Table sem5.dbo.SERVER_SYSTEM_LOG_2
Keeps system activities that occur in server

Generated by
SchemaSpy
Legend:
Primary key columns
Columns with indexes
Implied relationships
Excluded column relationships
< n > number of related tables
 
Column Type Size Nulls Auto Default Children Parents Comments
USN bigint 8 A USN-based serial number; this ID is not unique.
DOMAIN_ID char 32  √  null Not used, logged as ''
SITE_ID char 32 GUID of the site to which the log belongs
SERVER_ID char 32 GUID of the server to which the log belongs
TIME_STAMP bigint 8 The time when the event is logged into system (GMT), which is server side time
SEVERITY int 4 Enum (SEVERE, WARNING, INFO, CONFIG, FINE, FINER, FINEST):
>= 400 is Finer and above
>=500 is Fine and above
>=700 is Configuration and above
>=800 is Informational and above
>=900 is Warning and above
>=1000 is Severe and above
EVENT_ID int 4 The unique ID for the system event.

Server events; possible values are as follows:
257 = Management server started up successfully
258 = Management server startup failed
259 = Management server shut down gracefully
260 = Management server created
261 = Site created
262 = Package published
263 = Site license exceeded
264 = Organization Unit or Container importing started
265 = Organization Unit or Container importing succeeded
266 = Organization Unit or Container importing failed
267 = Client sweeping started
268 = Client sweeping summary
269 = Client sweeping successful
270 = Client sweeping failed
271 = Database logs have been swept
272 = Management server upgrade successful
273 = Scheduled reporting failed
274 = Virus definitions folder does not exist
275 = The process {0} cannot lock the process status table. The process status has been locked by the server {1} since {2}.
276 = Whitelist and Blacklist LiveUpdate
281 = Resource is locked

Replication events; possible values are as follows:
769 = Replication from remote site started
770 = Replication failed to log on to remote site
771 = Unable to fetch changed data from remote site
772 = Replication finished successfully
773 = Replication failed
774 = Replication merge failed
775 = Unable to connect to remote site
776 = Name changed to resolve merge conflict
777 = Group full path name is too long for replication
778 = Retrieval of local changed data for remote site started.
779 = Retrieval of local changed data for remote site finished successfully
780 = Retrieval of local changed data for remote site failed.
781 = Replication has been chosen as the deadlock victim and has been killed by the database.
782 = Replication data has been received
783 = DB versions dont match between local and remote sites

Backup events; possible values are as follows:
1025 = Backup connection failed
1026 = Backup data fetch failed
1027 = Backup file write failed
1028 = Backup failed
1029 = Backup success
1030 = Backup has been started

System error events; possible values are as follows:
1281 = An unexpected exception has occurred
1282 = Connection to the mail server failed
1283 = Failed to start RADIUS Server. The RADIUS port may be in use by another process.
1284 = Failed to start RADIUS Server. Set non-Block IO socket failed
1285 = Failed to start RADIUS Server. Create socket Error.
1286 = Server error

Policy events; possible values are as follows:
1537 = Added Intrusion Prevention Policy
1538 = Deleted Intrusion Prevention Policy
1539 = Updated Intrusion Prevention Policy
1540 = Intrusion Prevention Policy is up to date
1541 = Skipped publishing a Content Revision during LU Content Policy compilation as the corresponding binary file exist.

