| Registered Fields | ||||
|---|---|---|---|---|
| Glob ID | Mod ID | Field Name | Type | Description |
| Module remoteadm | ||||
| No field. | ||||
| Module textfile | ||||
| 0 | 0 | textfile.line_num | int | line number |
| 1 | 1 | textfile.file | vstr | source filename |
| 2 | 2 | textfile.line | str | a line of a given textfile |
| Module sockunix | ||||
| 3 | 0 | sockunix.event | int | event number |
| 4 | 1 | sockunix.time | timeval | reception time |
| 5 | 2 | sockunix.socket | str | unix socket name |
| 6 | 3 | sockunix.msg | bstr | message |
| Module udp | ||||
| 7 | 0 | udp.event | int | event number |
| 8 | 1 | udp.time | timeval | reception time |
| 9 | 2 | udp.src_addr | ipv4 | source adress |
| 10 | 3 | udp.src_port | int | source port |
| 11 | 4 | udp.dst_addr | ipv4 | destination address |
| 12 | 5 | udp.dst_port | int | destination port |
| 13 | 6 | udp.msg | bstr | message |
| Module syslog | ||||
| 14 | 0 | syslog.facility | vstr | source of the message |
| 15 | 1 | syslog.severity | vstr | severity of the message |
| 16 | 2 | syslog.time | ctime | date of the event |
| 17 | 3 | syslog.host | vstr | host |
| 18 | 4 | syslog.repeat | int | message repetition |
| 19 | 5 | syslog.pid | int | process id of the event source |
| 20 | 6 | syslog.prog | vstr | program name |
| 21 | 7 | syslog.msg | vstr | the message |
| Module rawsnare | ||||
| 22 | 0 | rawsnare.time | timeval | event time |
| 23 | 1 | rawsnare.class | int | snare event class |
| 24 | 2 | rawsnare.syscall | int | system call number |
| 25 | 3 | rawsnare.ruid | int | user id |
| 26 | 4 | rawsnare.rgid | int | main group id |
| 27 | 5 | rawsnare.euid | int | effective user id |
| 28 | 6 | rawsnare.egid | int | effective id |
| 29 | 7 | rawsnare.pid | int | process id |
| 30 | 8 | rawsnare.ppid | int | parent process id |
| 31 | 9 | rawsnare.procname | vstr | process name |
| 32 | 10 | rawsnare.retcode | int | return code |
| 33 | 11 | rawsnare.workdir | vstr | working directory |
| 34 | 12 | rawsnare.path | vstr | path |
| 35 | 13 | rawsnare.mode | int | permissions |
| 36 | 14 | rawsnare.createmode | int | creation permissions |
| 37 | 15 | rawsnare.cmdline | vstr | command line |
| 38 | 16 | rawsnare.src_path | vstr | source path |
| 39 | 17 | rawsnare.dst_path | vstr | destination path |
| 40 | 18 | rawsnare.sockcall | int | socket_call number |
| 41 | 19 | rawsnare.dst_ip | ipv4 | destination ip |
| 42 | 20 | rawsnare.dst_port | int | destination port |
| 43 | 21 | rawsnare.src_ip | ipv4 | source ip |
| 44 | 22 | rawsnare.src_port | int | source port |
| 45 | 23 | rawsnare.owner_uid | int | owner user id |
| 46 | 24 | rawsnare.owner_gid | int | owner group id |
| 47 | 25 | rawsnare.target_id | int | caller user/group id |
| 48 | 26 | rawsnare.target_rid | int | real user/group id |
| 49 | 27 | rawsnare.target_sid | int | saved user/group id |
| 50 | 28 | rawsnare.mod_name | vstr | module name |
| 51 | 29 | rawsnare.ptrace_req | vstr | ptrace request |
| 52 | 30 | rawsnare.ptrace_pid | int | ptrace pid |
| 53 | 31 | rawsnare.ptrace_addr | ptr32 | ptrace address |
| 54 | 32 | rawsnare.ptrace_data | ptr32 | ptrace data |
| 55 | 33 | rawsnare.kill_pid | int | kill dest pid |
| 56 | 34 | rawsnare.kill_sig | vstr | signal to send |
| Module snare | ||||
| 57 | 0 | snare.time | timeval | event time |
| 58 | 1 | snare.class | int | snare event class |
| 59 | 2 | snare.syscall | int | system call number |
| 60 | 3 | snare.ruid | int | user id |
| 61 | 4 | snare.rgid | int | main group id |
| 62 | 5 | snare.euid | int | effective user id |
| 63 | 6 | snare.egid | int | effective id |
| 64 | 7 | snare.pid | int | process id |
| 65 | 8 | snare.procname | vstr | process name |
| 66 | 9 | snare.retcode | int | return code |
| 67 | 10 | snare.workdir | vstr | working directory |
| 68 | 11 | snare.path | vstr | path |
| 69 | 12 | snare.mode | int | permissions |
| 70 | 13 | snare.createmode | int | creation permissions |
| 71 | 14 | snare.cmdline | vstr | command line |
