EventTracker Events Source

What are the custom events generated by EventTracker?

The following Events are generated for Event source = EventTracker

Event ID	Event Description
2001	The EventTracker Manager service was started.
2002	EventTracker Agent on %1 is running and okay.
2003	Accepted EventTracker Viewer connection from %1.
2004	The EventTracker Viewer from %1 was disconnected.
2005	The EventTracker Manager Console was started.
2006	EventTracker Agent on %1 was not running. Restarted successfully.
2007	EventTracker Agent on %1 is not running. Failed to restart.
2008	Detected system %1 is not reachable. No reply received on ping poll.
2009	Detected system %1 is reachable. Reply received on ping poll.
2010	Number of events in the database exceeded %1. Please purge the database or you may see slow performance of EventTracker software.
2011	System %1 may be generating high number of events. Please filter unnecessary events emitted from this system.
2012	Scheduled Report: %1 was generated and emailed successfully.
2013	Scheduled Report: %1 was not generated. Please cross-check configuration.
2014	Archival of old events done successfully. Status %1.
2015	Archival of old events failed. Status %1.
2016	Archive CAB integrity check failed. CAB Name:%1 MDB Name:%2
2017	Archive CAB integrity check successful. CAB Name: %1 MDB Name: %2
2018	Archive CAB extraction failed. Unable to proceed with verification. CAB Name:%1 MDB Name:%2
2019	Archive CAB extraction success. CAB Name: %1 MDB Name: %2
2020	Archive CAB integrity check process started.
2021	Archive CAB integrity check process completed. Total CABs Processed:%1 CABs Passed:%2 CABs Failed:%3
2022	Knowledge base file for suspicious network activity downloaded succesfully.
2023	Failed to download knowledge base file file for suspicious network activity, due to %1.
2024	System running out of disk space to process Scheduled Reports.
2025	Collection Point Success: Issdbv3 successfully sent to Collection Master at: suppserver.
2026	Collection Point Error: Unable to Connect to Collection Master at: %1. Error code : 10061 OR Collection Point Error: Network Connection lost with Collection Master Ip Address %1. Error code : 0
2027	Collection Master Success: Alerts Cache DB successfully received from %1 OR Collection Point Error: Network Connection lost with Collection Master Ip Address %1. Error code : 0
2028	Collection Master Error: Unable to connect CollectionPointInfo.mdb Datbase. OR Collection Master Error: Socket API : send failed. Error code : 10054. OR Collection Master Error: SQL Statement %1 Error code : 0
2029	Notification: Report file deletion. Following file ‘report file’ created on ‘date’ will be deleted on ‘date’ so, please take back up of the file if required. ‘Full path of report file’
2030	Could not find Event Tracker Receiver configuration file Retrieved from the previous version.
2031	Could not find EventTracker Receiver configuration file and any of its previous versions Using default configurations
2032	EventTracker configurations modified on for the sections.
2033	Type: Backup/Restore Status: Success/Failed/Interrupted Log: Xml Format (with each backup/restore element status).
2036	Scheduled Report: %1. Error Code:%2 The table could not be found. EventTracker will automatically retry to generate this report.