LiveUpdate events; possible values are as follows:
1793 = LiveUpdate started
1794 = LiveUpdate successful
1795 = LiveUpdate failed
1796 = LiveUpdate manual launch successful
1797 = LiveUpdate manual launch failed
1798 = LiveUpdate retry started
1799 = LiveUpdate retry successful
1800 = LiveUpdate retry failed
1802 = Download started
1803 = Retry timestamp is over the maximum retry window, switching to regular schedule run.
1804 = LiveUpdate retry failed and will try again
1805 = Retry timestamp is equal or over the next schedule time, switching to regular schedule run.
1806 = LUALL.EXE has been launched.
1807 = LUALL.EXE exited abnormally.
1808 = LUALL.EXE finished running.
1809 = LUALL.EXE Failed.
1810 = Start uploading content to the database
1811 = The specified LiveUpdate file path does not exist.
1812 = LiveUpdate content category file has been inserted
1813 = LiveUpdate content category file has been updated
1814 = Client Package has been downloaded
1815 = Client Package patching failed
1816 = New LiveUpdate content has been downloaded
1817 = There is an error in the LiveUpdate upload URL parameters.
1818 = Failed to download LiveUpdate content
1819 = Cleaned up LiveUpdate downloaded content
1820 = Host Integrity Template has been updated
1821 = LiveUpdate exceeded its timeout. Process is destroyed.
1822 = LiveUpdate next start time and server
1824 = Failed to update
1825 = {0} is up-to-date.
1826 = LiveUpdate re-run is triggered by content catalog update.
1827 = {0} is not available on the LiveUpdate server.
1828 = Manual LiveUpdate cancelled
1829 = LiveUpdate delayed

Network Audit events; possible values are as follows:
2049 = Network Audit Search Unagented Hosts Started
2050 = Network Audit Search Unagented Hosts Finished Normally
2051 = Network Audit Search Unagented Hosts Finished Abnormally
2052 = Network Audit Client Remote Pushing Install Started
2053 = Network Audit Client Remote Pushing Install Finished Normally
2054 = Network Audit Client Remote Pushing Install Finished Abnormally

Rapid Response content events; possible values are as follows:
2305 = Successful installation of rapid response content
2306 = Failed to install rapid response content

Certificate events; possible values are as follows:
4097 = Got a valid certificate.
4098 = Got a mis-matched certificate.

JDNI events; possible values are as follows:
4353 = Management Server has detected and ignored one or more duplicate entries. Please check the following entries in your directory server:\n{0}

Send email events; possible values are as follows:
4609 = Email sending failed
4610 = Email sending directly to mail server failed

Licensing events; possible values are as follows:
4865 = Add a license
4866 = Renew a license
4867 = Delete a license
4868 = Import trial license
4869 = Import upgrade license
4870 = License expires
4871 = License overdeployed
4872 = Remove trial license

Transaction log truncation events; possible values are as follows:
5121 = Truncate Transaction Log Task Started
5122 = Truncate Transaction Log Task Succeeded
5123 = Truncate Transaction Log Task Failed

Rebuild indexes events; possible values are as follows:
5377 = Rebuild Indexes Task Started
5378 = Rebuild Indexes Task Succeeded
5379 = Rebuild Indexes Task Failed

EVENT_DESC nvarchar 4000  √  null Description of the event. Usually, the first line of the description is treated as the summary.
MSG_ID int 4  √  null Event description ID, use this ID to load localized message (Only used when an exception is related to this event)
ERROR_CODE int 4  √  null ErrorCode can unique identify the error in source code (Only used when an exception is related to this event). ** See ERROR_CODE and MSG_ID worksheet **
STACK_TRACE nvarchar 4000  √  null Stacktrace of exception (Only used when an exception is related to this event).
RESERVED_INT1 int 4  √  null
RESERVED_INT2 int 4  √  null
RESERVED_BIGINT1 bigint 8  √  null
RESERVED_BIGINT2 bigint 8  √  null
RESERVED_CHAR1 char 32  √  null
RESERVED_CHAR2 char 32  √  null
RESERVED_VARCHAR1 nvarchar 520  √  null
RESERVED_BINARY varbinary 2000  √  null

Analyzed at Mon Oct 29 12:07 PDT 2012

Indexes:
Column(s) Type Sort Constraint Name
USN Performance Asc I_SERVER_SYSTEM_LOG_2
EVENT_ID Performance Asc I_SERVER_SYSTEM_LOG_2_ID
SERVER_ID Performance Asc I_SERVER_SYSTEM_LOG_2_ID_PLUS
SEVERITY Performance Asc I_SERVER_SYSTEM_LOG_2_SEV
TIME_STAMP Performance Asc I_SERVER_SYSTEM_LOG_2_TIME
TIME_STAMP + USN + SITE_ID + SERVER_ID + SEVERITY + EVENT_ID Performance Asc/Asc/Asc/Asc/Asc/Asc I_SERVER_SYSTEM_LOG_2_TIME_PLUS