Server : Apache System : Linux cs317.bluehost.com 4.19.286-203.ELK.el7.x86_64 #1 SMP Wed Jun 14 04:33:55 CDT 2023 x86_64 User : andertr9 ( 1047) PHP Version : 8.2.18 Disable Function : NONE Directory : /usr/share/nxlog-ce/ |
Upload File : |
<fields> <module>im_mseventlog</module> <field> <name>raw_event</name> <type>string</type> <persist>FALSE</persist> <description> <en> A string containing the timestamp, hostname, severity, and message from the event. </en> </description> </field> <field> <name>Message</name> <type>string</type> <persist>FALSE</persist> <lookup>FALSE</lookup> <description> <en> The message from the event. </en> </description> </field> <field> <name>EventTime</name> <type>datetime</type> <persist>TRUE</persist> <description> <en> The TimeGenerated field of the EventRecord. </en> </description> </field> <field> <name>EventTimeWritten</name> <type>datetime</type> <persist>FALSE</persist> <description> <en> The TimeWritten field of the EventRecord. </en> </description> </field> <field> <name>Hostname</name> <type>string</type> <persist>TRUE</persist> <lookup>TRUE</lookup> <description> <en> The host or computer name field of the EventRecord. </en> </description> </field> <field> <name>SourceName</name> <type>string</type> <persist>TRUE</persist> <description> <en> The event source which produced the event (the subsystem or application name). </en> </description> </field> <field> <name>EventID</name> <type>integer</type> <persist>TRUE</persist> <description> <en> The event ID of the EventRecord. </en> </description> </field> <field> <name>CategoryNumber</name> <type>integer</type> <persist>TRUE</persist> <description> <en> The category number, stored as Category in the EventRecord. </en> </description> </field> <field> <name>Category</name> <type>string</type> <persist>TRUE</persist> <description> <en> The category name resolved from CategoryNumber. </en> </description> </field> <field> <name>FileName</name> <type>string</type> <persist>TRUE</persist> <lookup>TRUE</lookup> <description> <en> The logfile source of the event (for example, `Security` or `Application`). </en> </description> </field> <field> <name>AccountName</name> <type>string</type> <persist>TRUE</persist> <lookup>TRUE</lookup> <description> <en> The username associated with the event. </en> </description> </field> <field> <name>AccountType</name> <type>string</type> <persist>TRUE</persist> <lookup>TRUE</lookup> <description> <en> The type of the account. Possible values are: `User`, `Group`, `Domain`, `Alias`, `Well Known Group`, `Deleted Account`, `Invalid`, `Unknown`, and `Computer`. </en> </description> </field> <field> <name>Domain</name> <type>string</type> <persist>TRUE</persist> <lookup>TRUE</lookup> <description> <en> The domain name of the user. </en> </description> </field> <field> <name>SeverityValue</name> <type>integer</type> <persist>TRUE</persist> <description> <en> The normalized severity number of the event, mapped as follows. [cols="2", options="header,autowidth"] |=== |Event Log Severity |Normalized Severity |0/Audit Success |2/INFO |0/Audit Failure |4/ERROR |1/Critical |5/CRITICAL |2/Error |4/ERROR |3/Warning |3/WARNING |4/Information |2/INFO |5/Verbose |1/DEBUG |=== </en> </description> </field> <field> <name>Severity</name> <type>string</type> <persist>TRUE</persist> <description> <en> The normalized severity name of the event. See <<im_mseventlog_field_SeverityValue,$SeverityValue>>. </en> </description> </field> <field> <name>EventType</name> <type>string</type> <persist>TRUE</persist> <lookup>TRUE</lookup> <description> <en> The type of the event, which is a string describing the severity. Possible values are: `ERROR`, `AUDIT_FAILURE`, `AUDIT_SUCCESS`, `INFO`, `WARNING`, and `UNKNOWN`. </en> </description> </field> <field> <name>RecordNumber</name> <type>integer</type> <persist>FALSE</persist> <description> <en> The number of the event record. </en> </description> </field> </fields>