2037	Detected out of ordinary activity: Event ID: %1 Number of activities in 24 hours: %2 Normal average: %3 Variation in%: %4
2038	Detected out of ordinary activity: Event ID: %1 Number of activities in 24 hours: %2 Normal average: %3 Variation in%: %4
2039	Successfully purged the old data. Purge Frequency in days: %1 Purged the data till: %2
2040	New activity found: Event ID: %1 System: %2 Time:%3
2041	This Event is logged when report breaking starts due to large data. Description : Queue Id: %1 Reort Title: Logs-Detail Original Queue Type: Queued/Schedule Original Start Time: %2 Original End Time: %3 Truncate End Time: %4
2042	Agent Configuration update attempted on %1 User: Domain/Username Status: Failed/Success Reason: Descriptive msg for failure with error codes etc (applicable only for failures)
2043	No events received from %1 in last 24 hours
2044	SNMP Get failed for the server %1
2044	SNMP Get Succeeded for the server <IP Address>
2045	Vulnerability parser source: QualysParser.exe Found host name=%1,IPAddress=%2, FQDN=%4, NetBIOS Name=, DNS name=, Vulnerability value=%5 and StartTime=%6
2046	Agent DLA file receive attempt Agent: %1 File: %2 Status: %3
2047	Configuration Assessment (SCAP) attempt Agent: %1 (In case of failure in forming the input file, all machine names will come here) BenchmarkTitle: %2 Status: Success/Failed Reason: Descriptive message for failure with error codes etc
2048	Direct log archiver (success/failed) purged the following log files: Folder Name: %1 Files: <list of files > Configured days: %3
2049	Failed to import the SCAP content from . User: %1 ERROR – description of error
2050	EventTracker patch applied
2050	EventTracker patch applied
2051	Failed to commit CAB file on EventVault. File Name: %1 Storage Path: %2 Error Code: %3 Description: %4
2052	Generated by receiver when alert suppression occurs
2053	scheduled Discovery Invoked.
2054	Scheduled Discovery Completed.
2055	Used for correlator script.
2056	Generated with EventTracker backup status
2057	Generated with EventTracker restore status
2060	Script file execution failed.
2059	Usage data submission requested.
2061	Scheduled report generated successfully
2062	Behavior lagging
2063	Agent Heath check
2064	License about to expire.
2065	EventTracker detected 212 non reporting systems with High asset value. 1) POPEYE (2015-12-09 16:40:29) 2) CASPER (2015-12-09 16:40:29)
2066	Collection Point Success: Successfully uploaded reports package to Collection Master. Collection Master: <Collection Master> Package Name: <Package Name> Reason: Success Report Details: Title: <Title> Type: Detail File Name: <File Name> Generated On: 2016-04-20 20:31:06 Size (KB): 38189 Status: Success
2066	Failed to upload reports package to Collection Master. Collection Master: <Collection Master IP Address> Package Name: <Package Name> Reason: Unable to create report files packet. Report Details: Title: <Title> Type: Detail File Name: <File Name> Generated On: 2016-04-20 20:31:06 Size (KB): 48 Status: Failed
2067	Collection Master Success: Successfully received reports package from Collection Point. Collection Point: <Collection Point> Package Name: lt;Package Name> Reason: Success Report files in package: All error events _CP-CM^679^1461054600.pdf Logs - Summary_CP_CM^688^1461054600.pdf Logs - Detail_xlxs^697^1461054600.xlsx Security Logon failure events^665^1461054600.pdf Disk Space Status^667^1461058200.pdf
2067	Failed to receive reports package from Collection Point. Collection Point: <Collection Point> Package Name: lt;Package Name> Reason: Unable to create database
