|
#^Nsure
Audit Instrumentation^0001^NAuditInst^EN |
||||||||||||
|
# |
||||||||||||
|
#
Variables: |
||||||||||||
|
# |
||||||||||||
|
#
Syntax: $FV |
||||||||||||
|
# |
||||||||||||
|
#
Format (F): |
||||||||||||
|
# T
- Time (UTC localized) |
||||||||||||
|
# D
- Date (UTC localized) |
||||||||||||
|
# N
- Number (32-bit unsigned) |
||||||||||||
|
# n
- Number (32-bit signed) |
||||||||||||
|
# S
- String |
||||||||||||
|
# X
- Hexadecimal Number |
||||||||||||
|
# R
- RFC822 format date/time |
||||||||||||
|
# I
- IPv4 Internet Address (network order) |
||||||||||||
|
# i
- IPv4 Internet Address (host order) |
||||||||||||
|
# B
- Boolean (Yes/No) |
||||||||||||
|
# b
- Boolean (True/False) |
||||||||||||
|
# |
||||||||||||
|
#
Value (V): |
||||||||||||
|
# R
- Source IP Address |
||||||||||||
|
# C
- Platform Agent Date |
||||||||||||
|
# A
- Audit Service Date |
||||||||||||
|
# 1
- Numerical value 1 |
||||||||||||
|
# 2
- Numerical value 2 |
||||||||||||
|
# S
- Text 1 |
||||||||||||
|
# T
- Text 2 |
||||||||||||
|
# O
- Component |
||||||||||||
|
# I
- Event ID |
||||||||||||
|
# L
- Log Level |
||||||||||||
|
# M
- MIME Hint |
||||||||||||
|
# X
- Data Size |
||||||||||||
|
# D
- Data |
||||||||||||
|
# |
||||||||||||
|
# We
have two types of events: raw ds generated events and our own aggregate
filtered events. |
||||||||||||
|
# |
||||||||||||
|
#EventID |
Description |
Text1
Title |
Text2
Title |
Value1
Title |
Value1
Type |
Value2
Title |
Value2
Type |
Group
Title |
Group
Type |
Data
Title |
Data
Type |
Display
Schema |
|
0001 |
Nsure
Audit |
Nsure
Audit Instrumentation |
|
|
|
|
|
|
|
|
|
|
|
00010001 |
Heartbeat
Generated |
|
|
|
|
|
|
|
|
|
|
[$TC]
$SO: A Heartbeat event was generated\n |
|
00010002 |
License
Warning |
Message |
Message |
|
|
|
|
|
|
Message |
|
[$TC]
$SO: $SS\n |
|
00010003 |
Application
Container Used |
Container |
|
Active |
B |
|
|
|
|
|
|
[$TC]
$SO: Application container $SS (Active: $B1) was used\n |
|
00010004 |
Application
Allowed |
Application |
|
Active |
B |
|
|
|
|
|
|
[$TC]
$SO: Application $SS allowed (Active:
$B1)\n |
|
00010005 |
Application
Failed |
Application |
|
|
|
|
|
|
|
|
|
[$TC]
$SO: Application $SS failed to load\n |
|
00010006 |
Channel
Loaded |
Object |
|
Active |
B |
|
|
|
|
|
|
[$TC]
$SO: Channel $SS (Active: $B1) was loaded\n |
|
00010007 |
Driver
Failed |
Path |
Driver
Name |
Error
Code |
n |
|
|
|
|
|
|
[$TC]
$SO: Driver $ST (Path: $SS) failed to load,
Error Code: $n1\n |
|
00010008 |
Default
Log Channel |
Driver
Object DN |
|
|
|
|
|
|
|
|
|
[$TC]
$SO: The default log channel is $SS\n |
|
00010009 |
Log
Channel Failed |
Driver
Object DN |
|
|
|
|
|
|
|
|
|
[$TC]
$SO: Log Channel $SS failed to load\n |
|
0001000A |
Out of
Memory |
File |
|
Size |
N |
|
|
|
|
|
|
[$TC]
$SO: Failed to alloc $N1 in $SS \n |
|
0001000B |
Server
Unload Attempt |
|
|
|
|
|
|
|
|
|
|
[$TC]
$SO: An attempt was made to unload the server\n |
|
0001000C |
Server
Unloaded |
|
|
|
|
|
|
|
|
|
|
[$TC]
$SO: The server was unloaded\n |
|
0001000E |
Channel
Container Used |
Container |
|
Active |
B |
|
|
|
|
|
|
[$TC]
$SO: Channel container $SS (Active: $B1) was used\n |
|
0001000F |
Notification
Container Used |
Container |
|
Active |
B |
|
|
|
|
|
|
[$TC]
$SO: Notification container $SS (Active: $B1) was used\n |
|
00010010 |
Notification
Loaded |
Object |
|
Active |
B |
|
|
|
|
|
|
[$TC]
$SO: Notification $SS (Active: $B1) was loaded\n |
|
00010011 |
Bad
Notification |
Object |
Bad Rule |
|
|
|
|
|
|
|
|
[$TC]
$SO: A bad notification ($ST) was detected on Notification $SS\n |
|
00010012 |
Heartbeat
Loaded |
Object |
|
Active |
B |
|
|
|
|
|
|
[$TC] $SO:
Heartbeat $SS (Active: $B1) was loaded\n |
|
00010013 |
Bad
Heartbeat |
Object |
Bad Rule |
|
|
|
|
|
|
|
|
[$TC]
$SO: A bad heartbeat rule ($ST) was detected on Heartbeat $SS\n |