Chat now with support
Chat with Support

InTrust 11.4.1 - InTrust Events

Events from InTrust Repository Services

This table lists the events logged by InTrust Repository Services.

Event ID

Type

Category

Description

Insertion Strings

13840

(0x3610)

Information

Repository Services

Repository services enabled for repository "%2".%0

%2—Repository name

13841

(0x3611)

Information

Repository Services

Indexing of long-term items for repository "%2" successfully completed; index is now up-to-date.%0

%2—Repository name

13842

(0x3612)

Information

Repository Services

Indexing of recent items for repository "%2" successfully completed; index is now up-to-date.%0

%2—Repository name

13843 (0x3613)

Information

Repository Services

Data merging in repository "%2" has started.%0

%2—Repository name

13844 (0x3614)

Information

Repository Services

Data merging in repository "%2" successfully completed.%0

%2—Repository name

13845

(0x3615)

Information

Repository Services

Index cleanup for long-term items in repository "%2" has started.%0

%2—Repository name

13846 (0x3616)

Information

Repository Services

Index cleanup for long-term items in repository "%2" successfully completed.%0

%2—Repository name

13847

(0x3617)

Information

Repository Services

Indexing of long-term items repository "%2" was interrupted due to repository reconfiguration.%0

%2—Repository name

13848 (0x3618)

Information

Repository Services

Indexing of recent items for repository "%2" was interrupted due to repository reconfiguration.%0

%2—Repository name

13849

(0x3619)

Information

Repository Services

Data merging in repository "%2" was interrupted due to repository reconfiguration. %0

%2—Repository name

13872

(0x3630)

Warning

Repository Services

Indexing of of long-term items repository "%2" completed with errors. Error: %3.%0

%2—Repository name

13873

(0x3631)

Warning

Repository Services

Indexing of recent items for repository "%2" completed with errors. Error: %3.%0

%2—Repository name

%3—Error description

13874

(0x3632)

Warning

Repository Services

Data merging in repository "%2" completed with errors. Error: %3. %0

%2—Repository name

%3—Error description

13875

(0x3633)

Warning

Repository Services

The indexing queue of long-term events in repository “%2” is about to grow to an unmanageable size. If it keeps growing at the same rate, searching in the repository and import from it can slow down considerably. Please check the InTrust Server event log for errors, and consider collecting less audit data to this repository and adding more indexing servers.%0

%2—Repository name

13876

(0x3634)

Warning

Repository Services

The indexing queue of recent events in repository “%2” is about to grow to an unmanageable size. If it keeps growing at the same rate, searching in the repository and import from it can slow down considerably. Please check the InTrust Server event log for errors, and consider collecting less audit data to this repository and adding more indexing servers.%0

%2—Repository name

13877

(0x3635)

Warning

Repository Services

The number of unmerged files in repository “%2” has increased. This causes the repository size to grow uncontrollably. Please check the InTrust Server event log for errors, and consider collecting less audit data to this repository and adding more merging servers.%0

%2—Repository name

13878

(0x3636)

Warning

Repository Services

The indexing notification queue in repository “%2” exceeded the size limit.%0

%2—Repository name

13879

(0x3637)

Error

Repository Services

The indexing notification queue in repository "%2" exceeded the size limit.

%2—Repository name

13888

(0x3640)

Information

Repository Services

Repository services disabled for repository "%2".%0

%2—Repository name

13889

(0x3641)

Error

Repository Services

Could not enable repository services for repository "%2". Reason: %3.%0

%2—Repository name

13890

(0x3642)

Error

Repository Services

Could not initialize indexing of long-term items for repository "%2". Reason: %3.%0

%2—Repository name

13891

(0x3643)

Error

Repository Services

Could not initialize indexing of recent items for repository "%2". Reason: %3.%0

%2—Repository name

%3—Error description

13892

(0x3644)

Error

Repository Services

Could not initialize data merging in repository "%2". Reason: %3. This error will remain active until you resolve the causing issue so that merge can complete successfully. By default, merges happen every 24 hours.%0

%2—Repository name

%3—Error description

13893

(0x3645)

Error

Repository Services

Could not initialize data merging in repository "%2". Reason: %3.

