Name | Type |
Description |
---|---|---|
EventID | int |
ID of the event in the InTrust gathering session. This field corresponds to the ID field in the Events table. |
SessionID | int |
ID of the gathering session. This field corresponds to the SessionID field in the Events table. |
StringIndex | int |
Index of the event's insertion string. |
StringValue | nvarchar(4000) |
Value of the event's insertion string. |
Name | Type | Description |
---|---|---|
Computer | nvarchar(150) |
Computer on which the event occurred. |
PlatformID | int |
Platform (operating system) ID of the computer on which the event occurred. |
VersionMajor | int |
Major operating system version number of the computer on which the event occurred. For example, the major version of Windows 8 is 6. |
VersionMinor | int | Minor operating system version number of the computer on which the event occurred. For example, the minor version of Windows 8 is 2. |
EventLog | nvarchar(255) | Name of the log from which events were retrieved. |
RecordNumber | int |
Number of the record in the event log, used for storing the position of the last gathered event. |
TimeWritten | int |
Time when the event was written to the log. |
GMT | datetime |
Event generation time in GMT format. |
LocalTime | datetime | Time when the event was written to the log; this time is local to the computer where the event was logged. |
IGMD | image |
Stands for Incremental Gathering MetaData. This is arbitrary binary data written and read by the data source that is used for the gathering. For example, a data source can store and query lists of file paths. |
filterhash | int |
Hash of the combined filter used for the gathering. |
filter | image |
Combined filter used for the gathering. |
PositionVersion | int |
Contains one of the following values:
|
PositionFlag | int |
When cached data is collected for the first time to the new storage, data from the corresponding event log also captured (to prevent data loss). For the second cached data gathering to the same storage data from the corresponding event log is not needed and this option indicates this. Contains one of the following values:
|
Match | Field |
Description |
---|---|---|
ID | int |
Gathering session ID. |
Computer | nvarchar(150) |
Name of the InTrust Server computer that ran the gathering job. |
CollectionName | nvarchar(255) | Name of the gathering job. |
GMT | datetime |
Session start time in GMT format. |
LocalTime | datetime |
Session start time; this time is local to the InTrust server. |
UniqueID | nvarchar(255) |
Unique ID of the gathering session. |
© ALL RIGHTS RESERVED. 利用規約 プライバシー Cookie Preference Center