This table lists the events logged by InTrust Repository Services.
Event ID |
Type |
Category |
Description |
Insertion Strings |
---|---|---|---|---|
13840 (0x3610) |
Information |
Repository Services |
Repository services enabled for repository "%2".%0 |
%2—Repository name |
13841 (0x3611) |
Information |
Repository Services |
Indexing of long-term items for repository "%2" successfully completed; index is now up-to-date.%0 |
%2—Repository name |
13842 (0x3612) |
Information |
Repository Services |
Indexing of recent items for repository "%2" successfully completed; index is now up-to-date.%0 |
%2—Repository name |
13843 (0x3613) |
Information |
Repository Services |
Data merging in repository "%2" has started.%0 |
%2—Repository name |
13844 (0x3614) |
Information |
Repository Services |
Data merging in repository "%2" successfully completed.%0 |
%2—Repository name |
13845 (0x3615) |
Information |
Repository Services |
Index cleanup for long-term items in repository "%2" has started.%0 |
%2—Repository name |
13846 (0x3616) |
Information |
Repository Services |
Index cleanup for long-term items in repository "%2" successfully completed.%0 |
%2—Repository name |
13847 (0x3617) |
Information |
Repository Services |
Indexing of long-term items repository "%2" was interrupted due to repository reconfiguration.%0 |
%2—Repository name |
13848 (0x3618) |
Information |
Repository Services |
Indexing of recent items for repository "%2" was interrupted due to repository reconfiguration.%0 |
%2—Repository name |
13849 (0x3619) |
Information |
Repository Services |
Data merging in repository "%2" was interrupted due to repository reconfiguration. %0 |
%2—Repository name |
13872 (0x3630) |
Warning |
Repository Services |
Indexing of of long-term items repository "%2" completed with errors. Error: %3.%0 |
%2—Repository name |
13873 (0x3631) |
Warning |
Repository Services |
Indexing of recent items for repository "%2" completed with errors. Error: %3.%0 |
%2—Repository name %3—Error description |
13874 (0x3632) |
Warning |
Repository Services |
Data merging in repository "%2" completed with errors. Error: %3. %0 |
%2—Repository name %3—Error description |
13875 (0x3633) |
Warning |
Repository Services |
The indexing queue of long-term events in repository “%2” is about to grow to an unmanageable size. If it keeps growing at the same rate, searching in the repository and import from it can slow down considerably. Please check the InTrust Server event log for errors, and consider collecting less audit data to this repository and adding more indexing servers.%0 |
%2—Repository name |
13876 (0x3634) |
Warning |
Repository Services |
The indexing queue of recent events in repository “%2” is about to grow to an unmanageable size. If it keeps growing at the same rate, searching in the repository and import from it can slow down considerably. Please check the InTrust Server event log for errors, and consider collecting less audit data to this repository and adding more indexing servers.%0 |
%2—Repository name |
13877 (0x3635) |
Warning |
Repository Services |
The number of unmerged files in repository “%2” has increased. This causes the repository size to grow uncontrollably. Please check the InTrust Server event log for errors, and consider collecting less audit data to this repository and adding more merging servers.%0 |
%2—Repository name |
13878 (0x3636) |
Warning |
Repository Services |
The indexing notification queue in repository “%2” exceeded the size limit.%0 |
%2—Repository name |
13879 (0x3637) |
Error |
Repository Services |
The indexing notification queue in repository "%2" exceeded the size limit. |
%2—Repository name |
13888 (0x3640) |
Information |
Repository Services |
Repository services disabled for repository "%2".%0 |
%2—Repository name |
13889 (0x3641) |
Error |
Repository Services |
Could not enable repository services for repository "%2". Reason: %3.%0 |
%2—Repository name |
13890 (0x3642) |
Error |