%2—Repository name

%3—Error description

13894

(0x3646)

Error

Repository Services

Indexing of long-term items for repository "%2" failed. Reason: %3.%0

%2—Repository name

%3—Error description

13895

(0x3647)

Error

Repository Services

Indexing of recent items for repository "%2" failed. Reason: %3.%0

%2—Repository name

%3—Error description

13896

(0x3648)

Error

Repository Services

Data merging in repository "%2" failed. Reason: %3.%0

%2—Repository name

%3—Error description

13897

(0x3649)

Error

Repository Services

Data merging in repository "%2" failed. Reason: %3. This error will remain active until you resolve the causing issue so that merge can complete successfully. By default, merges happen every 24 hours.%0

%2—Repository name

%3—Error description

13898

(0x364A)

Error

Repository Services

Critical repository services configuration error. Please make sure the "Quest InTrust Server" and "Quest InTrust Real-Time Monitoring" services are running on the InTrust server that manages the repository. If they are, consider restarting them. Error details: %2.%0

%2—Error description

13899

(0x364B)

Error

Repository Services

Indexing of long-term items repository "%2" was interrupted because the Quest InTrust Server service was stopped.%0

%2—Repository name

13900

(0x364C)

Error

Repository Services

Indexing of recent items for repository "%2" was interrupted because the Quest InTrust Server service was stopped.%0

%2—Repository name

13901

(0x364D)

Error

Repository Services

Data merging in repository "%2" was interrupted because the Quest InTrust Server service was stopped. This error will remain active until you resolve the causing issue so that merge can complete successfully. By default, merges happen every 24 hours.%0

%2—Repository name

13902

(0x364E)

Error

Repository Services

Index cleanup failed for repository "%2". This can result in slow searches. Details: %3.%0

%2—Repository name

%3—Error description

13903

(0x364F)

Error

Repository Services

The indexing queue of long-term events in repository "%2" exceeded the size limit. Please check the InTrust Server event log for errors, and consider collecting less audit data to this repository and adding more indexing servers.%0

%2—Repository name

N/A

Error

Repository Services

Collection of events was stopped because of the error on collection %2 processed by InTrust Server %3. Real-time monitoring was stopped, so that alerts and server rules are not active too. Error details: %5

%2—Collection name

%3—InTrust server name

%5—Error description

13904

(0x3650)

Error

Repository Services

The number of unmerged files in repository "%2" exceeded the limit.%0

%2—Repository name

Events from InTrust Notification Engine

This table contains the event logged by InTrust Notification Engine.

Event ID

Type

Category

Description

Insertion Strings

17408

(0x4400)

Success

Rule Match

Real-Time rule was matched.%n%nSubject:%n Rule: %2%n Alert: %4%n Alert severity: %6%n Host: %1%n%nDetails:%n %8.

%1—Host name

%2—Rule name

%3—Rule ID

%4—Alert name

%5—Alert severity code

%6—Alert severity

%7—Alert code

%8—Details

InTrust Self-Audit Events

This table lists the events from the InTrust Self-Audit log.

The following event sources are defined for the log:

  • InTrust Server Connection Tracker
  • InTrust Real-Time Monitoring Server Connection Tracker
  • InTrust Real-Time Configuration Tracker

The following events are defined for the InTrust Server Connection Tracker and InTrust Real-Time Monitoring Server Connection Tracker event sources:

Event ID

Type

Category

Description

Insertion Strings

17152

(0x4300)

Error

Startup

SID for service "%1" cannot be retrieved.

%1—service display name

17153

(0x4301)

Error

Connect

InTrust connection self-audit on interface "%1" %2 failed. Error code 0x%3. Error text: %4.

%1—RPC interface display name

%2—RPC interface UUID

%3—error code

%4—error text

17154

(0x4302)

Error

Startup

InTrust connection self-audit on interface "%1" (%2) cannot be enabled. Error code 0x%3. Error text: %4.

%1—RPC interface UUID

%2—Extension display name

%3—error code

%4—error text

17155

(0x4303)

Informational

Startup

InTrust connection self-audit started. Current audit level : %1.

%1—Audit level

17156

(0x4304)

Informational

Connect

Connection from computer %3 (%4) on RPC interface "%5" (%6) was established by user %1 (user SID: %2).

