Table B.2. TALES Event Attributes
TALES Event Attribute | Description |
---|---|
agent | The name of the daemon from which this event came (eg zensyslog, zentrap) |
component | The component of the associated device, if applicable |
count | Number of times this event has been seen |
dedupid | A key used to correlate duplicate events |
device | The id of the associated device, if applicable |
evid | A unique id for the event |
eventClass | The event class associated with this device |
eventGroup | The logical group of event source (syslog, ping, nteventlog etc) |
eventKey | The eventKey is the primary criteria for mapping events into event classes |
facility | The Unix syslog facility if this is a syslog event |
firstTime | The first time this event was seen |
ipAddress | The IP address of the associated device, if known |
lastTime | The last time this event was seen |
manager | Fully-qualified domain name of the collector from which this event came |
priority | The syslog priority if this is a syslog event |
prodState | The production state of the device |
severity | One of 0 (Clear), 1 (Debug), 2 (Info), 3 (Warning), 4 (Error) or 5 (Critical) |
stateChange | When the MySQL record for this event was last modified |
summary | Text description of the event |
zProperties are also available for devices and events using the same syntax as above.