Repository Services |
Could not initialize indexing of long-term items for repository "%2". Reason: %3.%0 |
%2—Repository name |
13891 (0x3643) |
Error |
Repository Services |
Could not initialize indexing of recent items for repository "%2". Reason: %3.%0 |
%2—Repository name %3—Error description |
13892 (0x3644) |
Error |
Repository Services |
Could not initialize data merging in repository "%2". Reason: %3. This error will remain active until you resolve the causing issue so that merge can complete successfully. By default, merges happen every 24 hours.%0 |
%2—Repository name %3—Error description |
13893 (0x3645) |
Error |
Repository Services |
Could not initialize data merging in repository "%2". Reason: %3. |
%2—Repository name %3—Error description |
13894 (0x3646) |
Error |
Repository Services |
Indexing of long-term items for repository "%2" failed. Reason: %3.%0 |
%2—Repository name %3—Error description |
13895 (0x3647) |
Error |
Repository Services |
Indexing of recent items for repository "%2" failed. Reason: %3.%0 |
%2—Repository name %3—Error description |
13896 (0x3648) |
Error |
Repository Services |
Data merging in repository "%2" failed. Reason: %3.%0 |
%2—Repository name %3—Error description |
13897 (0x3649) |
Error |
Repository Services |
Data merging in repository "%2" failed. Reason: %3. This error will remain active until you resolve the causing issue so that merge can complete successfully. By default, merges happen every 24 hours.%0 |
%2—Repository name %3—Error description |
13898 (0x364A) |
Error |
Repository Services |
Critical repository services configuration error. Please make sure the "Quest InTrust Server" and "Quest InTrust Real-Time Monitoring" services are running on the InTrust server that manages the repository. If they are, consider restarting them. Error details: %2.%0 |
%2—Error description |
13899 (0x364B) |
Error |
Repository Services |
Indexing of long-term items repository "%2" was interrupted because the Quest InTrust Server service was stopped.%0 |
%2—Repository name |
13900 (0x364C) |
Error |
Repository Services |
Indexing of recent items for repository "%2" was interrupted because the Quest InTrust Server service was stopped.%0 |
%2—Repository name |
13901 (0x364D) |
Error |
Repository Services |
Data merging in repository "%2" was interrupted because the Quest InTrust Server service was stopped. This error will remain active until you resolve the causing issue so that merge can complete successfully. By default, merges happen every 24 hours.%0 |
%2—Repository name |
13902 (0x364E) |
Error |
Repository Services |
Index cleanup failed for repository "%2". This can result in slow searches. Details: %3.%0 |
%2—Repository name %3—Error description |
13903 (0x364F) |
Error |
Repository Services |
The indexing queue of long-term events in repository "%2" exceeded the size limit. Please check the InTrust Server event log for errors, and consider collecting less audit data to this repository and adding more indexing servers.%0 |
%2—Repository name |
N/A |
Error |
Repository Services |
Collection of events was stopped because of the error on collection %2 processed by InTrust Server %3. Real-time monitoring was stopped, so that alerts and server rules are not active too. Error details: %5 |
%2—Collection name %3—InTrust server name %5—Error description |
13904 (0x3650) |
Error |
Repository Services |
The number of unmerged files in repository "%2" exceeded the limit.%0 |
%2—Repository name |
This table contains the event logged by InTrust Notification Engine.
Event ID |
Type |
Category |
Description |
Insertion Strings |
---|---|---|---|---|
17408 (0x4400) |
Success |
Rule Match |
Real-Time rule was matched.%n%nSubject:%n Rule: %2%n Alert: %4%n Alert severity: %6%n Host: %1%n%nDetails:%n %8. |
%1—Host name %2—Rule name %3—Rule ID %4—Alert name %5—Alert severity code %6—Alert severity %7—Alert code %8—Details |
This table lists the events from the InTrust Self-Audit log.
