Open topic with navigation

Application Events

The following table lists the information contained in audit events related to various Logger functions and configuration changes on it. The Severity for all Logger application events is 2.

Device Event
Class ID

Device Event
Category (cat)

Message

Additional Fields

Alerts

 

 

logger:610

/Logger/Component
/Alert/Configuration
/Add

Alert [name] has been added

fname=AlertName
duser=UserName
duid=userId
cs4=sessionIdfile
cs4Label=Session ID
fileType=forwarderType
dvc=syslogOrSnmpIpAddr
dvchost=syslogOrSnmpHostName
cn1Label=Syslog or SNMP Destination Port
cn1=syslogOrSnmpPort
cs1Label=Filter
cs1=filter
cs2Label=Email Destination(s)
cs2=emailAddresses

logger:611

/Logger/Component
/Alert/Configuration
/Delete

Alert [name] has been deleted

fname=AlertName
duser=UserName
duid=userId
cs4=sessionIdfile
cs4Label=Session ID
fileType=forwarderType
dvc=syslogOrSnmpIpAddr
dvchost=syslogOrSnmHostName
cn1Label=Syslog or SNMP Destination Port
cn1=syslogOrSnmpPort
cs1Label=Filter
cs1=filter
cs2Label=Email Destination(s)
cs2=emailAddresses

logger:612

/Logger/Component
/Alert/Configuration
/Update

Alert [name] has been updated

fname=AlertName
duser=UserName
duid=userId
cs4=sessionIdfile
cs4Label=Session ID
fileType=forwarderType
dvc=syslogOrSnmpIpAddr
dvchost=syslogOrSnmpHostName
cn1Label=Syslog or SNMP Destination Port
cn1=syslogOrSnmpPort
cs1Label=Filter
cs1=filter
cs2Label=Email Destination(s)
cs2=emailAddresses

logger:613

/Logger/Component
/Alert/Configuration
/Enable

Alert [name] has
been enabled

fname=AlertName
duser=UserName
duid=userId
cs4=sessionIdfile
cs4Label=Session ID
fileType=forwarderType
dvc=syslogOrSnmpIpAddr
dvchost=syslogOrSnmpHostName
cn1Label=Syslog or SNMP Destination Port
cn1=syslogOrSnmpPort
cs1Label=Filter
cs1=filter
cs2Label=Email Destination(s)
cs2=emailAddresses

logger:614

/Logger/Component
/Alert/Configuration
/Disable

Alert [name] has been disabled

fname=AlertName
duser=UserName
duid=userId
cs4=sessionIdfile
cs4Label=Session ID
fileType=forwarderType
dvc=syslogOrSnmpIpAddr
dvchost=syslogOrSnmpHostName
cn1Label=Syslog or SNMP Destination Port
cn1=syslogOrSnmpPort
cs1Label=Filter
cs1=filter
cs2Label=Email Destination(s)
cs2=emailAddresses

logger:615

/Logger/Alert
/Configuration/Sent

Alert [name] has been sent

fname=AlertName
duser=UserName
duid=userId
cs4=sessionIdfile
cs4Label=Session ID
fileType=forwarderType
dvc=syslogOrSnmpIpAddr
dvchost=syslogOrSnmpOr
EsmHostName
cn1Label=Syslog Or SNMP Or ESM Destination Port
cn1=syslogOrSnmpOrEsmPort
cs1Label=Filter
cs1=filter
cs2Label=Email Destination(s)
cs2=emailAddresses

logger:800

/Logger/Component/Search/Stats/Started

Search [Search ID] has started

dst=destinationAddress
duser=UserName
src=sourceAddress
cs1Label=SearchID
cs1=searchid
cs2Label=AusmQuery
cs2=ausmquery
cs4Label=EventTime
cs4=eventtime
cs5Label=Query
cs5=query
cs6Label=Querytype
cs6=querytype

logger:801

/Logger/Component/Search/Stats/Finished

Search [Search ID] has finished

dst=destinationAddress
src=sourceAddress
cs1Label=SearchID
cs1=searchid
cs2Label=SearchStatus
cs2=searchstatus
cn3Label=TotalScanRate
cn3=totalscanrate
cn1Label=TotalScanCount
cn1=totalscancount
cn2Label=TotalHitCount
cn2=totalhitcount

