Tchater maintenant avec le support
Tchattez avec un ingénieur du support

InTrust 11.5.1 - Audit Database Structure

Computers

Name Type

Description

ComputerName nvarchar(255)

Name of the computer from which the log was gathered.

Domain nvarchar(255)

Name of the domain to which the computer belongs.

Type int

Computer type, e.g. server or workstation. For Windows computers, this field has a bitmask value. For other computers, the value is 0.

For more information about bitmask values, see the description of the SERVER_INFO_101 network management structure in the MSDN library. The sv101_type member defines the possible values.

PlatformID int

The computer’s platform (operating system) ID. The following platform IDs are used:

  • 500 (Windows)
  • 630 (LINUX)
VersionMajor int Major version number of the computer's operating system. For example, the major version of Windows 8 is 6.
VersionMinor int Minor version number of the computer's operating system. For example, the minor version of Windows 8 is 2.

Events

Name Type

Description

ID int

ID of the event in the InTrust gathering session.

SessionID int

ID of the gathering session.

GatheringComputer nvarchar(255)

Computer from which the event was retrieved.

PlatformID int

Platform (operating system) ID of the computer from which the event was retrieved.

VersionMajor int

Major version number of the audited software on the computer where the data was collected. InTrust data sources define the major version values as specified below.

When event caching is not used during gathering:

  • Microsoft Windows Events, Microsoft DHCP Server Events—Major version of the operating system. For example, the major version of Windows 8 is 6.Custom Text Log Events, Database Events—Major version of the operating system, unless specified otherwise.
  • Microsoft IIS Events—The MajorVersion dword value in the HKLM\SOFTWARE\Microsoft\InetStp registry key.
  • Microsoft ISA Server Events—The major version number in the string representation of the ISAS version. This string is retrieved from the ProductVersion(BSTR*) property of the IFPCServer interface.
  • Microsoft Proxy Server Events—The major version is 2.
  • Microsoft Exchange Events—Major version of Microsoft Exchange Server.

When event caching is used during gathering:

  • Microsoft Windows Events —Major version of the operating system.
  • Syslog, Account Monitoring Events, Text File Monitoring Events—Major version of the operating system, unless specified otherwise.
  • Microsoft IIS Events—The MajorVersion dword value in the HKLM\SOFTWARE\Microsoft\InetStp registry key.
VersionMinor int

Minor version number of the audited software on the computer where the data was collected. InTrust data sources define the minor version values as specified below.

When event caching is not used during gathering:

  • Microsoft Windows Events, Microsoft DHCP Server Events —Minor version of the operating system. For example, the minor version of Windows 8 is 2.Custom Text Log Events, Database Events—Minor version of the operating system, unless specified otherwise.
  • Microsoft IIS Events—The MinorVersion dword value in the HKLM\SOFTWARE\Microsoft\InetStp registry key.
  • Microsoft ISA Server Events—The minor version number in the string representation of the ISAS version. This string is retrieved from the ProductVersion(BSTR*) property of the IFPCServer interface.
  • Microsoft Proxy Server Events—The minor version is 0.
  • Microsoft Exchange Events—Minor version of Microsoft Exchange Server.

When event caching is used during gathering:

  • Microsoft Windows Events —Minor version of the operating system.
  • Syslog, Account Monitoring Events, Text File Monitoring Events —Minor version of the operating system, unless specified otherwise.
  • Microsoft IIS Events—The MajorVersion dword value in the HKLM\SOFTWARE\Microsoft\InetStp registry key.
EventLog nvarchar(255) Name of the log from which the event was retrieved.
RecordNumber int

The event's number, used for storing the position of the last gathered event.

Computer nvarchar(255) Computer on which the event occurred.
UserName nvarchar(255)

Name of the user who produced the event.

UserDomain nvarchar(255)

Domain of the user who produced the event.

EventType int

Event type.

Source nvarchar(255)

Name of the event's source.

EventID int

ID of the event.

Category nvarchar(255)

Category of the event.

GMT datetime

Event generation time in GMT format.

LocalTime datetime

Event record time; this time is local to the computer from which the event was retrieved.

EventsData

Name Type

Description

EventID int

ID of the event in the InTrust gathering session. This field corresponds to the ID field in the Events table.

SessionID int

ID of the gathering session. This field corresponds to the SessionID field in the Events table.

EventData image

Binary data of the event.

EventsDescriptions

Name Type

Description

EventID int

ID of the event in the InTrust gathering session. This field corresponds to the ID field in the Events table.

SessionID int

ID of the gathering session. This field corresponds to the SessionID field in the Events table.

Description ntext

Description of the event.

Outils libre-service
Base de connaissances
Notifications et alertes
Support produits
Téléchargements de logiciels
Documentation technique
Forums utilisateurs
Didacticiels vidéo
Flux RSS
Nous contacter
Obtenir une assistance en matière de licence
Support Technique
Afficher tout
Documents connexes

The document was helpful.

Sélectionner une évaluation

I easily found the information I needed.

Sélectionner une évaluation