| 72 | 15 | snare.src_path | vstr | source path |
| 73 | 16 | snare.dst_path | vstr | destination path |
| 74 | 17 | snare.sockcall | int | socket_call number |
| 75 | 18 | snare.dst_ip | ipv4 | destination ip |
| 76 | 19 | snare.dst_port | int | destination port |
| 77 | 20 | snare.src_ip | ipv4 | source ip |
| 78 | 21 | snare.src_port | int | source port |
| 79 | 22 | snare.owner_uid | int | owner user id |
| 80 | 23 | snare.owner_gid | int | owner group id |
| 81 | 24 | snare.target_id | int | caller user/group id |
| 82 | 25 | snare.target_rid | int | real user/group id |
| 83 | 26 | snare.target_sid | int | saved user/group id |
| 84 | 27 | snare.mod_name | vstr | module name |
| 85 | 28 | snare.sequence | int | sequence number |
| 86 | 29 | snare.devmaj | int | device major number |
| 87 | 30 | snare.devmin | int | device minor number |
| 88 | 31 | snare.offest | int | truncate offset |
| Module generic | ||||
| No field. | ||||
| Module netfilter | ||||
| 89 | 0 | netfilter.in | vstr | Input interface |
| 90 | 1 | netfilter.physin | vstr | Physical input interface |
| 91 | 2 | netfilter.out | vstr | Output interface |
| 92 | 3 | netfilter.physout | vstr | Physical output interface |
| 93 | 4 | netfilter.mac | vstr | Ethernet header |
| 94 | 5 | netfilter.src | ipv4 | IP source address |
| 95 | 6 | netfilter.dst | ipv4 | IP destination address |
| 96 | 7 | netfilter.ip_len | int | IP Packet length |
| 97 | 8 | netfilter.tos | int | Type of service ('type' field) |
| 98 | 9 | netfilter.prec | int | Type of service ('precedence' field) |
| 99 | 10 | netfilter.ttl | int | Time to live |
| 100 | 11 | netfilter.ipid | int | Packet identifier (ipid) |
| 101 | 12 | netfilter.ip_flags | int | IP flags: CE/DF/MF |
| 102 | 13 | netfilter.frag | int | IP Framgentation offset |
| 103 | 14 | netfilter.ip_opts | vstr | IP Options |
| 104 | 15 | netfilter.proto | vstr | Protocol encapsuled in IP |
| 105 | 16 | netfilter.spt | int | TCP/UDP source port |
| 106 | 17 | netfilter.dpt | int | TCP/UDP destination port |
| 107 | 18 | netfilter.seq | int | TCP sequence number |
| 108 | 19 | netfilter.ack | int | TCP ackownledged seq. number |
| 109 | 20 | netfilter.window | int | TCP window size |
| 110 | 21 | netfilter.res | int | TCP reserved bits |
| 111 | 22 | netfilter.tcp_flags | int | CWR/ECE/URG/ACK/PSH/RST/SYN/FIN |
| 112 | 23 | netfilter.urgp | int | TCP urgent pointer |
| 113 | 24 | netfilter.udp_len | int | UDP Packet length |
| 114 | 25 | netfilter.icmp_type | int | ICMP message type |
| 115 | 26 | netfilter.icmp_code | int | ICMP message code |
| 116 | 27 | netfilter.icmp_id | int | ICMP ID |
| 117 | 28 | netfilter.icmp_seq | int | ICMP sequence number |
| 118 | 29 | netfilter.icmp_param | int | ICMP parameter problem code |
| Module cisco | ||||
| 119 | 0 | cisco.msg_type | int | Cisco message type |
| 120 | 1 | cisco.acl | vstr | Access control list |
| 121 | 2 | cisco.action | vstr | Action (permitted/denied) |
| 122 | 3 | cisco.proto | vstr | Protocol |
| 123 | 4 | cisco.sip | ipv4 | Source IP address |
| 124 | 5 | cisco.dip | ipv4 | Destiantion IP address |
| 125 | 6 | cisco.spt | int | Source port |
| 126 | 7 | cisco.dpt | int | Destination port |
| 127 | 8 | cisco.packets | int | Number of packets |
| Module snmp | ||||
| 128 | 0 | snmp.version | vstr | Protocol version |
| 129 | 1 | snmp.community | vstr | Community name |
| 130 | 2 | snmp.pdu_type | vstr | Protocol Data Unit type |
| 131 | 3 | snmp.request_id | uint | Request ID |
| 132 | 4 | snmp.error_status | uint | Error status |
| 133 | 5 | snmp.error_index | uint | Error index |
| 134 | 6 | snmp.object_id | snmpoid | Object identifier |
| 135 | 7 | snmp.value | vbstr | Object value |
| Module sunbsm | ||||
| 136 | 0 | sunbsm.field_demoint | int | an int field |
| 137 | 1 | sunbsm.field_demostr | vstr | a string field |
| Module win32evt | ||||
| 138 | 0 | win32evt.rec_num | int | Event record number |
| 139 | 1 | win32evt.gen_time | ctime | Generation date |
