NetWare Event Data
This file contains a listing of all NsureTM Audit events logged by NetWareŽ.
EventID | Description | Originator Title | Target Title | Subtarget Title | Text1 Title | Text2 Title | Text3 Title | Value1 Title | Value1 Type | Value2 Title | Value2 Type | Value3 Title | Value3 Type | Group Title | Group Type | Data Title | Data Type | Display Schema. See Display Schema Variables for details. |
000A0001 | File Delete | User | File | Result | [$rC] [$SO]: User $SB deleted file $SU | |||||||||||||
000A0002 | File Open | User | File | Rights | Result | Handle | [$rC] [$SO]: User $SB opened file $SU with rights $X1 | |||||||||||
000A0003 | File Create | User | File | Result | [$rC] [$SO]: User $SB created file $SS | |||||||||||||
000A0004 | File Create & Open | User | File | Rights | Result | Handle | [$rC] [$SO]: User $SB created and opened file $SU with rights $X1 | |||||||||||
000A0005 | File Rename | User | Old File | New-Path | Result | Handle | [$rC] [$SO]: User $SB rename file $SU to $SS | |||||||||||
000A0006 | File Close | User | Result | Handle | [$rC] [$SO]: User $SB closed file (Group:$XG) | |||||||||||||
000A0007 | Directory Create | User | Directory | Result | [$rC] [$SO]: User $SB created directory $SU | |||||||||||||
000A0008 | Directory Remove | User | Directory | Result | [$rC] [$SO]: User $SB removed directory $SU | |||||||||||||
000A0009 | Directory Modified | User | Directory | Result | [$rC] [$SO]: User $SB modified directory $SU | |||||||||||||
000A000A | File Salvaged | User | File | Result | [$rC] [$SO]: User $SB salvaged file $SU | |||||||||||||
000A000B | File Purged | User | File | Result | [$rC] [$SO]: User $SB permanently purged file $SU | |||||||||||||
000A000C | Namespace Entry Changed | User | File | New-Name | Attribute Mask | Result | [$rC] [$SO]: User $SB changed namespace name for file $SU to $SS | |||||||||||
000A000D | Namespace Modified | User | File | Modification Mask | Result | [$rC] [$SO]: User $SB modified the namespace entry for file $SU | ||||||||||||
000A000E | DOS Info Modified | User | File | Modification Mask | Result | [$rC] [$SO]: User $SB modified the DOS information for file $SU | ||||||||||||
000A000F | Trustee Added | User | File | Client IP | i | Rights | Object | [$rC] [$SO]: User $SB at $i1 added trustee $SS for file $SU | ||||||||||
000A0010 | Trustee Removed | User | File | Client IP | i | Object | [$rC] [$SO]: User $SB at $i1 removed trustee $SS from file $SU\r\n | |||||||||||
000A0011 | Trustee Modified | User | File | Client IP | i | Rights | Object | [$rC] [$SO]: User $SB at $i1 modified the trustee information for file $SU | ||||||||||
000A0101 | Volume Mounted | Server | Volume | [$rC] [$SO]: Volume $SY has been mounted on server $SU\r\n | ||||||||||||||
000A0102 | Volume Dismounted | Server | Volume | [$rC] [$SO]: Volume $SY has been dismounted on server $SU\r\n | ||||||||||||||
000A0103 | Server Down | Server | [$rC] [$SO]: Server $SU has been shut down\r\n | |||||||||||||||
000A0104 | Module Loaded | Host | Module Name | [$rC] [$SO]: Module $SY loaded on server $SU\r\n | ||||||||||||||
000A0105 | Module Unloaded | Host | Module Name | [$rC] [$SO]: Module $SY unloaded on server $SU\r\n | ||||||||||||||
000A0106 | Connection Cleared | Host | User | Client IP | i | [$rC] [$SO]: Connection for user $SY ($i1) on server $SU cleared\r\n | ||||||||||||
000A0107 | Login | User | Host | Client IP | i | [$rC] [$SO]: User $SB ($i1) logged in on server $SU\r\n | ||||||||||||
000A0108 | Protocol Bind | Host | Board | Protocol | [$rC] [$SO]: Server $SU | |||||||||||||
000A0109 | Protocol Unbind | Host | Board | Protocol | [$rC] [$SO]: Server $SU | |||||||||||||
000A010A | NetWare Alert | Module | Message | Server | Class | ID | [$rC] [$SO]: NetWare Alert $SU generated by module $SB | |||||||||||
000A010B | Logout | User | Host | Client IP | i | [$rC] [$SO]: User $SB ($i1) logged out of server $SU\r\n |
The following variables are used to extract values from an event when it is displayed using the template in the display schema field. Variables are constructed by specifying a $ character, followed by a two character code representing the variable format and value. For example:
$FV
Possible values for the variable format (F) and variable value (V) are as follows:
Format (F): |
T - Time (UTC localized) |
D - Date (UTC localized) |
N - Number (32bit unsigned) |
n - Number (32bit signed) |
S - String |
X - Hexadecimal Number |
R - RFC822 format date/time |
I - IPv4 Internet Address (network order) |
i - IPv4 Internet Address (host order) |
B - Boolean (Yes/No) |
b - Boolean (True/False) |
Value (V): |
R - Source IP Address |
C - Platform Agent Date |
A - Audit Service Date |
B - Originator |
H - Originator Type |
U - Target |
V - Target Type |
Y - SubTarget |
1 - Numerical value 1 |
2 - Numerical value 2 |
3 - Numerical value 3 |
S - Text 1 |
T - Text 2 |
F - Text 3 |
O - Component |
G - Group ID |
I - Event ID |
L - Log Level |
M - MIME Hint |
X - Data Size |
D - Data |