2068	Unknown MD5 hash detected based on change audit event
2069	Unsafe MD5 hash detected based on change audit event.
2070	An unexecuted unsafe MD5 hash has been detected. Hash: <Hash> System: <System> Time: 2017-01-11 14:54:37 User: lt;User> Image File Name: lt;Image File Name> Source Event: Id: 3400 Source: EventTracker Description: File Added: <File Path> Curr Snapshot Time: 3/15/2017 10:04:31 AM Curr Size: 3253392 (Bytes) Curr Creation Time: 3/14/2017 8:04:00 PM Curr File Version: <Curr File Version> Curr Checksum (SHA1): <Curr Checksum (SHA1)> Curr Checksum (MD5): <Curr Checksum (MD5)> Curr Description: <Curr Description> Curr Product Name: <Curr Product Name> Curr Product Version: <Curr Product Version> Curr Signer: <Curr Signer> Curr Counter Signer: <Curr Counter Signer> Curr Signed On: 1/24/2017 3:20:03 AM Prev Snapshot Time: 3/14/2017 5:54:51 PM Change Type: Unauthorized
2071	An UnExecuted unknown MD5 hash has been detected. Hash: <Hash> System: <System> Time: 2017-03-14 17:02:31 User: <User> Image File Name: <Image File Name> File Name: <File Name> File Version: <File Version> File Description: <File Description> File Size: <File Size> Last Modified Time: 2017-03-14T11:32:30Z Product Name: <Product Name> Product Version: <Product Version> Signer: <Signer> Counter Signer: <Counter Signer> Counter Signed On: 9/2/2016 3:16:20 PM
2074	A new process is found by EventTracker EDR. New activity found: Hash: <Hash> Rule Name: EventTracker_EDR_Found_New_Hash System: <System> Time: 2019-02-08 02:46:40 Source Event: Id: 3517 Source: EventTracker Description: Image loaded by a process. Process Name: <Process Name> Process Image File Name: <Process Image File Name> Account Name: <Account Name> Account Domain: <Account Domain> Process ID: <rocess ID> System Name: <System Name> Image Name: <Image Name> Image File Name: <Image File Name> File Version: <File Version> File Description: <File Description> Product Name: <Product Name> Product Version: <Product Version> File Size: <File Size> Last Modified Time: 2018-03-22T13:01:02Z Signed: Yes Signer: <Signer> Signed On: 0000-00-00T00:00:00Z Counter Signed: No Counter Signer: Hash (MD5): <Hash> Status: SAFE Status Reference: VirusTotal Virustotal Link: Not Available
2075	A new process is found by EventTracker EDR. New activity found: Hash: <Hash> Rule Name: EventTracker_EDR_Found_New_Hash System: <System> Time: 2019-02-08 02:46:40 Source Event: Id: 3517 Source: EventTracker Description: Image loaded by a process. Process Name: <Process Name> Process Image File Name: <Process Image File Name> Account Name: <Account Name> Account Domain: <Account Domain> Process ID: <Process ID> System Name: <System Name> Image Name: <Image Name> Image File Name: <Image File Name> File Version: <File Version> File Description: <File Description> Product Name: <Product Name> Product Version: <Product Version> File Size: <File Size> Last Modified Time: 2018-03-22T13:01:02Z Signed: Yes Signer: <Signer> Signed On: 0000-00-00T00:00:00Z Counter Signed: No Counter Signer: Hash (MD5): <Hash> Status: UNKNOWN Status Reference: VirusTotal Virustotal Link: Not Available
2076	A new process, which is not available in safe list, has been terminated by EventTracker. Hash (MD5): <Hash> Process Name: <Process Name> Image File Name: <Image File Name> Account Name: <Account Name> Account Domain: <Account Domain> Process ID: <rocess ID> Creator Process ID: <Creator Process ID> Creator Process Name: <Creator Process Name> Creator Image File Name: <Creator Image File Name> System Name: <System Name> FFile Version: <File Version> File Description: Run-Time ID: 48 Product Name: <Product Name> Product Version: <Product Version> Signed: No Signer: N/A Signed On: N/A Counter Signed: No Counter Signer: N/A Counter Signed On: N/A Session ID: 5 Process Command Line: <Process Command Line> Status: SAFE/UNSAFE/UNKNOWN Status Reference: VirusTotal/NSRL/NA Virustotal Link:
2077	No alert received from system systemname in last 7 Days. System Details: System Name: <System Name> IP Address: <IP Address> Asset Value: Low System Type: <System Type> Syslog Relay: <Syslog Relay> Agent Type:<Agent Type> Port: <Port> Group(s): Default, <Group> Last event received time: 2019-04-05 13:31:45