| 140 | 2 | win32evt.wri_time | ctime | Writing date |
| 141 | 3 | win32evt.event_id | int | Event identifier |
| 142 | 4 | win32evt.event_type | int | Event type |
| 143 | 5 | win32evt.event_cat | int | Event category |
| 144 | 6 | win32evt.user_sid | vbstr | User security identifier |
| Module consoles | ||||
| No field. | ||||
| Module autohtml | ||||
| No field. | ||||
| Module sshd | ||||
| 145 | 0 | sshd.action | vstr | Authentification status |
| 146 | 1 | sshd.method | vstr | Authentification method |
| 147 | 2 | sshd.user | vstr | Current user name (login) |
| 148 | 3 | sshd.src_ip | ipv4 | IP Source address |
| 149 | 4 | sshd.src_port | int | TCP Source port |
| 150 | 5 | sshd.proto | vstr | Protocol version (ssh1/2) |
| 151 | 6 | sshd.remarks | vstr | Misc Remarks |
| 152 | 7 | sshd.ruser | vstr | Remote user name |
| 153 | 8 | sshd.client_sends | vstr | Hostname sent by client |
| 154 | 9 | sshd.resolved | vstr | Hostname resolved by the server |
| 155 | 10 | sshd.bad_proto | vstr | Bad protocol string received by the server |
| 156 | 11 | sshd.close_from | ipv4 | IP source address of connection closure |
| 157 | 12 | sshd.disconnect_from | ipv4 | Auth cancellation from IP |
| 158 | 13 | sshd.no_clistr_from | ipv4 | No client string from IP |
| 159 | 14 | sshd.sybsystem | vstr | SSH Subsystem |
| Module sudo | ||||
| 160 | 0 | sudo.caller | vstr | User who called sudo |
| 161 | 1 | sudo.tty | vstr | Pseudo terminal where user is logged |
| 162 | 2 | sudo.workdir | vstr | Current working directory |
| 163 | 3 | sudo.user | vstr | Destination user set by sudo |
| 164 | 4 | sudo.cmd | vstr | Requested command line |
| Module tftpd | ||||
| 165 | 0 | tftpd.file | vstr | File requested |
| 166 | 1 | tftpd.host | ipv4 | Client IP address |
| 167 | 2 | tftpd.port | int | Client TCP port |
| 168 | 3 | tftpd.action | vstr | Server action |
| 169 | 4 | tftpd.version | vstr | Software version |
| Module imapd | ||||
| 170 | 0 | imapd.user | vstr | User login |
| 171 | 1 | imapd.auth | vstr | Authentification method |
| 172 | 2 | imapd.host | vstr | Remote client hostname |
| 173 | 3 | imapd.ip | ipv4 | Remote client IP address |
| Module yppasswdd | ||||
| 174 | 0 | yppasswdd.user | vstr | User login |
| 175 | 1 | yppasswdd.uid | int | User identifier |
| 176 | 2 | yppasswdd.from | ipv4 | IP source host |
| Module pam_rhost | ||||
| 177 | 0 | pam_rhost.action | vstr | Authentification action |
| 178 | 1 | pam_rhost.ruser | vstr | Remote user name |
| 179 | 2 | pam_rhost.rhost | vstr | Remote host name |
| 180 | 3 | pam_rhost.user | vstr | Requested local user name |
| Module rshd | ||||
| 181 | 0 | rshd.ruser | vstr | Remote user login |
| 182 | 1 | rshd.rhost | vstr | Remote client host |
| 183 | 2 | rshd.user | vstr | Requested local user |
| 184 | 3 | rshd.cmd | vstr | Requested command line |
| Module afpd | ||||
| 185 | 0 | afpd.login | vstr | User login |
| 186 | 1 | afpd.uid | int | User identifier |
| 187 | 2 | afpd.gid | int | User group identifier |
| 188 | 3 | afpd.proto | vstr | Apple Filesharing Protocol version |
| 189 | 4 | afpd.logout | vstr | User logout |
| 190 | 5 | afpd.read | int | Bytes read by server during the connexion |
| 191 | 6 | afpd.write | int | Bytes written by server during the connexion |
| Module named | ||||
| 192 | 0 | named.resolve | vstr | Erronous resolved name |
| 193 | 1 | named.in | vstr | Name server zone |
| 194 | 2 | named.srv_ip | ipv4 | Lame server IP address |
| 195 | 3 | named.srv_port | int | Lame server UDP port |
| 196 | 4 | named.cli_ip | ipv4 | IP address of the zone transfer requester |
| 197 | 5 | named.cli_port | int | TCP port of the zone transfer requester |
| 198 | 6 | named.zone | vstr | Requested zone for the transfer |
| 199 | 7 | named.zone_notify | vstr | Zone which send a notify |
| 200 | 8 | named.serial | vstr | Serial number sent |
| Module arpwatch | ||||
| 201 | 0 | arpwatch.msg | vstr | ArpWatch event category |
| 202 | 1 | arpwatch.ip | ipv4 | IP address |