logger:802

/Logger/Component/Search/Stats/Final

Peer [IP] Final Search Status

dst=destinationAddress
src=sourceAddress
cs1Label=SearchID
cs1=searchid
cs2Label=PeerReachability
cs2=peerreachability
cs3Label=SearchStatus
cs3=searchstatus
cs5Label=MemoryUsed
cs5=memoryused
cs4Label=CPUUsed
cs4=cpuused
cn1Label=ScanCount
cn1=scancount
cn2Label=HitCount
cn2=hitcount
cn3Label=ScanRate
cn3=scanrate

logger:803

/Logger/Component/Search/Stats/Intermediate

Peer [IP] Intermediate Search Status

dst=destinationAddress
src=sourceAddress
cs1Label=SearchID
cs1=searchid
cs2Label=PeerReachability
cs2=peerreachability
cs3Label=SearchStatus
cs3=searchstatus
cs5Label=MemoryUsed
cs5=memoryused
cs4Label=CPUUsed
cs4=cpuused
cn1Label=ScanCount
cn1=scancount
cn2Label=HitCount
cn2=hitcount
cn3Label=ScanRate
cn3=scanrate

Certificates

 

 

logger:643

/Logger/Component/
Certificate/Configuration
/Add

Certificate [name] has been added

fname=alias
duser=UserName
duid=userId
cs4=sessionId
cs4Label=Session ID
fileType=Certificate

logger:650

/Logger/Component/
Certificate/Configuration
/Delete

Certificate [name] has been deleted

fname=alias
duser=UserName
duid=userId
cs4=sessionId
cs4Label=Session ID
fileType=Certificate

logger:651

/Logger/Component/
Certificate/Configuration
/Update

Certificate [name] has been updated

fname=alias
duser=UserName
duid=userId
cs4=sessionId
cs4Label=Session ID
fileType=Certificate

Configuration Backup

 

 

logger:660

/Logger/Component/
ConfigBackup
/Configuration/Update

Configuration backup has been updated

fname=Configuration Backup
duser=UserName
filePath= backup file path
fpath= filePath
src=back up machine IP
shost=back up machine Host Name
duid=userId
cs4=sessionId
cs4Label=Session ID
fileType=Configuration Backup

logger:661

/Logger/Component/
ConfigBackup
/Configuration/Enable

Configuration backup has been enabled

fname=Configuration Backup
duser=UserName
duid=userId
cs4=sessionId
cs4Label=Session ID
fileType=Configuration Backup

logger:662

/Logger/Component/
ConfigBackup
/Configuration/Disable

Configuration backup has been disabled

fname=Configuration Backup
duser=UserName
duid=userId
cs4=sessionId
cs4Label=Session ID
fileType=Configuration Backup

logger:665

/Logger/Component
/ConfigBackup
/Configuration/Backup

Configuration backup succeeded. Transfer process finished.

fname=Configuration Backup
fileType=Configuration Backup
fpath= filePath
filePath= backup file name/path
fsize=fileSizeInByte
src=back up machine IP
shost=back up machine Host Name

ESM Destinations

 

 

logger:640

/Logger/Component/
EsmDestination/
Configuration/Add

ESM destination [name] has been added

fname=esmDestinationName
duser=UserName
duid=userId
cs4=sessionIdfile
cs4Label=Session ID
fileType=ESM Destination
fileId=esmDestinationId
dvc=esmDestinationIp
dvchost=esmDestinationHost
cn1Label=ESM Destination Port
cn1=esmDestinationPort
cs1Label=Connector Name
cs1=connectorName
cs2Label=Connector Location
cs2=connectorLocation
cs3Label=Logger Location
cs3=loggerLocation

logger:641

/Logger/Component/
EsmDestination/
Configuration/Delete

ESM destination [name] has been deleted

fname=esmDestinationName
duser=UserName
duid=userId
cs4=sessionId file
cs4Label=Session ID
fileType=ESM Destination
fileId=esmDestinationId
dvc=esmDestinationIp
dvchost=esmDestinationHost
cn1Label=ESM Destination Port
cn1=esmDestinationPort
cs1Label=Connector Name
cs1=connectorName
cs2Label=Connector Location
cs2=connectorLocation
cs3Label=Logger Location
cs3=loggerLocation

TH Destinations

 