2078	No alert received from group domainname in last 7 Days.
2080	Description: { Hash status check against VirusTotal failed. Hash: <Hash> File Name: <File Name> Error: You don't have access to the service. Make sure your API key is working correctly }
2100	A category group was created in the EventTracker application User Information Account Name : <read from session> Account Domain: <Current Domain> Network Information Client Address: <IP Address> Client Browser :< browser from which app is run> Configuration Information Name : <Value> Parent: <Value>
2101	A category group was modified in the EventTracker application User Information Account Name : <read from session> Account Domain: <Current Domain> Network Information Client Address: <IP Address> Client Browser :<browser from which app is run> Configuration Information Old value Name : <Value> New value Name : <Value>
2102	A category group was deleted in the EventTracker application User Information Account Name : <read from session> Account Domain: <Current Domain> Network Information Client Address: <IP Address> Client Browser :< browser from which app is run> Configuration Information Name : <Value>
2103	A category group was moved in the EventTracker application User Information Account Name : <read from session> Account Domain: <Current Domain> Network Information Client Address: <IP Address> Client Browser :< browser from which app is run> Configuration Information Name : <Value> Old value Parent: <Value> New value Parent : <Value>
2104	A category was created in the EventTracker application User Information Account Name : <read from session> Account Domain: <Current Domain> Network Information Client Address: <IP Address> Client Browser :< browser from which app is run> Configuration Information Name : <Value> Parent: <Value> Description: <Value> Event Details: Rule <1> <event information here. >
2105	A category was modified in the EventTracker application User Information Account Name : <read from session> Account Domain: <Current Domain> Network Information Client Address: <IP Address> Client Browser :< browser from which app is run> Configuration Information Name : <Value> Parent: <Value> Old value Description: <Value> Event Details: Rule <1> <event information here.> New value Description: <Value> Event Details: Rule <1> <event information here. >
2106	A category was deleted in the EventTracker application User Information Account Name : <read from session> Account Domain: <Current Domain> Network Information Client Address: <IP Address> Client Browser :< browser from which app is run> Configuration Information Name : <Value>
2111	A behavior rule was added in the EventTracker application User Information: Account Name: <Value> Account Domain: <Value> Network Information: Client Address: <Value> Client Browser Version: <Value> Configuration Information: Rule Name: <Rule Name> Show For:<Value> Breakup Column Name: <Value> Breakup Display Name: <Value> Breakup Seperator: <Value> Breakup Terminator: <Value> Process Rule <Rule Number> Process Column Name: <Value> Process Display Name:<Value> Seperator: <Value> Terminator: <Value> Event Rule <Rule Number> Log Type: <Value> Event Type: <Value> Category: <Value> Event ID:<Value> Source: <Value> User: <Value> Description: <Value> Description Exception:<Value>
2112	A BehaviorRule was InActivated in the EventTracker application User Information: Account Name: <Value> Account Domain: <Value> Network Information: Client Address: <Value> Client Browser Version: <Value> Configuration Information: Old value Rule Name: <Value> Active: <Value> New value Rule Name: <Value> Active: <Value>
2113	Modified the behavior settings configuration information in the EventTracker application User Information: Account Name: <Value> Account Domain: <Value> Network Information: Client Address: <Value> Client Browser Version: <Value> Configuration Information: Old value User Event Threshold : <Value> Purge user data older than : <Value> Behaviour Event Threshold : <Value> Behaviour Correlation Threshold : <Value> Behaviour Learning Period Value : <Value> Top activities displayed : <Value> Enterprise activity interval : <Value> DNS Url : <Value> ProcessLib : <Value> Monitor enterprise activity : Yes/No Select Purge user data older than : <Value> User Behaviour Correlation Monitoring : Yes/No Behaviour Learning Period : <Value> Select DNS : <Value> Select Process : <Value> New value User Event Threshold : <Value> Purge user data older than : <Value> Behaviour Event Threshold : <Value> Behaviour Correlation Threshold : <Value> Behaviour Learning Period Value : <Value> Top activities displayed : <Value> Enterprise activity interval : <Value> DNS Url : <Value> ProcessLib : <Value> Monitor enterprise activity : Yes/No Select Purge user data older than : <Value> User Behaviour Correlation Monitoring : Yes/No Behaviour Learning Period : <Value> Select DNS : <Value> Select Process : <Value>