| 203 | 2 | arpwatch.mac | vstr | MAC address |
| 204 | 3 | arpwatch.old_mac | vstr | Old MAC address |
| Module popa3d | ||||
| 205 | 0 | popa3d.auth_user | vstr | User login authentified |
| 206 | 1 | popa3d.msgs | int | Messages retrieved |
| 207 | 2 | popa3d.bytes | int | Total size of the transfer |
| 208 | 3 | popa3d.del_msgs | int | Messages deleted |
| 209 | 4 | popa3d.del_bytes | int | Size deleted |
| 210 | 5 | popa3d.left_msgs | int | Message left in mail spool |
| 211 | 6 | popa3d.left_bytes | int | Size left in mail spool |
| 212 | 7 | popa3d.error_msg | vstr | Error message |
| Module dhcpd | ||||
| 213 | 0 | dhcpd.method | vstr | DHCP method |
| 214 | 1 | dhcpd.ip | ipv4 | Client IP address |
| 215 | 2 | dhcpd.mac | vstr | Client Ethernet MAC address |
| 216 | 3 | dhcpd.if | vstr | Interface used by the DHCP server |
| 217 | 4 | dhcpd.srv_ip | ipv4 | DHCP server address |
| 218 | 5 | dhcpd.no_leases_on | ipv4 | No free lease on subnet |
| Module dhclient | ||||
| 219 | 0 | dhclient.action | vstr | Action |
| 220 | 1 | dhclient.ip | ipv4 | Ip address |
| 221 | 2 | dhclient.renewal | int | Renewal time |
| 222 | 3 | dhclient.method | vstr | DHCP Method |
| 223 | 4 | dhclient.src_ip | ipv4 | IP address source |
| 224 | 5 | dhclient.interface | vstr | Interface |
| 225 | 6 | dhclient.port | int | UDP port |
| 226 | 7 | dhclient.interval | int | interval in seconds |
| 227 | 8 | dhclient.dst_ip | ipv4 | Destination IP address |
| 228 | 9 | dhclient.message | vstr | Message of DHCP client |
| 229 | 10 | dhclient.reason | vstr | Reason of the error message |
| Module rsyncd | ||||
| 230 | 0 | rsyncd.on | vstr | Path exported by the server |
| 231 | 1 | rsyncd.from_host | vstr | Client host name |
| 232 | 2 | rsyncd.from_ip | ipv4 | Client IP address |
| 233 | 3 | rsyncd.wrote | int | Bytes written |
| 234 | 4 | rsyncd.read | int | Bytes read |
| 235 | 5 | rsyncd.total | int | Totals transfer size |
| 236 | 6 | rsyncd.error | vstr | Error message |
| Module automount | ||||
| 237 | 0 | automount.mount | vstr | Mount point attempted to be mounted |
| 238 | 1 | automount.expired | vstr | Mount point expiration |
| 239 | 2 | automount.version | vstr | Automounter version |
| 240 | 3 | automount.path | vstr | Path added to the mount point list |
| 241 | 4 | automount.maptype | vstr | Map type |
| 242 | 5 | automount.mapname | vstr | Map name |
| 243 | 6 | automount.action | vstr | Action of the automounter daemon |
| 244 | 7 | automount.type | vstr | Type of map |
| 245 | 8 | automount.key | vstr | Key |
| 246 | 9 | automount.value | vstr | Value of the key |
| 247 | 10 | automount.entry | vstr | Entry |
| 248 | 11 | automount.info | vstr | Information |
| 249 | 12 | automount.cmdline | vstr | Full command line |
| 250 | 13 | automount.prog | vstr | Program of the command line |
| 251 | 14 | automount.mountpoint | vstr | Mount point |
| 252 | 15 | automount.mounttype | vstr | Mount type |
| 253 | 16 | automount.msg | vstr | Message |
| Module xinetd | ||||
| 254 | 0 | xinetd.action | vstr | Information on the action |
| 255 | 1 | xinetd.service | vstr | Service started |
| 256 | 2 | xinetd.pid | int | Process identifier of the daemon process |
| 257 | 3 | xinetd.from | ipv4 | IP address which requested the service |
| 258 | 4 | xinetd.duration | int | Duration of the transaction |
| 259 | 5 | xinetd.config_file | vstr | Configuration file |
| 260 | 6 | xinetd.line | int | Line number |
| 261 | 7 | xinetd.version | vstr | Version of Xinetd |
| 262 | 8 | xinetd.options | vstr | Compilations options |
| 263 | 9 | xinetd.svcs_nb | int | Number of running services |
| 264 | 10 | xinetd.server_file | vstr | Binary server file |
| 265 | 11 | xinetd.reason | vstr | Reason of the message |
| 266 | 12 | xinetd.file | vstr | File |
| Module crond | ||||
| 267 | 0 | crond.user | vstr | User which execute the job |
| 268 | 1 | crond.cmd | vstr | Executed command |
| Module postfix_cleanup | ||||
| 269 | 0 | postfix_cleanup.queue_id | vstr | Queue identifier |
