The ClearPath MCP environment maintains a system summary log (sumlog) that can contain all events that happen on the system. This includes object creation and deletion (files, jobs, tasks, sessions, etc.), and all file access and security violations. This is part of the core operating system, and does not require any additional software or options. Access to the system sumlog information is restricted; only system administrators can view all entries. Each log record contains result and visibility information. The result field can indicate that the record contains security related data (including security relevant actions and security violations). Analysis software can filter log records based on these fields, which allows cross-product security analysis to be performed.

MCP system software uses these RELEVANT and VIOLATION bits when logging events to the system sumlog and security log. For example, the TCP/IP network provider uses these bits when logging its events facilitating easier discovery and analysis of network-based attacks. All sumlog entries can be translated into syslog for input into industry-standard SIEM frameworks.

Each log record contains a major and minor type that defines the content and layout of the record. This allows analysis software to efficiently filter the log for records of a specific type.