2114	IP lookup reputation website added. User Information: Account Name: <Value> Account Domain: <Value> Network Information: Client Address: <Value> Client Browser Version: <Value> Configuration Information: Display Name:<Value> Url:<Value>
2115	IP lookup reputation website updated. User Information: Account Name: <Value> Account Domain: <Value> Network Information: Client Address: <Value> Client Browser Version: <Value> Configuration Information: Display Name:<Value> Url:<Value>
2116	IP lookup reputation website deleted. User Information: Account Name: <Value> Account Domain: <Value> Network Information: Client Address: <Value> Client Browser Version: <Value> Configuration Information: Display Name:<Value> Url:<Value>
2117	IP lookup reputation website Deactivated. User Information: Account Name: <Value> Account Domain: <Value> Network Information: Client Address: <Value> Client Browser Version: <Value> Configuration Information: Display Name: <Value> Url: <Value>
2118	A behavior rule was deleted in the EventTracker application User Information: Account Name: <Value> Account Domain: <Value> Network Information: Client Address: <Value> Client Browser Version: <Value> Configuration Information: Rule Name: <Value>
2119	Existing baseline of behavior learning reset User Information: Account Name: <Value> Account Domain: <Value> Network Information: Client Address: <Value> Client Browser Version: <Value> Configuration Information: Behaviour baseline: Reset
2121	Weightage was added for a <category/Event Type/Log Type/Keyword/Event ID/Event Source/User> in EventTracker application User Information: Account Name: <Value> Account Domain: <Value>Network Information: Client Address: <Value> Client Browser Version: <Value>Configuration Information Name : <Value> Weightage: <Value>
2122	Weightage was modified for a <category/Event Type/Log Type/Keyword/Event ID/Event Source/User> in EventTracker application User Information: Account Name: <Value> Account Domain: <Value> Network Information: Client Address: <Value> Client Browser Version: <Value> Configuration Information Old Value Name : <Value> Weightage: <Value> New Value Name : <Value> Weightage:<Value>
2123	Weightage was deleted for a <Keyword/Event ID/Event Source/User> in EventTracker application User Information: Account Name: <Value> Account Domain: <Value> Network Information: Client Address: <Value> Client Browser Version: <Value> Configuration Information Name : <Value> Weightage: <Value>
2131	Modified the EventVault configuration information in the EventTracker application User Information: Account Name: <Value> Account Domain: <Value> Network Information: Client Address: <Value> Client Browser Version: <Value> Configuration Information: Old value ArchiveFrequency: <Value> ArchivePath: <Value> ArchivePurgeFrequency: <Value> New value ArchiveFrequency: <Value> ArchivePath: <Value> ArchivePurgeFrequency: <Value>
2136	A eventvault explorer configuration was modified in the EventTracker application User Information: Account Name: <Value> Account Domain: <Value> Network Information: Client Address: <Value> Client Browser Version: <Value> Configuration Information: Old configuration: SQL Server Enterprise: <Value> Max history count: <Value> New configuration: SQL Server Enterprise: <Value> Max history count: <Value>
2137	Persisted data was purged from EventTracker. User Information: Account Name: <Value> Account Domain: <Value> Network Information: Client Address: <Value> Client Browser Version: <Value> Configuration Information: Report name: <Value> Purge From Datetime: <Value> Purge To Datetime: <Value>
2141	A Collection Master was added in the EventTracker application User Information: Account Name: <Value> Account Domain: <Value> Network Information: Client Address: <Value> Client Browser Version: <Value> Configuration Information: New value Destination Name:<Value> PortNo:<Value> Description: Active: <Value> QueueCabs: <Value> Encrypt Data: <Value>
