Exportable audit log entry fields
Audit log entry fields are described in the following table. Because the fields are exportable, the table includes the syslog export field.
Field | Syslog export field | Description |
---|---|---|
Administrator | USER_ORIGINATOR | Administrator who triggered the audit event. |
Client IP address | CLIENT_IP_ADDRESS | Address of the client that triggered the audit event. |
Component ID | COMP_ID | The identifier of the creator of the log entry. |
Creation Time | TIMESTAMP | Log entry creation time. |
Elements | OBJECT_NAME | Elements being manipulated in the audit event. |
Event ID | EVENT_ID | Event identifier, unique within one sender. |
Information message | INFO_MSG | A description of the log event that further explains the entry. |
Operation type | TYPE_DESCRIPTION | Type of action that triggered the audit entry. |
Origin name | ORIGIN_NAME | Name of the component that triggered the audit event. |
Result | RESULT | Result state after the audited event. |
Rule Tag | RULE_ID | Rule tag of the rule that triggered the log event. |
Sender | NODE_ID | IP address of the engine or server that sent the log entry. |
Sender type | SENDER_TYPE | The type of engine or server that sent the log entry. |