Table sem5.dbo.AGENT_SYSTEM_LOG_2
Keeps system traffic that occur in agents

Generated by
SchemaSpy
Legend:
Primary key columns
Columns with indexes
Implied relationships
Excluded column relationships
< n > number of related tables
 
Column Type Size Nulls Auto Default Children Parents Comments
USN bigint 8 A USN-based serial number; this ID is not unique.
DOMAIN_ID char 32 GUID of the domain to which the log belongs
SITE_ID char 32 GUID of the site to which the log belongs
SERVER_ID char 32 GUID of the server to which the log belongs
GROUP_ID char 32 GUID of the group to which the log belongs
COMPUTER_ID char 32 GUID of the client computer that is associated with the agent system log
TIME_STAMP bigint 8 The time when the event is logged into system (GMT), which is server side time
EVENT_ID int 4 An event ID from send agent

AGENT_SYSTEM_INSTALL_EVENT_TYPES = Installation events: possible values are
0x12070001 = Internal error
0x12070101 = Install complete
0x12070102 = Restart recommended
0x12070103 = Restart required
0x12070104 = Installation failed
0x12070105 = Uninstallation complete
0x12070106 = Uninstallation failed
0x12071037 = Symantec AntiVirus installed
0x12071038 = Symantec Firewall installed
0x12071039 = Uninstall
0x1207103A = Uninstall rolled-back

AGENT_SYSTEM_SERVICE_EVENT_TYPES = Service events: possible values are
0x12070201 = Service starting
0x12070202 = Service started
0x12070203 = Service start failure
0x12070204 = Service stopped,0x12070205=Service stop failure
0x1207021A = Attempt to stop service

AGENT_SYSTEM_CONFIG_EVENT_TYPES = Configuration events: possible values are
0x12070206 = Config import complete
0x12070207 = Config import error
0x12070208 = Config export complete
0x12070209 = Config export error

AGENT_SYSTEM_HI_EVENT_TYPES = Host Integrity events: possible values are
0x12070210 = Host Integrity disabled
0x12070211 = Host Integrity enabled
0x12070220 = NAP integration enabled

AGENT_SYSTEM_IMPORT_EVENT_TYPES = Import events: possible values are
0x12070214 = Successfully imported advanced rule
0x12070215 = Failed to import advanced rule
0x12070216 = Successfully exported advanced rule
0x12070217 = Failed to export advanced rule

AGENT_SYSTEM_CLIENT_EVENT_TYPES = Client events: possible values are
0x12070218 = Client Engine enabled
0x12070219 = Client Engine disabled
0x12071046 = Proactive Threat Scanning is not supported on this platform
0x12071047 = Proactive Threat Scanning Load Error

AGENT_SYSTEM_SERVER_EVENT_TYPES = Server events: possible values are
0x12070301 = Server connected
0x12070302 = No server response
0x12070303 = Server connection failed
0x12070304 = Server disconnected
0x120B0001 = Cannot reach server
0x120B0002 = Reconnected server

AGENT_SYSTEM_PROFILE_EVENT_TYPES = Policy events: possible values are
0x12070306 = New policy received
0x12070307 = New policy applied
0x12070308 = New policy failed
0x12070309 = Cannot download policy
0x120B0005 = Cannot download policy
0x1207030A = Have latest policy
0x120B0004 = Have latest policy

AGENT_SYSTEM_AV_EVENT_TYPES = Antivirus engine events: possible values are
0x12071006 = Scan Omission
0x1207100B = Virus Behavior Detected
0x1207100C = Configuration Changed
0x12071010 = Definition File Download
0x12071012 = Sent To Quarantine Server
0x12071013 = Delivered To Symantec
0x12071014 = Security Response Backup
0x12071015 = Scan Aborted
0x12071016 = Symantec AntiVirus Auto-Protect Load Error
0x12071017 = Symantec AntiVirus Auto-Protect Enabled
0x12071018 = Symantec AntiVirus Auto-Protect Disabled
0x1207101A = Scan Delayed
0x1207101B = Scan Re-started
0x12071027 = Symantec AntiVirus is using old virus definitions
0x12071041 = Scan suspended
0x12071042 = Scan Resumed
0x12071043 = Scan Duration Too Short
0x12071045 = Scan Enhancements Failed

AGENT_SYSTEM_LICENSE_EVENT_TYPES = License events: possible values are
0x1207101E = License Warning
0x1207101F = License Error
0x12071020 = License in Grace Period
0x12071023 = License Installed
0x12071025 = License Up-to-date

AGENT_SYSTEM_SECURITY_EVENT_TYPES = Security events: possible values are
0x1207102B = Computer not compliant with security policy
0x1207102C = Computer compliant with security policy
0x1207102D = Tamper Attempt

AGENT_SYSTEM_OTHER_EVENT_TYPES = Other events: possible values are
0x1207020A = Email post OK
0x1207020B = Email post failure
0x1207020C = Update complete
0x1207020D = Update failure
0x1207020E = Manual location change
0x1207020F = Location changed
0x12070212 = Old Rasdll detected
0x12070213 = Autoupdate postponed
0x12070305 = Mode changed
0x1207030B = Cannot apply HI script
0x12070500 = System message from device control
0x12070600 = System message from anti-buffer overflow driver
0x12071021 = Access Denied Warning
0x12071022 = Log Forwarding Error
0x12071044 = Client moved
EVENT_TIME bigint 8 The event generated time (GMT)
SEVERITY int 4 The type of event. Possible values are: INFO = 0, WARNING = 1, ERROR = 2, FATAL = 3
AGENT_ID char 32  √  null GUID of the agent
HARDWARE_KEY char 32  √  null Hash of Computer Hardware information
HOST_NAME nvarchar 512  √  null Host Name of the client computer
CATEGORY int 4  √  null It is not used now.
EVENT_SOURCE varchar 32 The data source, such as NETPORT, NATSRV, etc.
EVENT_DESC nvarchar 2048  √  null Description of the event. Usually, the first line of the description is treated as the summary.
EVENT_DATA varbinary 2000  √  null Additional data in binary format. This field is optional.
SEND_SNMP_TRAP tinyint 1  √  null It reflects the send SNMP trap action. It is true if send is true. (Yes = 1, No = 0)
RESERVED_INT1 int 4  √  null
RESERVED_INT2 int 4  √  null
RESERVED_BIGINT1 bigint 8  √  null
RESERVED_BIGINT2 bigint 8  √  null
RESERVED_CHAR1 char 32  √  null
RESERVED_CHAR2 char 32  √  null
RESERVED_VARCHAR1 nvarchar 520  √  null
RESERVED_BINARY varbinary 2000  √  null
LOG_IDX char 32  √  null Log index unique ID

Analyzed at Mon Oct 29 12:07 PDT 2012

Indexes:
Column(s) Type Sort Constraint Name
USN Performance Asc I_AGENT_SYSTEM_LOG_2
COMPUTER_ID Performance Asc I_AGENT_SYSTEM_LOG_2_COMPUTER_ID_PLUS
EVENT_ID Performance Asc I_AGENT_SYSTEM_LOG_2_ID
LOG_IDX Performance Asc I_AGENT_SYSTEM_LOG_2_LOG_IDX
SEVERITY Performance Asc I_AGENT_SYSTEM_LOG_2_SEV
EVENT_TIME Performance Asc I_AGENT_SYSTEM_LOG_2_TIME
TIME_STAMP Performance Asc I_AGENT_SYSTEM_LOG_2_TS