|
|
The following columns and their characteristics are defined in all database tables created using eels_db_admin(1Meels). Use this description of the database columns to determine which column names you can use in SQL queries.
EELS database columns
Column name | Data type | Use |
---|---|---|
UniqEventID | float8 | A unique sequence number (generated by the EELS daemon.) |
SequenceNumber | int4 | A sequence number for this record, if the original event record had to span multiple database records (automatically generated by the EELS daemon) |
ProcessID | int4 | The UNIX process ID of the originator of this message |
GroupID | varchar(64) | The GID of the process that generated this message |
LightWeightProcessID | int4 | The LWP ID of the originator of the message |
LogSystemsSource | varchar(128) | The name of the message originator, for example, syslog, Audit and so on |
Length | int4 | The total length of the data portion of this message |
VersionID | int4 | The EELS version number |
TimeOffset | double | The offset in milli-seconds from the beginning of the EPOCH that this event occurred |
TimeUncertaintyInterval | int4 | The uncertainty in milliseconds of the offset |
TimeUncertaintyIndicator | int4 | The uncertainty indicator as a percentage of confidence in the uncertainty interval |
TimeSource | varchar(255) | The signal or source of trusted time. This is usually a hostname or address of a network time server |
TimeZone | varchar(64) | The timezone format as defined in the Single UNIX specification |
EventNumber | int4 | The event type number |
EventNumberStr | varchar(255) | The event type description |
Outcome | int4 | The outcome of this event |
OriginatorHostName | varchar(255) | The name of the host that requested the recording of this event |
OriginatorServiceName | varchar(255) | The name of the service that requested the recording of this event |
OriginatorLocationAddress | varchar(255) | The address of the service that requested the recording of this event |
OriginatorServiceType | varchar(255) | An optional list of the supported functions provided by the originator |
OriginatorAuthAuthority | varchar(255) | The Authentication Authority that detected the event. An example of an authentication authority is the hostname of the machine that generated the event |
OriginatorPrincipalName | varchar(255) | The UNIX user name the process was running as when it requested the recording of this event |
OriginatorPrincipalID | varchar(255) | The UNIX UID the process was running as when it requested the recording of this event |
InitiatorAuthAuthority | varchar(255) | The initiator represents the principle that is accountable for the initiation of the event. This field contains the hostname that is responsible for the event |
InitiatorDomainSpecificName | varchar(255) | The username that is responsible for the generation of the event |
InitiatorDomainSpecificID | varchar(255) | The UID that is responsible for the generation of the event |
TargetLocationName | varchar(255) | The target represents the object that was the target of activity that caused the event to be generated.For example, a file or a record within a database |
TargetLocationAddress | varchar(255) | The address of service that was the target of activity that caused the event to be generated |
TargetServiceType | varchar(255) | An optional list of the supported functions provided by the target |
TargetAuthAuthority | varchar(255) | The Authentication Authority that was the target of the event |
TargetPrincipalName | varchar(255) | The username associated with the target process |
TargetPrincipalID | varchar(255) | The UID associated with the target process |
PtrToSourceDomain | varchar(255) | For imported records use this field to point to the original location of this record in the originating log file |
SourceSpecificInformation | varchar(255) | Information specific to this source of events, that could be details such as, syslog levels and facilities |
EventSpecificInformation | varchar(???) | The data section of the message. If the amount of data exceeds the maximum record size supported by your database additional records are created by EELS to contain the remaining message and the SequenceNumber field is incremented |