KGRKJGETMRETU895U-589TY5MIGM5JGB5SDFESFREWTGR54TY
Server : Apache
System : Linux cs317.bluehost.com 4.19.286-203.ELK.el7.x86_64 #1 SMP Wed Jun 14 04:33:55 CDT 2023 x86_64
User : andertr9 ( 1047)
PHP Version : 8.2.18
Disable Function : NONE
Directory :  /usr/share/nxlog-ce/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Current File : //usr/share/nxlog-ce/im_msvistalog-fields.xml
<fields>
  <module>im_msvistalog</module>
  <field>
    <name>raw_event</name>
    <type>string</type>
    <persist>FALSE</persist>
    <description>
      <en>
	A string containing the EventTime, Hostname, Severity,
	EventID, and Message from the event.
      </en>
    </description>
  </field>

  <field>
    <name>Message</name>
    <type>string</type>
    <persist>FALSE</persist>
    <lookup>FALSE</lookup>
    <description>
      <en>
	The message from the event.
      </en>
    </description>
  </field>

  <field>
    <name>EventTime</name>
    <type>datetime</type>
    <persist>TRUE</persist>
    <description>
      <en>
	The EvtSystemTimeCreated field.
      </en>
    </description>
  </field>

  <field>
    <name>Hostname</name>
    <type>string</type>
    <persist>TRUE</persist>
    <lookup>TRUE</lookup>
    <description>
      <en>
	The EvtSystemComputer field.
      </en>
    </description>
  </field>

  <field>
    <name>SourceName</name>
    <type>string</type>
    <persist>TRUE</persist>
    <description>
      <en>
	The event source which produced the event, from the
	EvtSystemProviderName field.
      </en>
    </description>
  </field>

  <field>
    <name>EventID</name>
    <type>integer</type>
    <persist>TRUE</persist>
    <description>
      <en>
The event ID (specific to the event source) from the EvtSystemEventID
field.
      </en>
    </description>
  </field>

  <field>
    <name>Task</name>
    <type>integer</type>
    <persist>FALSE</persist>
    <description>
      <en>
	The task number from the EvtSystemTask field.
      </en>
    </description>
  </field>

  <field>
    <name>Category</name>
    <type>string</type>
    <persist>TRUE</persist>
    <description>
      <en>
	The category name resolved from Task.
      </en>
    </description>
  </field>

  <field>
    <name>Keywords</name>
    <type>integer</type>
    <persist>FALSE</persist>
    <description>
      <en>
	The value of the Keywords field from EvtSystemKeywords.
      </en>
    </description>
  </field>

  <field>
    <name>Channel</name>
    <type>string</type>
    <persist>TRUE</persist>
    <lookup>TRUE</lookup>
    <description>
      <en>
	The Channel of the event source (for example, `Security` or
	`Application`).
      </en>
    </description>
  </field>

  <field>
    <name>AccountName</name>
    <type>string</type>
    <persist>TRUE</persist>
    <lookup>TRUE</lookup>
    <description>
      <en>
	The username associated with the event.
      </en>
    </description>
  </field>

  <field>
    <name>AccountType</name>
    <type>string</type>
    <persist>TRUE</persist>
    <lookup>TRUE</lookup>
    <description>
      <en>
	The type of the account. Possible values are: `User`, `Group`,
	`Domain`, `Alias`, `Well Known Group`, `Deleted Account`,
	`Invalid`, `Unknown`, and `Computer`.
      </en>
    </description>
  </field>

  <field>
    <name>Domain</name>
    <type>string</type>
    <persist>TRUE</persist>
    <lookup>TRUE</lookup>
    <description>
      <en>
	The domain name of the user.
      </en>
    </description>
  </field>

  <field>
    <name>UserID</name>
    <type>string</type>
    <persist>FALSE</persist>
    <lookup>TRUE</lookup>
    <description>
      <en>
The Security Identifier (SID) which resolves to
&lt;&lt;im_msvistalog_field_AccountName,$AccounteName&gt;&gt;, stored
in EvtSystemUserID.
      </en>
    </description>
  </field>

  <field>
    <name>SeverityValue</name>
    <type>integer</type>
    <persist>TRUE</persist>
    <description>
      <en>
The normalized severity number of the event, mapped as follows.

