All events logged through Nsure Audit have a fixed set of fields. Depending on the amount of information stored in each field, events can be as large as 4.5 KB.
The following diagram calls out the field elements that make up a logged event. It also indicates the maximum size of each field.
Refer to the table for an explanation of each field element.
Event Field |
Description |
Component |
The component string is formatted like a DOS pathname, with a back slash ( \ ) separating component parts. For example: \eDirectory\Database\Lookup \iChain\Connection Manager\Authentication \NetMail\POP3\Authentication The first part of the component string is the Application Identifier. The Application Identifier is stored in the applications certificate. When the Secure Logging Server authenticates an applications connection with the Platform Agent, it associates the Application Identifier with that connection. Thereafter, it automatically adds the Application Identifier to the component string for every event coming from that connection. For more information on application certificates and authentication, see the Novell Nsure Audit Administration Guide. NOTE: The Application Identifer is also stored in the Application object. For more information, see Creating and Configuring Application Objects. The subsequent portions of the component string are defined by the application. Typically, they identify modules within the application, types of events, etc. The intent of the component string is to facilitate queries across various products and events. For example, using wildcard characters, you can search for all iChain violations (\ichain\*\violations), all iChain events (\ichain\*), or violations from every logging application (*\violations).
|
Event ID |
The event ID is comprised of two elements. The HiWord is the numerical Application ID assigned to the current application. All Application IDs are assigned through Novell Developer Support and are maintained in the Nsure Audit central registry. NOTE: Before instrumenting a new application, developers should obtain an AppID through Novell Developer Support. The LoWord is the AppEventID assigned by the person instrumenting the application. Typically, these values are assigned in ascending order. For more information, see the Novell Nsure Audit SDK.
|
Group ID |
An ID that can be used to identify related events. For example, the NetMail instrumentation of Nsure Audit uses this field to store the temporary filename assigned to each message as it passes through the message queue. By sorting on the Group ID, NetMail administrators can view all events that occurred as that particular message passed through the message queue.
|
Log Level (Severity) |
The log level is an indicator of the severity of the reported event.
|
IP Address |
The IP address of the Platform Agent that logged the event.
|
Client |
The time the Platform Agent received the event from the logging application.
|
Server Timestamp |
The time the logging server received the event.
|
Text1 |
The value of this field depends upon the event. It may contain any text string up to 255 characters. NOTE: The Text1 field is vital to the function of the CVR driver. The CVR driver looks in the events Text1 and Text2 fields to identify the defined attribute and object for a given policy. For more information, see CVR Channel.
|
Text2 |
The value of this field depends upon the event. It may contain any text string up to 255 characters. NOTE: The Text1 field is vital to the function of the CVR driver. The CVR driver looks in the events Text1 and Text2 fields to identify the defined attribute and object for a given policy. For more information, see CVR Channel.
|
Value1 |
The value of this field depends upon the event. It may contain any numeric value up to 32 bits.
|
Value2 |
The value of this field depends upon the event. It may contain any numeric value up to 32 bits.
|
Mime hint |
This field identifies the type of data contained in the Data field.
|
Data size |
This field identifies the size of the data contained in the Data field.
|
Data |
The value of this field depends upon the event. If an event has more data than can be stored in the String and Numeric Value fields, it is possible to store up to 3 KB of binary data in the Data field.
|
For more information on event and format variables, see Event Variables.
For more information on using Nsure Audit, see Nsure Audit Help.
A trademark symbol (®, TM, etc.) denotes a Novell trademark. An asterisk (*) denotes a third-party trademark. For information on trademarks, see Legal Notices.