Chatee ahora con Soporte
Chat con el soporte

InTrust 11.6 - Audit Database Structure

EventsStrings

Name Type

Description

EventID int

ID of the event in the InTrust gathering session. This field corresponds to the ID field in the Events table.

SessionID int

ID of the gathering session. This field corresponds to the SessionID field in the Events table.

StringIndex int

Index of the event's insertion string.

StringValue nvarchar(4000)

Value of the event's insertion string.

GatheredEvents

Name Type Description
Computer nvarchar(150)

Computer on which the event occurred.

PlatformID int

Platform (operating system) ID of the computer on which the event occurred.

VersionMajor int

Major operating system version number of the computer on which the event occurred. For example, the major version of Windows 8 is 6.

VersionMinor int Minor operating system version number of the computer on which the event occurred. For example, the minor version of Windows 8 is 2.
EventLog nvarchar(255) Name of the log from which events were retrieved.
RecordNumber int

Number of the record in the event log, used for storing the position of the last gathered event.

TimeWritten int

Time when the event was written to the log.

GMT datetime

Event generation time in GMT format.

LocalTime datetime Time when the event was written to the log; this time is local to the computer where the event was logged.
IGMD image

Stands for Incremental Gathering MetaData. This is arbitrary binary data written and read by the data source that is used for the gathering. For example, a data source can store and query lists of file paths.

filterhash int

Hash of the combined filter used for the gathering.

filter image

Combined filter used for the gathering.

PositionVersion int

Contains one of the following values:

  • 1 (agent-side audit log backup was used during the gathering)
  • 0 (agent-side audit log backup was not used)
PositionFlag int

When cached data is collected for the first time to the new storage, data from the corresponding event log also captured (to prevent data loss). For the second cached data gathering to the same storage data from the corresponding event log is not needed and this option indicates this.

Contains one of the following values:

  • 0 (Cached data and data from the corresponding event are not collected)
  • 1 (Cached data have been collected for the first time to the new storage together with data from the corresponding event log)

GatheringSessions

Match Field

Description

ID int

Gathering session ID.

Computer nvarchar(150)

Name of the InTrust Server computer that ran the gathering job.

CollectionName nvarchar(255) Name of the gathering job.
GMT datetime

Session start time in GMT format.

LocalTime datetime

Session start time; this time is local to the InTrust server.

UniqueID nvarchar(255)

Unique ID of the gathering session.

Documentos relacionados

The document was helpful.

Seleccionar calificación

I easily found the information I needed.

Seleccionar calificación