The following table displays the CEF key names and their description.
Table 13-1 CEF Key Names with Description
|
CEF Key Name |
Description |
|---|---|
|
sourceAddress |
Identifies the source that an event refers to in an IP network. The format is an IPv4 address. |
|
startTime |
The time when the activity the event referred to started. The format is mm dd yyyy HH:mm:ss or milliseconds since epoch (Jan 1st 1970). |
|
fileCreateTime |
Time when the entity is created. |
|
filePath |
Full path to the entity. |
|
filename |
Name of the entity only (without its path). |
|
fileModificationTime |
Time when the entity was last modified. |
|
oldFilePath |
Full path to the old entity. |
|
filePermission |
Viewer/Editor/Contributor permissions of the entity. |
|
endTime |
The time at which the activity related to the event ended. The format is mm dd yyyy hh:mm:ss or milliseconds since epoch (Jan 1 st 1970). An example would be reporting the end of a session. |
|
sourceUserId |
Identifies the source user by ID and name. This is the user associated with the source of the event. |
|
destinationUserId |
Identifies the destination user by ID and name. |
|
oldFileName |
Name of the old entity. |
|
baseEventCount |
A count associated with this event. |
|
deviceFacility |
Type of the device from which the user is logged in to Filr ( WebClient, Desktop Client or Mobile Client) |
|
sourceUserPrivileges |
The typical values are local, ldap, openid . It identifies the source user’s privileges. |
|
destinationUserPrivileges |
The typical values are local, ldap, openid . It identifies the destination user’s privileges. |
|
fileType |
Indicates the type is an Entry/Folder/WorkSpace/User/Group/Comment. |
|
destinationProcessId |
Provides the destination group id. |
|
sourceHostName |
Identifies the Filr server that an event originated from. |
|
deviceAddress |
Identifies the device address that an event refers to in an IP network. The format is an IPv4 address. |
|
deviceCustomString1 |
Identifies the OS version of the device. |
|
deviceCustomString1Label |
MicroFocusFilrOsVersion. |
|
message |
Indicates the comment added to a file. |
|
name |
Reason for event generation. |
|
deviceVendor |
Name of the company - Microfocus. |
|
deviceProduct |
Name of the product Filr. |
|
deviceVersion |
Product Version. |
|
deviceEventClassId |
Name of the event such as Add Entry, Failed Login. |