Table sem5.dbo.SYSTEM_REPORT
Keeps the administrator-defined filters for the System logs

Generated by
SchemaSpy
Legend:
Primary key columns
Columns with indexes
Implied relationships
Excluded column relationships
< n > number of related tables
 
Column Type Size Nulls Auto Default Children Parents Comments
SYSTEMFILTER_IDX char 32
USER_ID char 32 ('')
FILTERNAME nvarchar 510 ('')
STARTDATEFROM datetime 16,3 ('19700101') Time filter start date
STARTDATETO datetime 16,3 ('19700101') Time filter end date
RELATIVEDATETYPE int 4 ((0)) 0 = past week
1 = past month
2 = past three months
3 = past year
4 = past 24 hours
5 = current month
SYSTEM_TYPE tinyint 1 ((0)) 1 = Administrative
2 = Client server activity
3 = Server activity
4 = Client activity
5 = Enforcer Activity
SEVERITY int 4  √  (NULL) For Administrative, Client-Server and Server activity:
1000 = Error and above
900 = Warning and above
800 = Informational and above
-1 = No filter (all)

For Enforcer activity and Client activity:
0 = Informational and above
1 = Warning and above
2 = Error and above
3 = Fatal
-1 = No filter (all)
EVENT_ID varchar 64 ('') Blank or % in this field means no filtering.
For the System > Administrative log

ADMIN_ADMIN_TYPES=Administrator events. Possible values:
4097=Login succeeded
4098=Login failed
4099=Logout
4050=Account locked
4101=Account unlocked
4102=Account disabled
4103=Account enabled
4104=Administrator created
4105=Administrator deleted
4106=Administrator renamed
4107=Password changed
4108=Administrator properties are changed

ADMIN_DOMAIN_TYPES=Domain events. Possible values are as follows:
4109=Domain is created
4110=Domain is deleted
4111=Domain properties are changed
4128=Domain is disabled
4129=Domain is enabled
4130=Domain is renamed

ADMIN_GROUP_TYPES=Group events. Possible values are as follows:
8193=Group is created
8194=Group is deleted
8195=Group is renamed
8196=Group is moved
8197=Group properties are changed

ADMIN_USER_TYPES=User events. Possible values are as follows:
8198=User is created
8199=User is deleted
8200=User is moved
8201=User is copied
8202=User policy mode is switched
8203=User properties are changed

ADMIN_COMPUTER_TYPES=Computer events. Possible values are as follows:
8204=Computer is created
8205=Computer is deleted
8206=Computer is moved
8207=Computer is copied
8208=Computer policy mode is switched
8209=Computer properties are changed

ADMIN_IMPORT_TYPES=Import events. Possible values are as follows:
8210=Organizational Unit is imported
8211=Domain user is imported
8212=LDAP user is imported

ADMIN_PACKAGE_TYPES=Package events. Possible values are as follows:
12289=Package is created
12290=Package is deleted
12291=Package is exported
12292=Package is moved to recycle bin
12293=Package is now current
12294=Package is added to other domain
12295=Package properties are changed
12296=Package deployment created
12297=Package deployment deleted
12298=Package deployment properties changed
12299=Package updated

ADMIN_REPLICATION_TYPES=Replication events. Possible values are as follows:
16385=Replication partner is registered
16386=Replication partner is deleted
16400=Replicate now

ADMIN_OTHER_TYPES=Other events. Possible values are as follows:
16387=Remote site is deleted
16388=Site properties are changed
16389=Server properties are changed
16390=Database properties are changed
16391=Partner properties are changed
16392=Site license is changed
16393=Enforcer license changed
16394=Replicate now
16395=Back up now
16396=External logging properties are changed
16397=Site backup settings changed
16398=Server deleted
16399=Server certificate changed
16401=Back up now
16402=External logging properties are changed
16403=Site backup settings changed
16404=Server deleted
16405=Server certificate changed
16406=Enforcer group properties changed

For the System > Client-Server Activity log.

1=Registration succeeded
2=Registration failed
3=Client reconnected
4=Client disconnected
5=Downloaded policy
6=Downloaded Intrusion Prevention policy
7=Downloaded sylink.xml
8=Downloaded auto-upgrade file
9=Server received log
10=Log processing failed
11=Server received learned application
12=Server received client information
13=Client information processing failed
14=Hardware identity change
15=Downloaded File Fingerprint list
20=Downloaded content package
22=Downloaded command

For the System > Server Activity log.