 

logger:730

/Logger/Component/KafkaDestination/Configuration/Add

Kafka destination [name] has been added

fname=kafkaDestinationName
duser=UserName
duid=userId
cs4=sessionIdfile
cs4Label=Session ID
fileType=Kafka Destination
fileId=kafkaDestinationId
dvchost=kafkaDestinationBootstrap Hosts
cs1Label=Connector Name
cs1=connectorName
cs2Label=Connector Location
cs2=connectorLocation
cs3Label=Logger Location
cs3=loggerLocation

logger:731

/Logger/Component/ KafkaDestination/ Configuration/Delete

Kafka destination [name] has been deleted

fname=kafkaDestinationName
duser=UserName
duid=userId
cs4=sessionIdfile
cs4Label=Session ID
fileType=Kafka Destination
fileId=kafkaDestinationId
dvchost=kafkaDestinationBootstrap Hosts
cs1Label=Connector Name
cs1=connectorName
cs2Label=Connector Location
cs2=connectorLocation
cs3Label=Logger Location
cs3=loggerLocation

Forwarders

 

 

logger:605

/Logger/Component
/Forwarder/Configuration
/Add

Forwarder [name] has been added

fname=forwarderName
duser=UserName
duid=userId
cs4=sessionIdfile
cs4Label=Session ID
fileType=forwarderType
dvc=forwarderIpAddr
dvchost=forwarderHostName
cn1Label=Forwarder Port
cn1=forwarderPort
cs1Label=Forwarder Filter
cs1=forwarderFilter

logger:606

/Logger/Component/
Forwarder/Configuration
/Delete

Forwarder [name] has been deleted

fname=forwarderName
duser=UserName
duid=userId
cs4=sessionIdfile
cs4Label=Session ID
fileType=forwarderType
dvc=forwarderIpAddr
dvchost=forwarderHostName
cn1Label=Forwarder Port
cn1=forwarderPort
cs1Label=Forwarder Filter
cs1=forwarderFilter

logger:607

/Logger/Component/
Forwarder/Configuration
/Update

Forwarder [name] has been updated

fname=forwarderName
duser=UserName
duid=userId
cs4=sessionIdfile
cs4Label=Session ID
fileType=forwarderType
dvc=forwarderIpAddr
dvchost=forwarderHostName
cn1Label=Forwarder Port
cn1=forwarderPort
cs1Label=Forwarder Filter
cs1=forwarderFilter

logger:608

/Logger/Component/
Forwarder/Configuration
/Enable

Forwarder [name] has been enabled

fname=forwarderName
duser=UserName
duid=userId
cs4=sessionIdfile
cs4Label=Session ID
fileType=forwarderType
dvc=forwarderIpAddr
dvchost=forwarderHostName
cn1Label=Forwarder Port
cn1=forwarderPort
cs1Label=Forwarder Filter
cs1=forwarderFilter

logger:609

/Logger/Component/
Forwarder/Configuration
/Disable

Forwarder [name] has been disabled

fname=forwarderName
duser=UserName
duid=userId
cs4=sessionIdfile
cs4Label=Session ID
fileType=forwarderType
dvc=forwarderIpAddr
dvchost=forwarderHostName
cn1Label=Forwarder Port
cn1=forwarderPort
cs1Label=Forwarder Filter
cs1=forwarderFilter

logger:663

/Logger/Component/
Forwarder/Configuration
/Pause

Forwarder [name] has been paused

fname=forwarderName
duser=UserName
duid=userId
cs4=sessionIdfile
cs4Label=Session ID
fileType=forwarderType
dvc=forwarderIpAddr
dvchost=forwarderHostName
cn1Label=Forwarder Port
cn1=forwarderPort
cs1Label=Forwarder Filter
cs1=forwarderFilter

logger:664

/Logger/Component/
Forwarder/Configuration
/Resume

Forwarder [name] has been resumed

fname=forwarderName
duser=UserName
duid=userId
cs4=sessionIdfile
cs4Label=Session ID
fileType=forwarderType
dvc=forwarderIpAddr
dvchost=forwarderHostName
cn1Label=Forwarder Port
cn1=forwarderPort
cs1Label=Forwarder Filter
cs1=forwarderFilter

Receivers

 