The following event sources are defined for the log:
The following events are defined for the InTrust Server Connection Tracker and InTrust Real-Time Monitoring Server Connection Tracker event sources:
Event ID |
Type |
Category |
Description |
Insertion Strings |
---|---|---|---|---|
17152 (0x4300) |
Error |
Startup |
SID for service "%1" cannot be retrieved. |
%1—service display name |
17153 (0x4301) |
Error |
Connect |
InTrust connection self-audit on interface "%1" %2 failed. Error code 0x%3. Error text: %4. |
%1—RPC interface display name %2—RPC interface UUID %3—error code %4—error text |
17154 (0x4302) |
Error |
Startup |
InTrust connection self-audit on interface "%1" (%2) cannot be enabled. Error code 0x%3. Error text: %4. |
%1—RPC interface UUID %2—Extension display name %3—error code %4—error text |
17155 (0x4303) |
Informational |
Startup |
InTrust connection self-audit started. Current audit level : %1. |
%1—Audit level |
17156 (0x4304) |
Informational |
Connect |
Connection from computer %3 (%4) on RPC interface "%5" (%6) was established by user %1 (user SID: %2). |
%1—user name %2—user SID %3—remote host %4—remote IP address %5—RPC interface UUID %6—Extension display name |
17157 (0x4305) |
Informational |
Connect |
Connection on RPC interface "%3" (%4) was established by service %1 (service SID: %2). |
%1—service display name %2—service SID %3—RPC interface UUID %4—Extension display name |
17158 (0x4306) |
Error |
Startup |
Service SID is disabled for service %1. Try to enable it manually. |
%1—service display name |
17159 (0x4307) |
Error |
Startup |
Service %1 is not installed. |
%1—service short name |
17160 (0x4308) |
Error |
Startup |
Service %1 could not be detected during InTrust connection self-audit. Error code 0x%2. Error text: %3. |
%1—service short name |
17161 (0x4309) |
Informational |
Configuration |
InTrust connection self-audit level changed. New level : %1. |
%1—Audit level |
17162 (0x430A) |
Error |
Configuration |
Cannot query InTrust connection self-audit level. Error code 0x%1. Error text: %2. |
%1—error code %2—error text |
17163 (0x430B) |
Error |
License |
The following real-time monitoring policies are disabled until a valid license is available: %2. |
%2—Names of active policies |
The following events are defined for the InTrust Real-Time Configuration Tracker event source:
Event ID |
Type |
Category |
Description |
Insertion Strings |
---|---|---|---|---|
4112 (0x1010) |
Informational |
Startup |
InTrust agent configuration self-audit started. |
|
4113 (0x1011) |
Informational |
Startup |
InTrust agent configuration self-audit stopped. |
|
4114 (0x1012) |
Informational |
Agent-side rule configuration |
Monitoring rule '%1' added to agent '%8' on %10 at %11 (UTC %13). Data sources: %3. |
%1–Rule name %2–Rule GUID %3–Data source list %8–Agent name %9–Agent ID %10–Event generation date (server timezone) %11–Event generation time (server timezone) %12–Event generation date/time (server timezone) %13–Event generation date/time (UTC) |
4115 (0x1013) |
Informational |
Agent-side rule configuration |
Monitoring rule '%1' reconfigured on agent '%8' on %10 at %11 (UTC %13). Data sources: %3. |
%1–Rule name %2–Rule GUID %3–Data source list %8–Agent name %9–Agent ID %10–Event generation date (server timezone) %11–Event generation time (server timezone) %12–Event generation date/time (server timezone) %13–Event generation date/time (UTC) |
4116 (0x1014) |
Informational |
Agent-side rule configuration |
Monitoring rule '%1' removed from agent '%8' on %10 at %11 (UTC %13). Data sources: %3. |
%1–Rule name %2–Rule GUID %3–Data source list %8–Agent name %9–Agent ID %10–Event generation date (server timezone) %11–Event generation time (server timezone) %12–Event generation date/time (server timezone) %13–Event generation date/time (UTC) |
4117 (0x1015) |
Informational |
Agent-side rule configuration |
Monitoring rule '%1' activated on agent '%8' on %10 at %11 (UTC %13). Data sources: %3. |
%1–Rule name %2–Rule GUID %3–Data source list %8–Agent name %9–Agent ID %10–Event generation date (server timezone) %11–Event generation time (server timezone) %12–Event generation date/time (server timezone) %13–Event generation date/time (UTC) |
4118 (0x1016) |
Informational |
Agent-side rule configuration |
Real-time collection from data source '%3' (event log name: '%5') to repository '%6' started on agent '%8' on %10 at %11 (UTC %13). |