SERVER_EVENT_TYPES=Server events. Possible values are as follows:
257=Server startup succeeded
258=Server startup failed
259=Server shut down gracefully
260=Server created

SERVER_AGENT_EVENT_TYPES=Database maintenance events. Possible values are as follows:
267=Client sweeping started
268=Client sweeping Summary
269=Client sweeping succeeded
270=Client sweeping failed
271=Database logs have been swept

SERVER_BACKUP_EVENT_TYPES=Backup events. Possible values are as follows:
1025=Backup connection failed
1026=Backup data fetch failed
1027=Backup file write failed
1028=Backup unknown failed
1029=Backup success
1030=Backup started

SERVER_RADIUS_EVENT_TYPES=Radius server events. Possible values are as follows:
1283=Failed to start Radius server. The Radius port may be in use by another process
1284=Failed to start Radius server. Set non-Block IO socket failed.
1285=Failed to start Radius Server. Create socket error.

SERVER_REPLICATION_EVENT_TYPES=Replication events. Possible values are as follows:
769=Replication from remote site started
770=Replication failed to login to remote site
771=Unable to fetch changed data from remote site
772=Replication finished successfully
773=Replication failed
774=Replication merge failed
775=Unable to connect to remote site
776=Name changed to resolvs merge conflict
777=Group full path name is too long for replication
778=Retrieval of local changed data for remote site started
779=Retrieval of local changed data for remote site finished successfully
780=Retrieval of local changed data for remote site failed
781=Replication has been chosen as the deadlock victim and killed by database
782=Replication data is received

SERVER_IMPORT_EVENT_TYPES=Import events. Possible values are as follows:
264=Organization importing started
265=Organization importing succeeded
266=Organization importing failed

SERVER_INTRUSION_PREVENTION_EVEN=Intrusion Prevention policy content updates. Possible values are as follows:
1537=Added Intrusion Prevention Library
1538=Deleted Intrusion Prevention Library
1539=Updated Intrusion Prevention Library
1540=Intrusion Prevention Library is up to date

SERVER_LU_EVENT_TYPES=LiveUpdate events. Possible values are as follows:
1793=LiveUpdate started
1794=LiveUpdate succeeded
1795=LiveUpdate failed
1796=LiveUpdate manual task succeeded
1797=LiveUpdate manual task failed
1798=LiveUpdate retry started
1799=LiveUpdate retry succeeded
1800=LiveUpdate retry failed and will try again
1801=LiveUpdate manual task started
1802=LiveUpdate retry over max window
1803=LiveUpdate retry failed and will try again
1804=LiveUpdate retry pass scheduled time
1805=LiveUpdate All process launched
1806=LiveUpdate All process exited abnormally
1807=LiveUpdate next server
1808=LiveUpdate All process finished
1809=LiveUpdate All process failed to launch
1810=LiveUpdate uploading content
1811=LiveUpdate file path not exist
1812=LiveUpdate Content Catalog file has been inserted
1813=LiveUpdate Content Catalog file has been updated
1814=Client Package has been downloaded
1815=Client Package patching failed.
1816=New LiveUpdate content has been downloaded
1817=LiveUpdate wrong URL parameter
1824=Antivirus and antispyware definitions Win64 11.0 MicroDefsB.CurDefs failed to update
1825=Download is current
1826=LiveUpdate re-run is triggered by content catalog update.
1818=Failed to download LiveUpdate content
1819=LiveUpdate content cleaned up
1820=Host Integrity Template has been updated
1821=LiveUpdate timed out
1822=LiveUpdate schedule updated

SERVER_NET_AUDIT_EVENT_TYPES=Find unmanaged computers events: possible values 2049=Search uncliented hosts started
2050=Search uncliented hosts finished normally
2051=Search uncliented hosts finished abnormally
2052=Client remote started
2053=Client remote finished normally
2054=Client remote finished abnormally

SERVER_OTHER_EVENT_TYPES=Other events. Possible values are as follows:
261=Site created
262=Package published
263=Site license exceeded
272=Server upgrade success
273=Scheduled reporting failed
274=Security risk rating summary
1281=An unexpected exception has occurred
1282=Connect mail server failed
1286=Server error

For the System > Client Activity log. EventIDs are listed by hexadecimal value.

AGENT_SYSTEM_INSTALL_EVENT_TYPES=Installation events. Possible values are as follows:
0x12070001=Internal error
0x12070101=Install complete
0x12070102=Restart recommended
0x12070103=Restart required
0x12070104=Installation failed
0x12070105=Uninstallation complete
0x12070106=Uninstallation failed
0x12071037=Symantec AntiVirus installed
0x12071038=Symantec Firewall installed
0x12071039=Uninstall
0x1207103A=Uninstall rolled-back

AGENT_SYSTEM_SERVICE_EVENT_TYPES=Service events. Possible values are as follows:
0x12070201=Service starting
0x12070202=Service started
0x12070203=Service start failure
0x12070204=Service stopped
0x12070205=Service stop failure
0x1207021A=Attempt to stop service