 

logger:600

/Logger/Component/
Receiver/Configuration
/Add

Receiver [name] has been added

fname=receiverName
duser=UserName
duid=userId
cs4=sessionIdfile
cs4Label=Session ID
fileType=receiverType
dvc=receiverIpAddr
dvchost=receiverHostName
cn1Label=Receiver Port
cn1=receiverPort

logger:601

/Logger/Component/
Receiver/Configuration
/Delete

Receiver [name] has been deleted

fname=receiverName
duser=UserName
duid=userId
cs4=sessionIdfile
cs4Label=Session ID
fileType=receiverType
dvc=receiverIpAddr
dvchost=receiverHostName
cn1Label=Receiver Port
cn1=receiverPort

logger:602

/Logger/Component/
Receiver/Configuration
/Update

Receiver [name] has been updated

fname=receiverName
duser=UserName
duid=userId
cs4=sessionIdfile
cs4Label=Session ID
fileType=receiverType
dvc=receiverIpAddr
dvchost=receiverHostName
cn1Label=Receiver Port
cn1=receiverPort

logger:603

/Logger/Component/
Receiver/Configuration
/Enable

Receiver [name] has been enabled

fname=receiverName
duser=UserName
duid=userId
cs4=sessionIdfile
cs4Label=Session ID
fileType=receiverType
dvc=receiverIpAddr
dvchost=receiverHostName
cn1Label=Receiver Port
cn1=receiverPort

logger:604

/Logger/Component/
Receiver/Configuration
/Disable

Receiver [name] has been disabled

fname=receiverName
duser=UserName
duid=userId
cs4=sessionIdfile
cs4Label=Session ID
fileType=receiverType
dvc=receiverIpAddr
dvchost=receiverHostName
cn1Label=Receiver Port
cn1=receiverPort

SNMP Destinations

 

 

logger:644

/Logger/Component/
SnmpDestination/
Configuration/Add

SNMP destination [name] has been added

fname=snmpDestinationName
duser=UserName
duid=userId
cs4=sessionIdfile
cs4Label=Session ID
fileType=SNMP Destination
fileId=snmpDestinationId
dvc=snmpDestinationIp
dvchost=snmpDestinationHost
cn1Label=SNMP Destination Port
cn1=snmpDestinationPort
cs1Label=Connector Name
cs1=connectorName
cs2Label=Connector Location
cs2=connectorLocation
cs3Label=Logger Location
cs3=loggerLocation

logger:645

/Logger/Component/
SnmpDestination/
Configuration/Delete

SNMP destination [name] has been deleted

fname=snmpDestinationName
duser=UserName
duid=userId
cs4=sessionIdfile
cs4Label=Session ID
fileType=SNMP Destination
fileId=snmpDestinationId
dvc=snmpDestinationIp
dvchost=snmpDestinationHost
cn1Label=SNMP Destination Port
cn1=snmpDestinationPort
cs1Label=Connector Name
cs1=connectorName
cs2Label=Connector Location
cs2=connectorLocation
cs3Label=Logger Location
cs3=loggerLocation

Syslog Destinations

 

 

logger:647

/Logger/Resource/
SyslogDestination/
Configuration/Add

Syslog destination [name] has been added

fname=syslogDestinationName
duser=UserName
duid=userId
cs4=sessionIdfile
cs4Label=Session ID
fileType=Syslog Destination
fileId=syslogDestinationId
dvc=syslogDestinationIp
dvchost=syslogDestinationHost
cn1Label=Syslog Destination Port
cn1=syslogDestinationPort

logger:648

/Logger/Component/
SyslogDestination/
Configuration/Delete

Syslog destination [name] has been deleted

fname=syslogDestinationName
duser=UserName
duid=userId
cs4=sessionIdfile
cs4Label=Session ID
fileType=Syslog Destination
fileId=syslogDestinationId
dvc=syslogDestinationIp
dvchost=syslogDestinationHost
cn1Label=Syslog Destination Port
cn1=syslogDestinationPort

logger:649

/Logger/Component
/SyslogDestination
/Configuration/Update

Syslog destination [name] has been updated

fname=syslogDestinationName
duser=UserName
duid=userId
cs4=sessionIdfile
cs4Label=Session ID
fileType=Syslog Destination
fileId=syslogDestinationId
dvc=syslogDestinationIp
dvchost=syslogDestinationHost
cn1Label=Syslog Destination Port
cn1=syslogDestinationPort

Archives

 