2142	A Collection Master was modified in the EventTracker application User Information: Account Name: <Value> Account Domain: <Value> Network Information: Client Address: <Value> Client Browser Version: <Value> Configuration Information: Old value: Destination Name: <Value> PortNo: <Value> Description:: Active: <Value> Encrypt Data: <Value> New value Destination Name:<Value> PortNo:<Value> Description: Active: <Value> QueueCabs: <Value> Encrypt Data: <Value>
2143	A Collection Master was deleted in the EventTracker application User Information: Account Name: <Value> Account Domain: <Value> Network Information: Client Address: <Value> Client Browser Version: <Value> Configuration Information: Collection Master:<Value>
2147	Collection Point deleted successfully. User Information: Account Name: <Value> Account Domain: <Value> Network Information: Client Address: <Value> Client Browser Version: <Value> Configuration Information: Collection Point Name: <Value> Collection Point Display Name: <Value>
2148	A Collection Master CAB was deleted in the EventTracker application User Information: Account Name: <Value> Account Domain: <Value> Network Information: Client Address: <Value> Client Browser Version: <Value> Configuration Information: Cab Name:<Value>
2149	A collection point configured for elasticsearch Site name: <Site name> Status: Connected/Not-connected Added by: <Account Name>
2150	A collection point removed from elasticsearch Site name: <Site name> Removed by: <Account Name>
2151	A Behavior filter list was added in the EventTracker application User Information: Account Name: <Value> Account Domain: <Value> Network Information: Client Address: <Value> Client Browser Version: <Value> Configuration Information: New value Behavior Type:<Value> Behavior Filter:<Value>
2152	A Behavior filter list was modified in the EventTracker application User Information: Account Name: <Value> Account Domain: <Value> Network Information: Client Address: <Value> Client Browser Version: <Value> Configuration Information: Old value Behavior Type:<Value> Behavior Filter:<Value> New value Behavior Type:<Value> Behavior Filter:<Value>
2153	A Behavior filter list was deleted in the EventTracker application User Information: Account Name: <Value> Account Domain: <Value> Network Information: Client Address: <Value> Client Browser Version: <Value> Configuration Information: Behavior Type:<Value> Behavior filter:<Value>
2161	A new entry has been added in Dla configuration by the EventTracker application. User Information: Account Name: <Value> Account Domain: <Value> Network Information: Client Address: <Value> Client Browser Version: <Value> Configuration Information: Configuration name: <Value> Field seperator: <Value> Logfile extension: <Value> Logfile folder: <Value> Log type: <Value>
2162	An entry has been modified in Dla configuration by the EventTracker application. User Information: Account Name: <Value> Account Domain: <Value> Network Information: Client Address: <Value> Client Browser Version: <Value> Configuration Information: Configuration name Old value: <Value> New value: <Value>
2163	Dla entry(s) has been deleted in Manager configuration by EventTracker application. User Information: Account Name: <Value> Account Domain: <Value> Network Information: Client Address: <Value> Client Browser Version: <Value> Configuration Information: Configuration name: <Value> Field seperator: <Value> Logfile extension: <Value> Logfile folder: <Value> Log type: <Value>
2164	Port information was added in Netflow Receiver by EventTracker application. User Information: Account Name: <Value> Account Domain: <Value> Network Information: Client Address: <Value> Client Browser Version: <Value> Configuration Information: Port number: <Value> Drop rate: <Value> Decode packet: <Value> Record binary: <Value>
2165	Port information was modified in Netflow Receiver by EventTracker application. User Information: Account Name: <Value> Account Domain: <Value> Network Information: Client Address: <Value> Client Browser Version: <Value> Configuration Information: Old Value Port number: <Value> Drop rate: <Value> Decode packet: <Value> Record binary: <Value> New Value Port number: <Value> Drop rate: <Value> Decode packet: <Value> Record binary: <Value>
