Exportable audit log entry fields
Audit log entry fields are described in the following table. Because the fields are exportable, the table includes the syslog export field.
| Field | Syslog export field | Description |
|---|---|---|
| Administrator | USER_ORIGINATOR | Administrator who triggered the audit event. |
| Client IP address | CLIENT_IP_ADDRESS | Address of the client that triggered the audit event. |
| Component ID | COMP_ID | The identifier of the creator of the log entry. |
| Creation Time | TIMESTAMP | Log entry creation time. |
| Elements | OBJECT_NAME | Elements being manipulated in the audit event. |
| Event ID | EVENT_ID | Event identifier, unique within one sender. |
| Incident case | INCIDENT_CASE | The Incident case to which the logs or audit events are related. |
| Information message | INFO_MSG | A description of the log event that further explains the entry. |
| Operation type | TYPE_DESCRIPTION | Type of action that triggered the audit entry. |
| Origin name | ORIGIN_NAME | Name of the component that triggered the audit event. |
| Result | RESULT | Result state after the audited event. |
| Rule Tag | RULE_ID | Rule tag of the rule that triggered the log event. |
| Sender | NODE_ID | IP address of the engine or server that sent the log entry. |
| Sender type | SENDER_TYPE | The type of engine or server that sent the log entry. |