 

logger:520, Manually added

/Logger/Resource/Archive/ Add

Event Archive Added ManualArchive [Date] [Internal Event Storage Group]

cat=/Resource/Archive/Add
cs4=sessionIdFile
cs4Label=Session ID
dst=127.0.0.1
duid=userId
duser=User name
dvc=127.0.0.1
end=endTime
fileType=archive
fname= archiveName [Date] [Storage Group]
fpath=
geid=0
msg=
rt=1542381263507

logger:520, Added with schedule

/Logger/Resource/Archive/Add

Event Archive Added ManualArchive [Date] [Internal Event Storage Group]

cat=/Resource/Archive/Add
cs4Label=Session ID
dst=127.0.0.1
duser= scheduled Archivor
dvc=127.0.0.1
end=endTime
fileType=archive
fname= archiveName
fpath=
geid=0
rt=1542304800457

logger:521

/Logger/Resource
/Archive/Configuration
/Delete

Archive [archiveName] has been deleted

fname=archiveName
duser=UserName
duid=userId
cs4=sessionIdfile
cs4Label=Session ID
fileType=EventArchive
fileId=archiveId

logger:523

/Logger/Resource
/Archive/Configuration
/Load

Archive [archiveName] has been loaded

fname=archiveName
duser=UserName
duid=userId
cs4=sessionIdfile
cs4Label=Session ID
fileType=EventArchive
fileId=archiveId

logger:524

/Logger/Resource
/Archive/Configuration
/Unload

Archive [archiveName] has been unloaded

fname=archiveName
duser=UserName
duid=userId
cs4=sessionIdfile
cs4Label=Session ID
fileType=EventArchive
fileId=archiveId
logger:525, Manually added /Logger/Resource/Archive/ Archive Event Archive Archived ManualArchive [date] [Internal Event Storage Group]

dst=127.0.0.1
dvc=127.0.0.1
end=endTime
fileType=archive
fpath=/tmp/logger/internal_default_storage2
geid=0
rt=1542381271849
logger:525, Added with schedule /Logger/Resource/Archive/ Archive Event Archive Archived archive [date] [Internal Event Storage Group]

dst=127.0.0.1
dvc=127.0.0.1
end=endTime
fileType=archive
fname=fileName
fpath=/tmp/logger/internal_default_storage2
geid=0
rt=1542304809316

logger:526

/Logger/Resource
/Archive/Add

Event archive settings added

duser=UserName
duid=userId
cs1= Mount Location Path
cs2= Remote Subdirectory path
fileType= Event Archive Settings

logger:527

/Logger/Resource
/Archive/Update

Daily archive task settings updated

duser= UserName
duid= userId
cs1= Time for Daily Archive to Start
fileType= Daily Archive Task Settings

logger:528

/Logger/Resource
/Archive/Failed

Event archive failed

fname=archiveName
duser=UserName
duid=userId
cs4=sessionIdfile
cs4Label=Session ID
fileType=EventArchive
fileId=archiveId

logger:529

/Logger/Resource/Archive/Index

Event Archive [archiveName] has been indexed

fname=archiveName
duser=UserName
duid=userId
fileType=EventArchive indexed
geid=0

Dashboards

 

 

logger:580

/Logger/Resource
/Dashboard
/Configuration/Add

Dashboard [name] has been added

fname=dashboardName
duser=UserName
duid=userId
cs4=sessionIdfile
cs4Label=Session ID
fileType=Dashboard
fileId=DashboardId
rt=receiptTime

logger:581

/Logger/Resource
/Dashboard
/Configuration/Add

Dashboard [name] has been deleted

fname=dashboardName
duser=UserName
duid=userId
cs4=sessionIdfile
fileType=Dashboard
fileId=DashboardId
rt=receiptTime

logger:582

/Logger/Resource
/Dashboard
/Configuration/Update

Dashboard [name] has been updated

fname=dashboardName
duser=UserName
duid=userId
cs4=sessionIdfile
cs4Label=Session ID
fileType=Dashboard
fileId=DashboardId
rt=receiptTime

Devices

 

