KGRKJGETMRETU895U-589TY5MIGM5JGB5SDFESFREWTGR54TY
Server : Apache
System : Linux cs317.bluehost.com 4.19.286-203.ELK.el7.x86_64 #1 SMP Wed Jun 14 04:33:55 CDT 2023 x86_64
User : andertr9 ( 1047)
PHP Version : 8.2.18
Disable Function : NONE
Directory :  /usr/share/nxlog-ce/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Current File : //usr/share/nxlog-ce/im_mseventlog-fields.xml
<fields>
  <module>im_mseventlog</module>
  <field>
    <name>raw_event</name>
    <type>string</type>
    <persist>FALSE</persist>
    <description>
      <en>
	A string containing the timestamp, hostname, severity, and
	message from the event.
      </en>
    </description>
  </field>

  <field>
    <name>Message</name>
    <type>string</type>
    <persist>FALSE</persist>
    <lookup>FALSE</lookup>
    <description>
      <en>
	The message from the event.
      </en>
    </description>
  </field>

  <field>
    <name>EventTime</name>
    <type>datetime</type>
    <persist>TRUE</persist>
    <description>
      <en>
	The TimeGenerated field of the EventRecord.
      </en>
    </description>
  </field>

  <field>
    <name>EventTimeWritten</name>
    <type>datetime</type>
    <persist>FALSE</persist>
    <description>
      <en>
	The TimeWritten field of the EventRecord.
      </en>
    </description>
  </field>

  <field>
    <name>Hostname</name>
    <type>string</type>
    <persist>TRUE</persist>
    <lookup>TRUE</lookup>
    <description>
      <en>
	The host or computer name field of the EventRecord.
      </en>
    </description>
  </field>

  <field>
    <name>SourceName</name>
    <type>string</type>
    <persist>TRUE</persist>
    <description>
      <en>
	The event source which produced the event (the subsystem or
	application name).
      </en>
    </description>
  </field>

  <field>
    <name>EventID</name>
    <type>integer</type>
    <persist>TRUE</persist>
    <description>
      <en>
	The event ID of the EventRecord.
      </en>
    </description>
  </field>

  <field>
    <name>CategoryNumber</name>
    <type>integer</type>
    <persist>TRUE</persist>
    <description>
      <en>
	The category number, stored as Category in the EventRecord.
      </en>
    </description>
  </field>

  <field>
    <name>Category</name>
    <type>string</type>
    <persist>TRUE</persist>
    <description>
      <en>
	The category name resolved from CategoryNumber.
      </en>
    </description>
  </field>

  <field>
    <name>FileName</name>
    <type>string</type>
    <persist>TRUE</persist>
    <lookup>TRUE</lookup>
    <description>
      <en>
	The logfile source of the event (for example, `Security` or
	`Application`).
      </en>
    </description>
  </field>

  <field>
    <name>AccountName</name>
    <type>string</type>
    <persist>TRUE</persist>
    <lookup>TRUE</lookup>
    <description>
      <en>
	The username associated with the event.
      </en>
    </description>
  </field>

  <field>
    <name>AccountType</name>
    <type>string</type>
    <persist>TRUE</persist>
    <lookup>TRUE</lookup>
    <description>
      <en>
	The type of the account. Possible values are: `User`, `Group`,
	`Domain`, `Alias`, `Well Known Group`, `Deleted Account`,
	`Invalid`, `Unknown`, and `Computer`.
      </en>
    </description>
  </field>

  <field>
    <name>Domain</name>
    <type>string</type>
    <persist>TRUE</persist>
    <lookup>TRUE</lookup>
    <description>
      <en>
	The domain name of the user.
      </en>
    </description>
  </field>

  <field>
    <name>SeverityValue</name>
    <type>integer</type>
    <persist>TRUE</persist>
    <description>
      <en>
The normalized severity number of the event, mapped as follows.

[cols="2", options="header,autowidth"]
|===
|Event Log Severity
|Normalized Severity

|0/Audit Success
|2/INFO

|0/Audit Failure
|4/ERROR

|1/Critical
|5/CRITICAL

|2/Error
|4/ERROR

|3/Warning
|3/WARNING

|4/Information
|2/INFO

|5/Verbose
|1/DEBUG
|===
      </en>
    </description>
  </field>

  <field>
    <name>Severity</name>
    <type>string</type>
    <persist>TRUE</persist>
    <description>
      <en>
The normalized severity name of the event. See
&lt;&lt;im_mseventlog_field_SeverityValue,$SeverityValue&gt;&gt;.
      </en>
    </description>
  </field>

  <field>
    <name>EventType</name>
    <type>string</type>
    <persist>TRUE</persist>
    <lookup>TRUE</lookup>
    <description>
      <en>
	The type of the event, which is a string describing the
	severity. Possible values are: `ERROR`, `AUDIT_FAILURE`,
	`AUDIT_SUCCESS`, `INFO`, `WARNING`, and `UNKNOWN`.
      </en>
    </description>
  </field>

  <field>
    <name>RecordNumber</name>
    <type>integer</type>
    <persist>FALSE</persist>
    <description>
      <en>
	The number of the event record.
      </en>
    </description>
  </field>

</fields>

Anon7 - 2021