| 270 | 1 | postfix_cleanup.msg_id | vstr | Message identifier |
| Module postfix_local | ||||
| 271 | 0 | postfix_local.queue_id | vstr | Queue identifier |
| 272 | 1 | postfix_local.to | vstr | Destination mail address (To:) |
| 273 | 2 | postfix_local.orig_to | vstr | Original destination (before rewrite) |
| 274 | 3 | postfix_local.relay | vstr | Relay name |
| 275 | 4 | postfix_local.delay | int | Delay value |
| 276 | 5 | postfix_local.status | vstr | Status of the transaction |
| 277 | 6 | postfix_local.fwd_as | vstr | Forward information |
| 278 | 7 | postfix_local.pipe_cmd | vstr | Pipe command |
| 279 | 8 | postfix_local.message | vstr | Additionnal message |
| Module postfix_pickup | ||||
| 280 | 0 | postfix_pickup.queue_id | vstr | Queue identifier |
| 281 | 1 | postfix_pickup.user_id | int | User identifier |
| 282 | 2 | postfix_pickup.from | vstr | Source recipient |
| Module postfix_qmgr | ||||
| 283 | 0 | postfix_qmgr.queue_id | vstr | Queue identifier |
| 284 | 1 | postfix_qmgr.from | vstr | Sender mail address (From:) |
| 285 | 2 | postfix_qmgr.size | vstr | Size of the message |
| 286 | 3 | postfix_qmgr.nrcpt | vstr | Number of recipients |
| 287 | 4 | postfix_qmgr.status | vstr | Status of the transaction |
| 288 | 5 | postfix_qmgr.to | vstr | Destination mail address |
| 289 | 6 | postfix_qmgr.relay | vstr | Relay name |
| 290 | 7 | postfix_qmgr.delay | int | Delay value |
| 291 | 8 | postfix_qmgr.message | vstr | Additionnal message |
| Module postfix_smtp | ||||
| 292 | 0 | postfix_smtp.queue_id | vstr | Queue identifier |
| 293 | 1 | postfix_smtp.to | vstr | Destination mail address (To:) |
| 294 | 2 | postfix_smtp.orig_to | vstr | Original destination address (before rewrite) |
| 295 | 3 | postfix_smtp.relay | vstr | Relay name |
| 296 | 4 | postfix_smtp.delay | int | Delay value |
| 297 | 5 | postfix_smtp.status | vstr | Status of the transaction |
| 298 | 6 | postfix_smtp.message | vstr | Additionnal message |
| Module postfix_smtpd | ||||
| 299 | 0 | postfix_smtpd.connect_from | vstr | Connection from host |
| 300 | 1 | postfix_smtpd.queue_id | vstr | Queue identifier |
| 301 | 2 | postfix_smtpd.client | vstr | Client information |
| 302 | 3 | postfix_smtpd.disconnect_from | vstr | Disconnection from host |
| 303 | 4 | postfix_smtpd.from_host | vstr | Host name rejected |
| 304 | 5 | postfix_smtpd.from_ip | ipv4 | IP address rejected |
| 305 | 6 | postfix_smtpd.err_msg | vstr | Additionnal error message |
| 306 | 7 | postfix_smtpd.reject_from | vstr | Unresolved rejection |
| Module postfix_error | ||||
| 307 | 0 | postfix_error.queue_id | vstr | Queue identifier |
| 308 | 1 | postfix_error.to | vstr | Destination mail address (To:) |
| 309 | 2 | postfix_error.orig_to | vstr | Original destination address (before rewrite) |
| 310 | 3 | postfix_error.relay | vstr | Relay name |
| 311 | 4 | postfix_error.delay | int | Delay value |
| 312 | 5 | postfix_error.status | vstr | Status of the transaction |
| 313 | 6 | postfix_error.message | vstr | Additionnal message |
| Module pam_unix | ||||
| 314 | 0 | pam_unix.dest_user | vstr | Identity of the opened session |
| 315 | 1 | pam_unix.src_uid | int | User identifier that requested the session |
| 316 | 2 | pam_unix.src_user | vstr | Identity that requested the session |
| 317 | 3 | pam_unix.msg | vstr | Message |
| 318 | 4 | pam_unix.logname | vstr | Login name that failed the authentification |
| 319 | 5 | pam_unix.uid | int | User identifier corresponding to the login |
| 320 | 6 | pam_unix.euid | int | Effective user identifier |
| 321 | 7 | pam_unix.tty | vstr | Pseudo terminal |
| 322 | 8 | pam_unix.ruser | vstr | Remote user |
| 323 | 9 | pam_unix.rhost | vstr | Remote host |
| 324 | 10 | pam_unix.user | vstr | User name |
| Module pam_rsh | ||||
| 325 | 0 | pam_rsh.action | vstr | Authentification action |
| 326 | 1 | pam_rsh.user | vstr | User login |
| 327 | 2 | pam_rsh.uid | int | User identifier |
| Module nfhub | ||||
| 328 | 0 | nfhub.acl | vstr | Access Control List |
