: MM=Month, DD=Day, YYYY=year, hh=hour, mm=minute, ss=second
/LU/L/UM/@_q	Upload sequence number (current _q = last uploaded _q + 1)

2.2.3.5.1 AuditLogUpload Payload

Additional resources