AGENT_SYSTEM_CONFIG_EVENT_TYPES=Configuration events. Possible values are as follows:
0x12070206=Config import complete
0x12070207=Config import error
0x12070208=Config export complete
0x12070209=Config export error

AGENT_SYSTEM_HI_EVENT_TYPES=Host Integrity events. Possible values are as follows:
0x12070210=Host Integrity disabled
0x12070211=Host Integrity enabled

AGENT_SYSTEM_IMPORT_EVENT_TYPES=Import events. Possible values are as follows:
0x12070214=Successfully imported advanced rule
0x12070215=Failed to import advanced rule
0x12070216=Successfully exported advanced rule
0x12070217=Failed to export advanced rule

AGENT_SYSTEM_CLIENT_EVENT_TYPES=Client events. Possible values are as follows:
0x12070218=Client Engine enabled
0x12070219=Client Engine disabled
0x12071046=Proactive Threat Scanning is not supported on this platform
0x12071047=Proactive Threat Scanning Load Error

AGENT_SYSTEM_SERVER_EVENT_TYPES=Server events. Possible values are as follows:
0x12070301=Server connected
0x12070302=No server response
0x12070303=Server connection failed
0x12070304=Server disconnected
0x120B0001=Cannot reach server
0x120B0002=Reconnected server

AGENT_SYSTEM_PROFILE_EVENT_TYPES=Policy events. Possible values are as follows:
0x12070306=New policy received
0x12070307=New policy applied
0x12070308=New policy failed
0x12070309=Cannot download policy
0x120B0005=Cannot download policy
0x1207030A=Have latest policy
0x120B0004=Have latest policy

AGENT_SYSTEM_AV_EVENT_TYPES=Antivirus engine events. Possible values are as follows:
0x12071006=Scan Omission
0x1207100B=Virus Behavior Detected
0x1207100C=Configuration Changed
0x12071010=Definition File Download
0x12071012=Sent To Quarantine Server
0x12071013=Delivered To Symantec
0x12071014=Security Response Backup
0x12071015=Scan Aborted
0x12071016=Symantec AntiVirus Auto-Protect Load Error
0x12071017=Symantec AntiVirus Auto-Protect Enabled
0x12071018=Symantec AntiVirus Auto-Protect Disabled
0x1207101A=Scan Delayed
0x1207101B=Scan Re-started
0x12071027=Symantec AntiVirus is using old virus definitions
0x12071041=Scan suspended
0x12071042=Scan Resumed
0x12071043=Scan Duration Too Short
0x12071045=Scan Enhancements Failed

AGENT_SYSTEM_LICENSE_EVENT_TYPES=License events. Possible values are as follows:
0x1207101E=License Warning
0x1207101F=License Error
0x12071020=License in Grace Period
0x12071023=License Installed
0x12071025=License Up-to-date

AGENT_SYSTEM_SECURITY_EVENT_TYPES=Security events. Possible values are as follows:
0x1207102B=Computer not compliant with security policy
0x1207102C=Computer compliant with security policy
0x1207102D=Tamper Attempt

AGENT_SYSTEM_OTHER_EVENT_TYPES=Other events: possible values 0x1207020A=Email post OK
0x1207020B=Email post failure
0x1207020C=Update complete
0x1207020D=Update failure
0x1207020E=Manual location change
0x1207020F=Location changed
0x12070212=Old Rasdll detected
0x12070213=Autoupdate postponed
0x12070305=Mode changed
0x1207030B=Cannot apply HI script
0x12070500=System message from device control
0x12070600=System message from anti-buffer overflow driver
0x12071021=Access Denied Warning
0x12071022=Log Forwarding Error
0x12071044=Client moved

For the System > Enforcer Activity log. EventIDs are listed by hexadecimal value.

ENFORCER_POLICY_MANAGER_EVENT_TY=Management events. Possible values are as follows:
0x101=Connected to Policy Manager
0x102=Lost connection to Policy Manager
0x103=Applied policy downloaded from Policy Manager
0x104=Failed to apply policy downloaded from Policy Manager
0x105=Applied Policy Manager configuration
0x106=Failed to apply Policy Manager configuration
0x107=Applied Policy Manager configuration
0x108=Failed to apply Policy Manager configuration

ENFORCER_ENFORCER_EVENT_TYPES=Enforcer events. Possible values are as follows:
0x201=Enforcer started
0x202=Enforcer stopped
0x203=Enforcer paused
0x204=Enforcer resumed
0x205=Enforcer disconnected from server
0x301=Enforcer failover enabled
0x302=Enforcer failover disabled
0x303=Enforcer in standby mode
0x304=Enforcer in primary mode
0x305=Enforcer short
0x306=Enforcer loop