| 329 | 1 | nfhub.action | vstr | Action (accept/drop/reject/log) |
| 330 | 2 | nfhub.desc | vstr | Brief description |
| 331 | 3 | nfhub.nf_msg | vstr | Complete Linux NetFilter message |
| Module promisc | ||||
| 332 | 0 | promisc.action | vstr | Action of the network driver |
| 333 | 1 | promisc.interface | vstr | Interface which entered/left promisc mode |
| Module 8259pic | ||||
| 334 | 0 | 8259pic.spurious_irq | int | Spurious Interrupt reported by controller |
| Module klogd | ||||
| 335 | 0 | klogd.status | vstr | Status of the Kernel Logger |
| 336 | 1 | klogd.version | vstr | Version of the Kernel Logger |
| 337 | 2 | klogd.source | vstr | Path of the source of the kernel messages |
| Module linux_kernel | ||||
| 338 | 0 | linux_kernel.uts_release | vstr | UNIX Time-sharing System release |
| 339 | 1 | linux_kernel.compile_by | vstr | User who compiled this kernel |
| 340 | 2 | linux_kernel.compile_host | vstr | Compilation host |
| 341 | 3 | linux_kernel.compiler | vstr | Used Compiler |
| 342 | 4 | linux_kernel.uts_version | vstr | UNIX Time-sharing System version |
| 343 | 5 | linux_kernel.kernel_cmdline | vstr | Command line passed to the kernel |
| Module linux_knfsd | ||||
| 344 | 0 | linux_knfsd.nfs_server | vstr | Network File System server |
| 345 | 1 | linux_knfsd.status | vstr | Status |
| Module modprobe | ||||
| 346 | 0 | modprobe.mod_not_found | vstr | Requested module not found |
| 347 | 1 | modprobe.install_err | vstr | Error during installation |
| Module apache | ||||
| 348 | 0 | apache.host | vstr | IP address/hostname of the client |
| 349 | 1 | apache.ident | vstr | Identification |
| 350 | 2 | apache.userid | vstr | User identity |
| 351 | 3 | apache.date | vstr | Date and time of the transaction |
| 352 | 4 | apache.http_method | vstr | HTTP protocol method |
| 353 | 5 | apache.http_uri | vstr | Requested universal resource identifier |
| 354 | 6 | apache.http_version | vstr | HTTP protocol version |
| 355 | 7 | apache.http_status | int | Transaction status code |
| 356 | 8 | apache.http_size | int | Size of the transaction (in bytes) |
| 357 | 9 | apache.referer | vstr | HTTP referer |
| 358 | 10 | apache.google_query | vstr | Google query |
| 359 | 11 | apache.user_agent | vstr | User agent |
| Module httpd_error | ||||
| 360 | 0 | httpd_error.date | vstr | Date |
| 361 | 1 | httpd_error.severity | vstr | Severity of the message |
| 362 | 2 | httpd_error.client | ipv4 | Client of this connection |
| 363 | 3 | httpd_error.msg | vstr | The message itself |
| 364 | 4 | httpd_error.file | vstr | A file |
| 365 | 5 | httpd_error.link | vstr | A link |
| 366 | 6 | httpd_error.dir | vstr | A directory |
| 367 | 7 | httpd_error.msg_info | vstr | Additional information message |
| 368 | 8 | httpd_error.script | vstr | A script |
| Module apachessl | ||||
| 369 | 0 | apachessl.date | vstr | Date and time of the transaction |
| 370 | 1 | apachessl.host | vstr | Client host address |
| 371 | 2 | apachessl.proto | vstr | Protocol |
| 372 | 3 | apachessl.ciphers | vstr | Ciphers |
| 373 | 4 | apachessl.http_method | vstr | HTTP protocol method |
| 374 | 5 | apachessl.http_uri | vstr | Requested universal resource identifier |
| 375 | 6 | apachessl.http_version | vstr | HTTP protocol version |
| 376 | 7 | apachessl.http_size | int | Size of the transaction (in bytes) |
| Module rpcmountd | ||||
| 377 | 0 | rpcmountd.action | vstr | Action (mount/unmount) |
| 378 | 1 | rpcmountd.src_host | vstr | Source host |
| 379 | 2 | rpcmountd.port | int | TCP source port |
| 380 | 3 | rpcmountd.path | vstr | Path to be mounted |
| 381 | 4 | rpcmountd.wd | vstr | Working directory |
| 382 | 5 | rpcmountd.exp_req | ipv4 | IP address that made an export request |
| Module pop3login | ||||
| 383 | 0 | pop3login.login | vstr | Login |
| 384 | 1 | pop3login.src_ip | ipv4 | IP source address |
| Module imaplogin | ||||
| 385 | 0 | imaplogin.login | vstr | Login |
| 386 | 1 | imaplogin.src_ip | ipv4 | IP source address |