%1–Rule name %2–Rule GUID %3–Data source name %4–Data source GUID %5–Log name %6–Repository name %7–Repository GUID %8–Agent name %9–Agent ID %10–Event generation date (server timezone) %11–Event generation time (server timezone) %12–Event generation date/time (server timezone) %13–Event generation date/time (UTC) |
4119 (0x1017) |
Informational |
Agent-side rule configuration |
Real-time collection from data source '%3' (event log name: '%5') to repository '%6' stopped on agent '%8' on %10 at %11 (UTC %13). |
%1–Rule name %2–Rule GUID %3–Data source name %4–Data source GUID %5–Log name %6–Repository name %7–Repository GUID %8–Agent name %9–Agent ID %10–Event generation date (server timezone) %11–Event generation time (server timezone) %12–Event generation date/time (server timezone) %13–Event generation date/time (UTC) |
4120 (0x1018) |
Informational |
Agent-side rule configuration |
Real-time collection from data source '%3' (event log name: '%5') to repository '%6' activated on agent '%8' on %10 at %11 (UTC %13). |
%1–Rule name %2–Rule GUID %3–Data source name %4–Data source GUID %5–Log name %6–Repository name %7–Repository GUID %8–Agent name %9–Agent ID %10–Event generation date (server timezone) %11–Event generation time (server timezone) %12–Event generation date/time (server timezone) %13–Event generation date/time (UTC) |
4121 (0x1019) |
Informational |
Agent-side rule configuration |
Agent-side log backup enabled for data source '%3' (event log name: '%5') in job '%6' on agent '%8' on %10 at %11 (UTC %13). |
%1–Rule name %2–Rule GUID %3–Data source name %4–Data source GUID %5–Log name %6–Job name %7–Job GUID %8–Agent name %9–Agent ID %10–Event generation date (server timezone) %11–Event generation time (server timezone) %12–Event generation date/time (server timezone) %13–Event generation date/time (UTC) |
4122 (0x101A) |
Informational |
Agent-side rule configuration |
Agent-side log backup disabled for data source '%3' (event log name: '%5') in job '%6' on agent '%8' on %10 at %11 (UTC %13). |
%1–Rule name %2–Rule GUID %3–Data source name %4–Data source GUID %5–Log name %6–Job name %7–Job GUID %8–Agent name %9–Agent ID %10–Event generation date (server timezone) %11–Event generation time (server timezone) %12–Event generation date/time (server timezone) %13–Event generation date/time (UTC) |
4123 (0x101B) |
Informational |
Agent-side rule configuration |
Agent-side log backup for data source '%3' (event log name: '%5') in job '%6' activated on agent '%8' on %10 at %11 (UTC %13). |
%1–Rule name %2–Rule GUID %3–Data source name %4–Data source GUID %5–Log name %6–Job name %7–Job GUID %8–Agent name %9–Agent ID %10–Event generation date (server timezone) %11–Event generation time (server timezone) %12–Event generation date/time (server timezone) %13–Event generation date/time (UTC) |
4124 (0x101C) |
Informational |
Server-side rule configuration |
Monitoring rule '%1' enabled. Data sources: %3. |
%1–Rule name %2–Rule GUID %3–Data source list |
4125 (0x101D) |
Informational |
Server-side rule configuration |
Monitoring rule '%1' reconfigured. Data sources: %3. |
%1–Rule name %2–Rule GUID %3–Data source list |
4126 (0x101E) |
Informational |
Server-side rule configuration |
Monitoring rule '%1' disabled. Data sources: %3. |
%1–Rule name %2–Rule GUID %3–Data source list |
4127 (0x101F) |
Informational |
Server-side rule configuration |
Real-time collection from data source '%3' ('%5') to repository '%6' enabled. |
%1–Rule name %2–Rule GUID %3–Data source name %4–Data source GUID %5–Log name %6–Repository name %7–Repository GUID |
4128 (0x1020) |
Informational |
Server-side rule configuration |
Real-time collection from data source '%3' ('%5') to repository '%6' disabled. |
%1–Rule name %2–Rule GUID %3–Data source name %4–Data source GUID %5–Log name %6–Repository name %7–Repository GUID |
4129 (0x1021) |
Informational |
Server-side rule configuration |
Agent-side log backup enabled for data source '%3' ('%5') in job '%6'. |
%1–Rule name %2–Rule GUID %3–Data source name %4–Data source GUID %5–Log name %6–Job name %7–Job GUID |
4130 (0x1022) |
Informational |
Server-side rule configuration |
Agent-side log backup disabled for data source '%3' ('%5') in job '%6'. |
%1–Rule name %2–Rule GUID %3–Data source name %4–Data source GUID %5–Log name %6–Job name %7–Job GUID |
4131 (0x1023) |
Informational |
Agent-side rule configuration |
All real-time activity was stopped on agent %8. No monitoring, real-time collection or agent-side log backup is performed. |
%8–Agent name %9–Agent ID |
© ALL RIGHTS RESERVED. Nutzungsbedingungen Datenschutz Cookie Preference Center