 

logger:510

/Logger/Resource
/Device/Configuration
/Add

Device [deviceName] has been added

fname=deviceName
duser=UserName
duid=userId
cs4=sessionIdfile
cs4Label=Session ID
fileType=Device
fileId=deviceId

logger:511

/Logger/Resource
/Device/Configuration
/Delete

Device [deviceName] has been deleted

fname=deviceName
duser=UserName
duid=userId
cs4=sessionIdfile
cs4Label=Session ID
fileType=Device
fileId=deviceId

logger:512

/Logger/Resource
/Device/Configuration
/Update

Device [deviceName] has been updated

fname=deviceName
duser=UserName
duid=userId
cs4=sessionIdfile
cs4Label=Session ID
fileType=Device
fileId=deviceId

Filters

 

 

logger:500

/Logger/Resource/Filter
/Configuration/Add

Filter [filterName] has been added

fname=filterName
duser=UserName
duid=userId
cs4=sessionIdfile
cs4Label=Session ID
fileType=Filter
fileId=filterId

logger:501

/Logger/Resource/Filter
/Configuration/Delete

Filter [filterName] has been deleted

fname=filterName
duser=UserName
duid=userId
cs4=sessionIdfile
cs4Label=Session ID
fileType=Filter
fileId=filterId

logger:502

/Logger/Resource/Filter
/Configuration/Update

Filter [filterName] has been updated

fname=filterName
duser=UserName
duid=userId
cs4=sessionIdfile
cs4Label=Session ID
fileType=Filter
fileId=filterId

Groups

 

 

logger:513

/Logger/Resource
/Group/Configuration
/Add

Group [groupName] has been added

fname=groupName
duser=UserName
duid=userId
cs4=sessionIdfile
cs4Label=Session ID
fileType=Group
fileId=groupId

logger:514

/Logger/Resource
/Group/Configuration
/Delete

Group [groupName] has been deleted

fname=groupName
duser=UserName
duid=userId
cs4=sessionIdfile
cs4Label=Session ID
fileType=Group
fileId=groupId

logger:515

/Logger/Resource
/Group/Configuration
/Update

Group [groupName] has been updated

fname=groupName
duser=UserName
duid=userId
cs4=sessionIdfile
cs4Label=Session ID
fileType=Group
fileId=groupId

Peer Loggers

 

 

logger:550

/Logger/Resource
/PeerLogger
/Configuration/Add

Peer Logger [name] has been added

fname=Name
duser=UserName
duid=userId
cs4=sessionIdfile
cs4Label=Session ID
fileType=Peer Logger
fileId=LoggerId

logger:551

/Logger/Resource
/PeerLogger
/Configuration/Delete

Peer Logger [name] has been deleted

fname=Name
duser=UserName
duid=userId
cs4=sessionIdfile
cs4Label=Session ID
fileType=Peer Logger
fileId=LoggerId

logger:570

/Logger/Resource
/Peer/Authorizations
/Configuration/Add

Peer Logger authorization [name] has been added

fname=Name
duser=UserName
duid=userId
cs4=sessionIdfile
cs4Label=Session ID
fileType=Peer Logger Authorization

logger:571

/Logger/Resource
/PeerLogger
/Authorizations
/Configuration/Delete

Peer Logger authorization [name] has been deleted

fname=Name
duser=UserName
duid=userId
cs4=sessionIdfile
cs4Label=Session ID
fileType=Peer Logger Authorization
fileId=LoggerId

Parsers

logger:590

/Logger/Resource
/ParserDescription
/Configuration/Add

Parser Description [name] has been added

fileType=Parser Description
duid=1
cs4=sessionIdfile
cs4Label=Session ID
duser=UserName
rt=receiptTime
fname=parserName

logger:591

/Logger/Resource
/ParserDescription
/Configuration/Delete

Parser Description [name] has been deleted

fileType=Parser Description
cs4=sessionIdfile
duser=UserName
fileId=ParserID 710
duid=1
cs4Label=Session ID
rt=receiptTime
fname=parserName

logger:592

/Logger/Resource
/ParserDescription
/Configuration/Update

Parser Description [name] has been updated

fileType=Parser Description
cs4=sessionIdfile
duser=UserName
fileId=ParserID
duid=1
cs4Label=Session ID
rt=receiptTime
fname=parserName

Saved Searches

 