[cols="2", options="header,autowidth"]
|===
|Event Log Severity
|Normalized Severity

|0/Audit Success
|2/INFO

|0/Audit Failure
|4/ERROR

|1/Critical
|5/CRITICAL

|2/Error
|4/ERROR

|3/Warning
|3/WARNING

|4/Information
|2/INFO

|5/Verbose
|1/DEBUG
|===
      </en>
    </description>
  </field>

  <field>
    <name>Severity</name>
    <type>string</type>
    <persist>TRUE</persist>
    <description>
      <en>
The normalized severity name of the event. See
&lt;&lt;im_msvistalog_field_SeverityValue,$SeverityValue&gt;&gt;.
      </en>
    </description>
  </field>

  <field>
    <name>EventType</name>
    <type>string</type>
    <persist>TRUE</persist>
    <lookup>TRUE</lookup>
    <description>
      <en>
	The type of the event, which is a string describing the
	severity. This is translated to its string representation from
	EvtSystemLevel. Possible values are: `CRITICAL`, `ERROR`,
	`AUDIT_FAILURE`, `AUDIT_SUCCESS`, `INFO`, `WARNING`, and
	`VERBOSE`.
      </en>
    </description>
  </field>

  <field>
    <name>ProviderGuid</name>
    <type>string</type>
    <persist>FALSE</persist>
    <lookup>TRUE</lookup>
    <description>
      <en>
The globally unique identifier of the event's provider as stored in
EvtSystemProviderGuid. This corresponds to the name of the provider in
the &lt;&lt;im_msvistalog_field_SourceName,$SourceName&gt;&gt; field.
      </en>
    </description>
  </field>

  <field>
    <name>Version</name>
    <type>integer</type>
    <persist>FALSE</persist>
    <description>
      <en>
	The Version number of the event as in EvtSystemVersion.
      </en>
    </description>
  </field>

  <field>
    <name>OpcodeValue</name>
    <type>integer</type>
    <persist>FALSE</persist>
    <description>
      <en>
	The Opcode number of the event as in EvtSystemOpcode.
      </en>
    </description>
  </field>

  <field>
    <name>Opcode</name>
    <type>string</type>
    <persist>TRUE</persist>
    <description>
      <en>
	The Opcode string resolved from OpcodeValue.
      </en>
    </description>
  </field>

  <field>
    <name>ActivityID</name>
    <type>string</type>
    <persist>FALSE</persist>
    <lookup>TRUE</lookup>
    <description>
      <en>
A globally unique identifier for the current activity, as stored in
EvtSystemActivityID.
      </en>
    </description>
  </field>

  <field>
    <name>RelatedActivityID</name>
    <type>string</type>
    <persist>FALSE</persist>
    <lookup>TRUE</lookup>
    <description>
      <en>
	The RelatedActivityID as stored in EvtSystemRelatedActivityID.
      </en>
    </description>
  </field>

  <field>
    <name>ProcessID</name>
    <type>integer</type>
    <persist>FALSE</persist>
    <description>
      <en>
	The process identifier of the event producer as in
	EvtSystemProcessID.
      </en>
    </description>
  </field>

  <field>
    <name>ThreadID</name>
    <type>integer</type>
    <persist>FALSE</persist>
    <description>
      <en>
	The thread identifier of the event producer as in
	EvtSystemThreadID.
      </en>
    </description>
  </field>

  <field>
    <name>RecordNumber</name>
    <type>integer</type>
    <persist>FALSE</persist>
    <description>
      <en>
	The number of the event record.
      </en>
    </description>
  </field>

</fields>

Anon7 - 2021