%1—user name

%2—user SID

%3—remote host

%4—remote IP address

%5—RPC interface UUID

%6—Extension display name

17157

(0x4305)

Informational

Connect

Connection on RPC interface "%3" (%4) was established by service %1 (service SID: %2).

%1—service display name

%2—service SID

%3—RPC interface UUID

%4—Extension display name

17158

(0x4306)

Error

Startup

Service SID is disabled for service %1. Try to enable it manually.

%1—service display name

17159

(0x4307)

Error

Startup

Service %1 is not installed.

%1—service short name

17160

(0x4308)

Error

Startup

Service %1 could not be detected during InTrust connection self-audit. Error code 0x%2. Error text: %3.

%1—service short name

17161

(0x4309)

Informational

Configuration

InTrust connection self-audit level changed. New level : %1.

%1—Audit level

17162

(0x430A)

Error

Configuration

Cannot query InTrust connection self-audit level. Error code 0x%1. Error text: %2.

%1—error code

%2—error text

17163

(0x430B)

Error

License

The following real-time monitoring policies are disabled until a valid license is available: %2.

%2—Names of active policies

The following events are defined for the InTrust Real-Time Configuration Tracker event source:

Event ID

Type

Category

Description

Insertion Strings

4112

(0x1010)

Informational

Startup

InTrust agent configuration self-audit started.

 

4113

(0x1011)

Informational

Startup

InTrust agent configuration self-audit stopped.

 

4114

(0x1012)

Informational

Agent-side rule configuration

Monitoring rule '%1' added to agent '%8' on %10 at %11 (UTC %13). Data sources: %3.

%1–Rule name

%2–Rule GUID

%3–Data source list

%8–Agent name

%9–Agent ID

%10–Event generation date (server timezone)

%11–Event generation time (server timezone)

%12–Event generation date/time (server timezone)

%13–Event generation date/time (UTC)

4115

(0x1013)

Informational

Agent-side rule configuration

Monitoring rule '%1' reconfigured on agent '%8' on %10 at %11 (UTC %13). Data sources: %3.

%1–Rule name

%2–Rule GUID

%3–Data source list

%8–Agent name

%9–Agent ID

%10–Event generation date (server timezone)

%11–Event generation time (server timezone)

%12–Event generation date/time (server timezone)

%13–Event generation date/time (UTC)

4116

(0x1014)

Informational

Agent-side rule configuration

Monitoring rule '%1' removed from agent '%8' on %10 at %11 (UTC %13). Data sources: %3.

%1–Rule name

%2–Rule GUID

%3–Data source list

%8–Agent name

%9–Agent ID

%10–Event generation date (server timezone)

%11–Event generation time (server timezone)

%12–Event generation date/time (server timezone)

%13–Event generation date/time (UTC)

4117

(0x1015)

Informational

Agent-side rule configuration

Monitoring rule '%1' activated on agent '%8' on %10 at %11 (UTC %13). Data sources: %3.

%1–Rule name

%2–Rule GUID

%3–Data source list

%8–Agent name

%9–Agent ID

%10–Event generation date (server timezone)

%11–Event generation time (server timezone)

%12–Event generation date/time (server timezone)

%13–Event generation date/time (UTC)

4118

(0x1016)

Informational

Agent-side rule configuration

Real-time collection from data source '%3' (event log name: '%5') to repository '%6' started on agent '%8' on %10 at %11 (UTC %13).

%1–Rule name

%2–Rule GUID

%3–Data source name

%4–Data source GUID

%5–Log name

%6–Repository name

%7–Repository GUID

%8–Agent name

%9–Agent ID

%10–Event generation date (server timezone)

%11–Event generation time (server timezone)

%12–Event generation date/time (server timezone)

%13–Event generation date/time (UTC)

4119

(0x1017)

Informational

Agent-side rule configuration

Real-time collection from data source '%3' (event log name: '%5') to repository '%6' stopped on agent '%8' on %10 at %11 (UTC %13).

%1–Rule name

%2–Rule GUID

%3–Data source name

%4–Data source GUID

%5–Log name

%6–Repository name

%7–Repository GUID

%8–Agent name

%9–Agent ID

%10–Event generation date (server timezone)

%11–Event generation time (server timezone)

%12–Event generation date/time (server timezone)

%13–Event generation date/time (UTC)

4120

(0x1018)

Informational

Agent-side rule configuration

Real-time collection from data source '%3' (event log name: '%5') to repository '%6' activated on agent '%8' on %10 at %11 (UTC %13).

