NetWare Event Data

This file contains a listing of all NsureTM Audit events logged by NetWareŽ.

EventID Description Originator Title Target Title Subtarget Title Text1 Title Text2 Title Text3 Title Value1 Title Value1 Type Value2 Title Value2 Type Value3 Title Value3 Type Group Title Group Type Data Title Data Type Display Schema. See  Display Schema Variables for details.
000A0001 File Delete User File Result [$rC] [$SO]: User $SB deleted file $SU
000A0002 File Open User File Rights Result Handle [$rC] [$SO]: User $SB opened file $SU with rights $X1
000A0003 File Create User File Result [$rC] [$SO]: User $SB created file $SS
000A0004 File Create & Open User File Rights Result Handle [$rC] [$SO]: User $SB created and opened file $SU with rights $X1
000A0005 File Rename User Old File New-Path Result Handle [$rC] [$SO]: User $SB rename file $SU to $SS
000A0006 File Close User Result Handle [$rC] [$SO]: User $SB closed file (Group:$XG)
000A0007 Directory Create User Directory Result [$rC] [$SO]: User $SB created directory $SU
000A0008 Directory Remove User Directory Result [$rC] [$SO]: User $SB removed directory $SU
000A0009 Directory Modified User Directory Result [$rC] [$SO]: User $SB modified directory $SU
000A000A File Salvaged User File Result [$rC] [$SO]: User $SB salvaged file $SU
000A000B File Purged User File Result [$rC] [$SO]: User $SB permanently purged file $SU
000A000C Namespace Entry Changed User File New-Name Attribute Mask Result [$rC] [$SO]: User $SB changed namespace name for file $SU to $SS
000A000D Namespace Modified User File Modification Mask Result [$rC] [$SO]: User $SB modified the namespace entry for file $SU
000A000E DOS Info Modified User File Modification Mask Result [$rC] [$SO]: User $SB modified the DOS information for file $SU
000A000F Trustee Added User File Client IP i Rights Object [$rC] [$SO]: User $SB at $i1 added trustee $SS for file $SU
000A0010 Trustee Removed User File Client IP i Object [$rC] [$SO]: User $SB at $i1  removed trustee $SS from file $SU\r\n
000A0011 Trustee Modified User File Client IP i Rights Object [$rC] [$SO]: User $SB at $i1 modified the trustee information for file $SU
000A0101 Volume Mounted Server Volume [$rC] [$SO]: Volume $SY has been mounted on server $SU\r\n
000A0102 Volume Dismounted Server Volume [$rC] [$SO]: Volume $SY has been dismounted on server $SU\r\n
000A0103 Server Down Server [$rC] [$SO]: Server $SU has been shut down\r\n
000A0104 Module Loaded Host Module Name [$rC] [$SO]: Module $SY loaded on server $SU\r\n
000A0105 Module Unloaded Host Module Name [$rC] [$SO]: Module $SY unloaded on server $SU\r\n
000A0106 Connection Cleared Host User Client IP i [$rC] [$SO]: Connection for user $SY ($i1) on server $SU cleared\r\n
000A0107 Login User Host Client IP i [$rC] [$SO]: User $SB ($i1) logged in on server $SU\r\n
000A0108 Protocol Bind Host Board Protocol [$rC] [$SO]: Server $SU
000A0109 Protocol Unbind Host Board Protocol [$rC] [$SO]: Server $SU
000A010A NetWare Alert Module Message Server Class ID [$rC] [$SO]: NetWare Alert $SU generated by module $SB
000A010B Logout User Host Client IP i [$rC] [$SO]: User $SB ($i1) logged out of server $SU\r\n

Display Schema Variables

The following variables are used to extract values from an event when it is displayed using the template in the display schema field. Variables are constructed by specifying a $ character, followed by a two character code representing the variable format and value. For example:

$FV

Possible values for the variable format (F) and variable value (V) are as follows:

Format (F):
T - Time (UTC localized)
D - Date (UTC localized)
N - Number (32bit unsigned)
n - Number (32bit signed)
S - String
X - Hexadecimal Number
R - RFC822 format date/time
I - IPv4 Internet Address (network order)
i - IPv4 Internet Address (host order)
B - Boolean (Yes/No)
b - Boolean (True/False)
 
Value (V):
R - Source IP Address
C - Platform Agent Date
A - Audit Service Date
B - Originator
H - Originator Type
U - Target
V - Target Type
Y - SubTarget
1 - Numerical value 1
2 - Numerical value 2
3 - Numerical value 3
S - Text 1
T - Text 2
F - Text 3
O - Component
G - Group ID
I - Event ID
L - Log Level
M - MIME Hint
X - Data Size
D - Data