| Module ntpd | ||||
| 387 | 0 | ntpd.msg | vstr | Message |
| 388 | 1 | ntpd.ref | ipv4 | Reference clock |
| 389 | 2 | ntpd.stratum | int | Stratum of the reference clock |
| 390 | 3 | ntpd.status | int | Kernel time sync status |
| Module snort | ||||
| 391 | 0 | snort.gen | int | Generic identifier |
| 392 | 1 | snort.id | int | Identifier |
| 393 | 2 | snort.rev | int | Revision |
| 394 | 3 | snort.category | vstr | Category |
| 395 | 4 | snort.desc | vstr | Description |
| 396 | 5 | snort.class | vstr | Class |
| 397 | 6 | snort.prio | int | Priority |
| 398 | 7 | snort.proto | vstr | Protocol |
| 399 | 8 | snort.sip | ipv4 | IP source address |
| 400 | 9 | snort.spt | int | TCP/UDP source port |
| 401 | 10 | snort.dip | ipv4 | IP destination addess |
| 402 | 11 | snort.dpt | int | TCP/UDP destination port |
| 403 | 12 | snort.message | vstr | Message of the snort module |
| 404 | 13 | snort.threshold | int | Threshold reached in the time period |
| 405 | 14 | snort.period | int | Time period in second |
| 406 | 15 | snort.nb_conn | int | Number of connections |
| 407 | 16 | snort.nb_host | int | Number of hosts reached |
| 408 | 17 | snort.nb_tcp | int | Number of TCP connections |
| 409 | 18 | snort.nb_udp | int | Number of UDP connections |
| 410 | 19 | snort.total_time | int | Total time of the scan |
| Module sslerror | ||||
| 411 | 0 | sslerror.date | vstr | Event date |
| 412 | 1 | sslerror.severity | vstr | Event severity |
| 413 | 2 | sslerror.module | vstr | Source module |
| 414 | 3 | sslerror.message | vstr | Message |
| 415 | 4 | sslerror.srv_addr | vstr | Server address |
| 416 | 5 | sslerror.srv_port | int | Server port |
| 417 | 6 | sslerror.cli_addr | ipv4 | Client address |
| 418 | 7 | sslerror.openssl_code | vstr | OpenSSL error code |
| 419 | 8 | sslerror.openssl_msg | vstr | OpenSSL error message |
| Module entropy | ||||
| 420 | 0 | entropy.message | vstr | Entropy checker daemon message |
| 421 | 1 | entropy.src_ip | ipv4 | Source IP address |
| 422 | 2 | entropy.src_port | int | Source port address |
| 423 | 3 | entropy.dst_ip | ipv4 | Destination IP address |
| 424 | 4 | entropy.dst_port | int | Destination port address |
| 425 | 5 | entropy.offset | int | Number of bytes since the connection begin |
| 426 | 6 | entropy.packets | int | Number of packets since the connection begin |
| 427 | 7 | entropy.entropy | float | Statistical entropy of data of this connection |
| 428 | 8 | entropy.maxdata | int | Data limit |
| 429 | 9 | entropy.reason | vstr | Reason of the end of connection |
| Module cups | ||||
| 430 | 0 | cups.msg | vstr | Message type |
| 431 | 1 | cups.host | vstr | Client host name |
| 432 | 2 | cups.group | vstr | Client group |
| 433 | 3 | cups.user | vstr | User name |
| 434 | 4 | cups.method | vstr | HTTP method requested |
| 435 | 5 | cups.resource | vstr | Resource requested |
| 436 | 6 | cups.version | vstr | HTTP version |
| 437 | 7 | cups.status | int | Request status |
| 438 | 8 | cups.bytes | int | Size of the request |
| 439 | 9 | cups.printer | vstr | Printer name |
| 440 | 10 | cups.jobid | int | Job identifier |
| 441 | 11 | cups.page | int | Page number |
| 442 | 12 | cups.copies | int | Copy number |
| 443 | 13 | cups.billing | vstr | Job billing attribute |
| 444 | 14 | cups.hostname | vstr | Client host name |
| 445 | 15 | cups.page_pos | vstr | Page position |
| 446 | 16 | cups.page_name | vstr | Page name |
| 447 | 17 | cups.system | vstr | Backend or filter system |
| 448 | 18 | cups.file | vstr | File |
| 449 | 19 | cups.pid | int | Process identifier |
| 450 | 20 | cups.retry | int | Number of attempts to retry |
| Module dovecot | ||||
| 451 | 0 | dovecot.protocol | vstr | Protocol used for accessing messages |
| 452 | 1 | dovecot.action | vstr | Action |
| 453 | 2 | dovecot.user | vstr | User |
| 454 | 3 | dovecot.auth_method | vstr | Authentication method |
| 455 | 4 | dovecot.remote_ip | ipv4 | Remote client IP address |
| 456 | 5 | dovecot.local_ip | ipv4 | Local server IP address |
