Developer's Guide
Table B.2. TALES Event Attributes
| TALES Event Attribute | Description |
|---|---|
| agent | The name of the daemon from which this event came (eg zensyslog, zentrap) |
| component | The component of the associated device, if applicable |
| count | Number of times this event has been seen |
| dedupid | A key used to correlate duplicate events |
| device | The id of the associated device, if applicable |
| evid | A unique id for the event |
| eventClass | The event class associated with this device |
| eventGroup | The logical group of event source (syslog, ping, nteventlog etc) |
| eventKey | The eventKey is the primary criteria for mapping events into event classes |
| facility | The Unix syslog facility if this is a syslog event |
| firstTime | The first time this event was seen |
| ipAddress | The IP address of the associated device, if known |
| lastTime | The last time this event was seen |
| manager | Fully-qualified domain name of the collector from which this event came |
| priority | The syslog priority if this is a syslog event |
| prodState | The production state of the device |
| severity | One of 0 (Clear), 1 (Debug), 2 (Info), 3 (Warning), 4 (Error) or 5 (Critical) |
| stateChange | When the MySQL record for this event was last modified |
| summary | Text description of the event |
zProperties are also available for devices and events using the same syntax as above.