Event Record Syntax
As the alarm log and history files, the event history files are ASCII (i.e. text) log files where each line contains one event record. A record consists of seven fields, separated by the “|” character. The last field may have two parts separated by a colon.
The following lines show some examples of typical event records:
Feb 26 11:49:32 chbdev015 NEM_SECURITY_EVENT: 14|nmssystem|chbdev015|8944572| ||New FOXMAN private key activated. Keypair id 2
Feb 26 12:08:44 chbdev015 NEM_SECURITY_EVENT: 15|nemadmin|chbdev015|8945724| 8||DownloadKeyTask was successful, #taskId374
Mar 1 17:55:00 chbdev015 NEM_SECURITY_EVENT: 1041|nmssystem|chbdev015|9312100| ||Database backup start
Mar 1 17:56:50 chbdev015 NEM_SECURITY_EVENT: 1042|nmssystem|chbdev015|9312210| ||Database backup completed
The fields are:
• Event Time
This is the date and time at which the event was detected. It is of the form “yyyy/mm/dd hh:mm:ss”.
− Example: Feb 26 11:49:32
• Host
This is the name of the workstation on which the event occurred.
• Event type
Event type indicating the daemon sending the event.
− Example: NEM_SECURITY_EVENT:
• Id
This is the identifier of the event list entry.
• User
This is the name of the user who was logged in and started the process or service that generated this event.
• Managed Object
The majority of activities are associated with NEs. In these cases, the activity identifier is of the form “NE Name”:
For system activities, the managed object shows the workstation name.
For Foreign Objects, the FO name is shown.
For miscellaneous events that are not related to a particular object, the managed object field is empty.
• Agent
For activities concerning NEs, the associated agent is shown.
• Activity
This field describes the activity or event. For section activities this includes the section name.
− Examples: “Upload terminated successfully.”, “DownloadKeyTask was successful, #taskId374” or “No response from NE”.