| 457 | 6 | dovecot.security | vstr | Cryptographic protocol used |
| 458 | 7 | dovecot.reason | vstr | An explanation message |
| 459 | 8 | dovecot.top_nb | int | Number of TOP commands |
| 460 | 9 | dovecot.top_bytes | int | Number of bytes sent to client as a result of TOP command |
| 461 | 10 | dovecot.retr_nb | int | Number of RETR commands |
| 462 | 11 | dovecot.retr_bytes | int | Number of bytes sent to client as a result of RETR command |
| 463 | 12 | dovecot.del_nb | int | Number of deleted messages |
| 464 | 13 | dovecot.msg_nb | int | Number of messages (before deletion) |
| 465 | 14 | dovecot.size | int | Mailbox size in bytes (before deletion) |
| 466 | 15 | dovecot.version | vstr | Version of Dovecot |
| Module sendmail | ||||
| 467 | 0 | sendmail.queue_id | vstr | Queue unique identifier |
| 468 | 1 | sendmail.from | vstr | Message source |
| 469 | 2 | sendmail.size | int | Size of the message |
| 470 | 3 | sendmail.class | int | Message class |
| 471 | 4 | sendmail.nrcpts | int | Number of destination recipients |
| 472 | 5 | sendmail.msg_id | vstr | Message unique identifier |
| 473 | 6 | sendmail.relay | vstr | Relay host |
| 474 | 7 | sendmail.to | vstr | Destination of the message |
| 475 | 8 | sendmail.ctladdr | vstr | Control address |
| 476 | 9 | sendmail.delay_h | int | Hours of total delay |
| 477 | 10 | sendmail.delay_m | int | Minutes of total delay |
| 478 | 11 | sendmail.delay_s | int | Seconds of total delay |
| 479 | 12 | sendmail.xdelay_h | int | Hours of this transaction delay |
| 480 | 13 | sendmail.xdelay_m | int | Minutes of this transaction delay |
| 481 | 14 | sendmail.xdelay_s | int | Seconds of this transaction delay |
| 482 | 15 | sendmail.mailer | vstr | The delivery agent used |
| 483 | 16 | sendmail.pri | int | The initial priority |
| 484 | 17 | sendmail.dsn | vstr | Delivery Status Notification |
| 485 | 18 | sendmail.stat | vstr | Status of delivery |
| 486 | 19 | sendmail.info_msg | vstr | Additional information message |
| Module anacron | ||||
| 487 | 0 | anacron.job | vstr | Anacron job |
| 488 | 1 | anacron.timestamp | vstr | Timestamp |
| Module postgres | ||||
| 489 | 0 | postgres.line_num | int | Line number of the message |
| 490 | 1 | postgres.msg_num | int | Message number |
| 491 | 2 | postgres.msg_type | vstr | Type of the message |
| 492 | 3 | postgres.msg | vstr | Message |
| 493 | 4 | postgres.src_ip | ipv4 | Source IP address |
| 494 | 5 | postgres.src_port | int | Source TCP port |
| 495 | 6 | postgres.user | vstr | User |
| 496 | 7 | postgres.db | vstr | Database |
| 497 | 8 | postgres.date | vstr | Date |
| 498 | 9 | postgres.checkpoint | vstr | Checkpoint record position |
| 499 | 10 | postgres.redo_at | vstr | Redo record position |
| 500 | 11 | postgres.redo_on | vstr | Redo record position |
| 501 | 12 | postgres.undo_at | vstr | Undo record position |
| 502 | 13 | postgres.undo_on | vstr | Undo record position |
| 503 | 14 | postgres.status | vstr | Status |
| 504 | 15 | postgres.next_trans_id | int | Next transaction identifier |
| 505 | 16 | postgres.next_oid | int | Next object identifier |
| 506 | 17 | postgres.near | vstr | Token position |
| 507 | 18 | postgres.char | int | Character position |
| 508 | 19 | postgres.local | vstr | Local connection |
| Module udev | ||||
| 509 | 0 | udev.action | vstr | Action |
| 510 | 1 | udev.dev_node | vstr | Device node |
| 511 | 2 | udev.config_file | vstr | Configuration file |
| 512 | 3 | udev.line | int | Line in file |
| 513 | 4 | udev.dev_name | vstr | Device name |
| 514 | 5 | udev.new_dev_name | vstr | New device name |
| Module ypserv | ||||
| 515 | 0 | ypserv.action | vstr | Action |
| 516 | 1 | ypserv.server | vstr | Server |
| 517 | 2 | ypserv.domain | vstr | Network information server (NIS) domain |
| 518 | 3 | ypserv.msg | vstr | Message |
| Module init | ||||
| 519 | 0 | init.action | vstr | Init action |
| 520 | 1 | init.runlevel | int | Runlevel |
Generated by Orchids. Thu Nov 10 19:00:04 2005