%1–Rule name

%2–Rule GUID

%3–Data source name

%4–Data source GUID

%5–Log name

%6–Repository name

%7–Repository GUID

%8–Agent name

%9–Agent ID

%10–Event generation date (server timezone)

%11–Event generation time (server timezone)

%12–Event generation date/time (server timezone)

%13–Event generation date/time (UTC)

4121

(0x1019)

Informational

Agent-side rule configuration

Agent-side log backup enabled for data source '%3' (event log name: '%5') in job '%6' on agent '%8' on %10 at %11 (UTC %13).

%1–Rule name

%2–Rule GUID

%3–Data source name

%4–Data source GUID

%5–Log name

%6–Job name

%7–Job GUID

%8–Agent name

%9–Agent ID

%10–Event generation date (server timezone)

%11–Event generation time (server timezone)

%12–Event generation date/time (server timezone)

%13–Event generation date/time (UTC)

4122

(0x101A)

Informational

Agent-side rule configuration

Agent-side log backup disabled for data source '%3' (event log name: '%5') in job '%6' on agent '%8' on %10 at %11 (UTC %13).

%1–Rule name

%2–Rule GUID

%3–Data source name

%4–Data source GUID

%5–Log name

%6–Job name

%7–Job GUID

%8–Agent name

%9–Agent ID

%10–Event generation date (server timezone)

%11–Event generation time (server timezone)

%12–Event generation date/time (server timezone)

%13–Event generation date/time (UTC)

4123

(0x101B)

Informational

Agent-side rule configuration

Agent-side log backup for data source '%3' (event log name: '%5') in job '%6' activated on agent '%8' on %10 at %11 (UTC %13).

%1–Rule name

%2–Rule GUID

%3–Data source name

%4–Data source GUID

%5–Log name

%6–Job name

%7–Job GUID

%8–Agent name

%9–Agent ID

%10–Event generation date (server timezone)

%11–Event generation time (server timezone)

%12–Event generation date/time (server timezone)

%13–Event generation date/time (UTC)

4124

(0x101C)

Informational

Server-side rule configuration

Monitoring rule '%1' enabled. Data sources: %3.

%1–Rule name

%2–Rule GUID

%3–Data source list

4125

(0x101D)

Informational

Server-side rule configuration

Monitoring rule '%1' reconfigured. Data sources: %3.

%1–Rule name

%2–Rule GUID

%3–Data source list

4126

(0x101E)

Informational

Server-side rule configuration

Monitoring rule '%1' disabled. Data sources: %3.

%1–Rule name

%2–Rule GUID

%3–Data source list

4127

(0x101F)

Informational

Server-side rule configuration

Real-time collection from data source '%3' ('%5') to repository '%6' enabled.

%1–Rule name

%2–Rule GUID

%3–Data source name

%4–Data source GUID

%5–Log name

%6–Repository name

%7–Repository GUID

4128

(0x1020)

Informational

Server-side rule configuration

Real-time collection from data source '%3' ('%5') to repository '%6' disabled.

%1–Rule name

%2–Rule GUID

%3–Data source name

%4–Data source GUID

%5–Log name

%6–Repository name

%7–Repository GUID

4129

(0x1021)

Informational

Server-side rule configuration

Agent-side log backup enabled for data source '%3' ('%5') in job '%6'.

%1–Rule name

%2–Rule GUID

%3–Data source name

%4–Data source GUID

%5–Log name

%6–Job name

%7–Job GUID

4130

(0x1022)

Informational

Server-side rule configuration

Agent-side log backup disabled for data source '%3' ('%5') in job '%6'.

%1–Rule name

%2–Rule GUID

%3–Data source name

%4–Data source GUID

%5–Log name

%6–Job name

%7–Job GUID

4131

(0x1023)

Informational

Agent-side rule configuration

All real-time activity was stopped on agent %8. No monitoring, real-time collection or agent-side log backup is performed.

%8–Agent name

%9–Agent ID

Related Documents