ENFORCER_ENABLE_EVENT_TYPES=Enable events. Possible values are as follows:
0x401=Forward engine pause
0x402=Forward engine start
0x403=DNS enforcer enabled
0x404=DNS enforcer disabled
0x405=DHCP enforcer enabled
0x406=DHCP enforcer disabled
0x407=Allow all enabled
0x408=Allow all disabled

ENFORCER_PROFILE_EVENT_TYPES=Policy events. Possible values are as follows:
0x501=Seat number change
0x601=Failed to create policy parser
0x602=Failed to import policy downloaded from Policy Manager
0x603=Failed to export policy downloaded from Policy Manager
0x701=Incorrect customized attribute
EVENT_DESC nvarchar 510 ('')
MSG_ID varchar 255 ('') This field stores the hard-coded English string key found to the left of the = sign. To the right is a description of the kinds of error messages that will be queried. % or blank in this field means no filtering (all records). See "ERROR_CODE and MSG_ID" worksheet for the list of corresponding MSG IDs that fall into each bucket.
For System>Administrative:
ERR_SERVER=Server error messages
ERR_INVALID_PARAMETER=Invalid parameter error messages
ERR_GENERAL=General error messages
ERR_ROOT=Root error messages
ERR_AUTHENTICATION=Login related error messages
ERR_METADATA=Metadata error messages
ERR_TRANSACTION=Transaction error messages
ERR_DATASTORE=Datastore error messages
ERR_LICENSE=License error messages
ERR_CERTIFICATE=Certificate error messages
ERR_GROUP=Group error messages
ERR_FILE=File related error messages
ERR_LIVEUPDATE=LiveUpdate error messages
ERR_OTHER=Other error messages
ERR_NONE=None

For System> Server activity:
ERR_SERVER=Server error messages
ERR_INVALID_PARAMETER=Invalid parameter error messages
ERR_GENERAL=General error messages
ERR_ROOT=Root error messages
ERR_AUTHENTICATION=Login related error messages
ERR_METADATA=Metadata error messages
ERR_TRANSACTION=Transaction error messages
ERR_DATASTORE=Datastore error messages
ERR_LICENSE=License error messages
ERR_CERTIFICATE=Certificate error messages
ERR_GROUP=Group error messages
ERR_FILE=File related error messages
ERR_LIVEUPDATE=LiveUpdate error messages
ERR_OTHER=Other error messages
ERR_NONE=None
ENFORCERLIST nvarchar 510 ('') Comma separated Enforcer names by which to filter
ENFORCER_TYPE int 4  √  (NULL) 0 = Gateway Enforcer
1 = LAN Enforcer
2 = DHCP Enforcer
3 = Integrated Enforcer
4 = NAP Enforcer
5 = PeerToPeer Enforcer
SERVERGROUPLIST nvarchar 510 ('') Comma separated, wild-card domain names by which to filter
CLIENTGROUPLIST nvarchar 510 ('') Comma separated, wild-card group names by which to filter
SITELIST nvarchar 510 ('') Comma-separated, wild-card site names by which to filter
PARENTSERVERLIST nvarchar 510 ('') comma separated, wild-card server names by which to filter
COMPUTERLIST nvarchar 1024 ('') Comma-separated, wild-card computer names by which to filter
IPADDRESSLIST nvarchar 510 ('') Comma-separated wild-card IP addresses by which to filter
USERLIST nvarchar 510 ('') Comma-separated, wild-card user names by which to filter
POLICYNAMELIST nvarchar 510 ('') Comma-separated, wild-card policy names by which to filter
EVENTSOURCELIST nvarchar 510 ('') Comma-separated event names by which to filter
SORTORDER varchar 32 ('EVENT_TIME') Column to sort on for log views
SORTDIR varchar 5 ('DESC') Sort direction: Desc = Descending, Asc = Ascending
LIMITROWS int 4 ((20)) Number of rows to use for pagination
USERELATIVE char 2 ('on') Use relative dates ('on') or absolute dates
REPORT_IDX int 4 ('0') Not used
REPORTINPUTS nvarchar 128 ('') Special parameters if report needs them
USN bigint 8 ((1)) A USN-based serial number; this ID is not unique.
TIME_STAMP bigint 8 ((0)) The time when the event is logged into system (GMT), which is server side time
DELETED tinyint 1 ((0)) The deleted flag of the schema object:
0 = Deleted
1 = Not Deleted

Analyzed at Mon Oct 29 12:07 PDT 2012

Indexes:
Column(s) Type Sort Constraint Name
USER_ID + FILTERNAME + SYSTEM_TYPE Primary key Asc/Asc/Asc PK_SYSTEMREPORT