NetWare Event Data
This file contains a listing of all NsureTM Audit events logged by NetWareŽ.
| EventID | Description | Originator Title | Target Title | Subtarget Title | Text1 Title | Text2 Title | Text3 Title | Value1 Title | Value1 Type | Value2 Title | Value2 Type | Value3 Title | Value3 Type | Group Title | Group Type | Data Title | Data Type | Display Schema. See Display Schema Variables for details. |
| 000A0001 | File Delete | User | File | Result | [$rC] [$SO]: User $SB deleted file $SU | |||||||||||||
| 000A0002 | File Open | User | File | Rights | Result | Handle | [$rC] [$SO]: User $SB opened file $SU with rights $X1 | |||||||||||
| 000A0003 | File Create | User | File | Result | [$rC] [$SO]: User $SB created file $SS | |||||||||||||
| 000A0004 | File Create & Open | User | File | Rights | Result | Handle | [$rC] [$SO]: User $SB created and opened file $SU with rights $X1 | |||||||||||
| 000A0005 | File Rename | User | Old File | New-Path | Result | Handle | [$rC] [$SO]: User $SB rename file $SU to $SS | |||||||||||
| 000A0006 | File Close | User | Result | Handle | [$rC] [$SO]: User $SB closed file (Group:$XG) | |||||||||||||
| 000A0007 | Directory Create | User | Directory | Result | [$rC] [$SO]: User $SB created directory $SU | |||||||||||||
| 000A0008 | Directory Remove | User | Directory | Result | [$rC] [$SO]: User $SB removed directory $SU | |||||||||||||
| 000A0009 | Directory Modified | User | Directory | Result | [$rC] [$SO]: User $SB modified directory $SU | |||||||||||||
| 000A000A | File Salvaged | User | File | Result | [$rC] [$SO]: User $SB salvaged file $SU | |||||||||||||
| 000A000B | File Purged | User | File | Result | [$rC] [$SO]: User $SB permanently purged file $SU | |||||||||||||
| 000A000C | Namespace Entry Changed | User | File | New-Name | Attribute Mask | Result | [$rC] [$SO]: User $SB changed namespace name for file $SU to $SS | |||||||||||
| 000A000D | Namespace Modified | User | File | Modification Mask | Result | [$rC] [$SO]: User $SB modified the namespace entry for file $SU | ||||||||||||
| 000A000E | DOS Info Modified | User | File | Modification Mask | Result | [$rC] [$SO]: User $SB modified the DOS information for file $SU | ||||||||||||
| 000A000F | Trustee Added | User | File | Client IP | i | Rights | Object | [$rC] [$SO]: User $SB at $i1 added trustee $SS for file $SU | ||||||||||
| 000A0010 | Trustee Removed | User | File | Client IP | i | Object | [$rC] [$SO]: User $SB at $i1 removed trustee $SS from file $SU\r\n | |||||||||||
| 000A0011 | Trustee Modified | User | File | Client IP | i | Rights | Object | [$rC] [$SO]: User $SB at $i1 modified the trustee information for file $SU | ||||||||||
| 000A0101 | Volume Mounted | Server | Volume | [$rC] [$SO]: Volume $SY has been mounted on server $SU\r\n | ||||||||||||||
| 000A0102 | Volume Dismounted | Server | Volume | [$rC] [$SO]: Volume $SY has been dismounted on server $SU\r\n | ||||||||||||||
| 000A0103 | Server Down | Server | [$rC] [$SO]: Server $SU has been shut down\r\n | |||||||||||||||
| 000A0104 | Module Loaded | Host | Module Name | [$rC] [$SO]: Module $SY loaded on server $SU\r\n | ||||||||||||||
| 000A0105 | Module Unloaded | Host | Module Name | [$rC] [$SO]: Module $SY unloaded on server $SU\r\n | ||||||||||||||
| 000A0106 | Connection Cleared | Host | User | Client IP | i | [$rC] [$SO]: Connection for user $SY ($i1) on server $SU cleared\r\n | ||||||||||||
| 000A0107 | Login | User | Host | Client IP | i | [$rC] [$SO]: User $SB ($i1) logged in on server $SU\r\n | ||||||||||||
| 000A0108 | Protocol Bind | Host | Board | Protocol | [$rC] [$SO]: Server $SU | |||||||||||||
| 000A0109 | Protocol Unbind | Host | Board | Protocol | [$rC] [$SO]: Server $SU | |||||||||||||
| 000A010A | NetWare Alert | Module | Message | Server | Class | ID | [$rC] [$SO]: NetWare Alert $SU generated by module $SB | |||||||||||
| 000A010B | Logout | User | Host | Client IP | i | [$rC] [$SO]: User $SB ($i1) logged out of server $SU\r\n |
The following variables are used to extract values from an event when it is displayed using the template in the display schema field. Variables are constructed by specifying a $ character, followed by a two character code representing the variable format and value. For example:
$FV
Possible values for the variable format (F) and variable value (V) are as follows:
| Format (F): |
| T - Time (UTC localized) |
| D - Date (UTC localized) |
| N - Number (32bit unsigned) |
| n - Number (32bit signed) |
| S - String |
| X - Hexadecimal Number |
| R - RFC822 format date/time |
| I - IPv4 Internet Address (network order) |
| i - IPv4 Internet Address (host order) |
| B - Boolean (Yes/No) |
| b - Boolean (True/False) |
| Value (V): |
| R - Source IP Address |
| C - Platform Agent Date |
| A - Audit Service Date |
| B - Originator |
| H - Originator Type |
| U - Target |
| V - Target Type |
| Y - SubTarget |
| 1 - Numerical value 1 |
| 2 - Numerical value 2 |
| 3 - Numerical value 3 |
| S - Text 1 |
| T - Text 2 |
| F - Text 3 |
| O - Component |
| G - Group ID |
| I - Event ID |
| L - Log Level |
| M - MIME Hint |
| X - Data Size |
| D - Data |