 

logger:540

/Logger/Resource/
SavedSearch
/Configuration/Add

Saved search [name] has been added

fname=savedSearchName
duser=UserName
duid=userId
cs4=sessionIdfile
cs4Label=Session ID
fileType=Saved Search
fileId=savedSearchId

logger:541

/Logger/Resource/
SavedSearch
/Configuration/Delete

Saved search [name] has been deleted

fname=savedSearchName
duser=UserName
duid=userId
cs4=sessionIdfile
cs4Label=Session ID
fileType=Saved Search
fileId=savedSearchId

logger:542

/Logger/Resource/
SavedSearch
/Configuration/Update

Saved search [name] has been updated

fname=savedSearchName
duser=UserName
duid=userId
cs4=sessionIdfile
cs4Label=Session ID
fileType=Saved Search
fileId=savedSearchId

Source Types

logger:596

/Logger/Resource/
SourceType
/Configuration/Add

Source Type [name] has been added

cs4=sessionIdfile
fileType=Source Type
duid=1
cs4Label=Session ID
duser=UserName
rt=receiptTime
fname=SourceTypeName

logger:597

/Logger/Resource
/SourceType
/Configuration/Delete

Source Type [name] has been deleted

fileType=Source Type
cs4=sessionIdfile
duser=UserName
fileId=SourceTypeID
duid=1
cs4Label=Session ID
rt=receiptTime
fname=SourceTypeName

logger:598

/Logger/Resource
/SourceType
/Configuration/Update

Source Type [name] has been updated

fileType=Source Type
cs4=sessionIdfile
duser=UserName
fileId=1SourceTypeID
duid=1
cs4Label=Session ID
rt=receiptTime
fname=SourceTypeName

Storage Groups

 

 

logger:530

/Logger/Resource/
StorageGroup
/Configuration/Add

Storage group [storageGroupName] has been added

fname=storageGroupName
duser=UserName
duid=userId
cs4=sessionIdfile
cs4Label=Session ID
fileType=Storage Group
fileId=storageGroupId

logger:532

/Logger/Resource/
StorageGroup
/Configuration/Update

Storage group [storageGroupName] has been updated

fname=storageGroupName
duser=UserName
duid=userId
cs4=sessionIdfile
cs4Label=Session ID
fileType=Storage Group
fileId=storageGroupId

Storage Rules

 

 

logger:533

/Logger/Resource/
StorageRule
/Configuration/Add

Storage rule [name] has been added

fname=storageRuleName
duser=UserName
duid=userId
cs4=sessionIdfile
cs4Label=Session ID
fileType=Storage Rule

logger:535

/Logger/Resource/
StorageRule
/Configuration/Update

Storage rule [name] has been updated

fname=storageRuleName
duser=UserName
duid=userId
cs4=sessionIdfile
cs4Label=Session ID
fileType=Storage Rule

Storage Volume

 

 

logger:536

/Logger/Resource
/StorageVolume/
Configuration/Add

Storage volume [name] has been added

fname=storageVolumeName
duser=UserName
duid=userId
cs4=sessionIdfile
cs4Label=Session ID
fileType=Storage Volume
fileId=storageVolumeId

Search

 

 

logger:680

/Logger/Search/Index
/Update

Search indices have been added

OR

Search index has been added

cs4=sessionId
fileType=Search Index Configuration
duser=UserName
msg=Search index has been added
cn1=1
duid=1
cs4Label=Session ID
rt=receiptTime
cn1Label=No. of fields added

logger:690

/Logger/Search/Options
/Update

Search options have been updated

cs6=false
cs7=true
cs4=sessionId
cs5=false
cs2=false
cs3=false
cs1=true
cs8=false
cs1Label=Field Search Case
Sensitivity
duid=1
cs7Label=Field Summary
cs8Label=Field Summary Field Discovery
cs6Label=Display options raw Event
cs3Label=Regex Search
Unicode Case Sensitivity
fileType=Search Options
duser=UserName
cs5Label=Regex Search Canonical Equality Check
cs4Label=Session ID
rt=receiptTime
cs2Label=Regex Search Case Sensitivity

logger:710

/Logger/Search
/Canceled

Search session [sessionID] has been canceled by [user]

cs1Label=Session ID
duid=1
cs1=sessionIdfile
duser=UserName
rt=receiptTime

Maintenance Mode

 

 

logger:700

/Logger/Server
/MaintenanceMode/
Enter

Maintenance mode entered

fname=Maintenance Mode
duser=UserName
duid=userId
cs4=sessionId
cs4Label=Session ID
fileType=Maintenance Mode