2166	Port was deleted from Netflow Receiver in EventTracker application. User Information: Account Name: <Value> Account Domain: <Value> Network Information: Client Address: <Value> Client Browser Version: <Value> Configuration Information: Deleted Port details Port number: <Value> Drop Rate: <Value> Decode Packet: <Value> Record Binary: <Value>
2167	Syslog port has been added in EventTracker application User Information: Account Name: <Value> Account Domain: <Value> Network Information: Client Address: <Value> Client Browser Version: <Value> Configuration Information: A new syslog port is added Receiver port number: <Value> Description: <Value> Cache path: <Value> Override archive purge frequency: <Value>
2168	Syslog port has been modified in EventTracker application User Information: Account Name: <Value> Account Domain: <Value> Network Information: Client Address: <Value> Client Browser Version: <Value> Configuration Information: Old value Receiver port number: <Value> Description: <Value> Cache path: <Value> Override archive purge frequency: <Value> New value Receiver port number: <Value> Description: <Value> Cache path: <Value> Override archive purge frequency: <Value> Archive purge frequency: <Value>
2169	Syslog port has been deleted in EventTracker application User Information: Account Name: <Value> Account Domain: <Value> Network Information: Client Address: <Value> Client Browser Version: <Value> Configuration Information: Deleted syslog port details Receiver port number: <Value> Description: <Value> Cache path: <Value> Override archive purge frequency: <Value> Archive purge frequency: <Value>
2170	VCP port has been added in EventTracker application User Information: Account Name: <Value> Account Domain: <Value> Network Information: Client Address: <Value> Client Browser Version: <Value> Configuration Information: A new VCP port is added Port number: <Value> Description: <Value> Cache path: <Value> Override archive purge frequency: <Value> Archive purge frequency: <Value>
2171	VCP port has been added in EventTracker application User Information: Account Name: <Value> Account Domain: <Value> Network Information: Client Address: <Value> Client Browser Version: <Value> Configuration Information: A new VCP port is added Port number: <Value> Description: <Value> Cache path: <Value> Override archive purge frequency: <Value> Archive purge frequency: <Value>
2172	VCP port has been deleted in EventTracker application User Information: Account Name: <Value> Account Domain: <Value> Network Information: Client Address: <Value> Client Browser Version: <Value> Configuration Information: Deleted VCP port details Port number: <Value> Description: <Value> Cache path: <Value> Override archive purge frequency: <Value> Archive purge frequency: <Value>
2173	Manager configuration information has been modified in EventTracker application. User Information: Account Name: <Value> Account Domain: <Value> Network Information: Client Address: <Value> Client Browser Version: <Value> Configuration Information: Netflow receiver Old value: <Value> New value: <Value>
2174	Email configuration has been modified in EventTracker application User Information: Account Name: <Value> Account Domain: <Value> Network Information: Client Address: <Value> Client Browser Version: <Value> Configuration Information: SMTP Server Old value: <Value> New value: <Value>
2181	Report settings have been modified in EventTracker application. User Information: Account Name: <Value> Account Domain: <Value> Network Information: Client Address: <Value> Client Browser Version: <Value> Configuration Information: Report header Old value: <Value> New value: <Value>
2191	A system group was added in the EventTracker application User Information: Account Name: <Value> Account Domain: <Value> Network Information: Client Address: <Value> Client Browser Version: <Value> Configuration Information Name : <Value> Description: <Value> Group with Systems based on <System Type:/IP Subnet:/Selected Systems:> <values here>
2192	A system group was deleted in the EventTracker application User Information: Account Name: <Value> Account Domain: <Value> Network Information: Client Address: <Value> Client Browser Version: <Value> Configuration Information Name : <Value>
2193	A system group was modified in the EventTracker application User Information: Account Name: <Value> Account Domain: <Value> Network Information: Client Address: <Value> Client Browser Version: <Value> Configuration Information Name : <Value> Old value Description: <Value> Systems: <Value> New value Description: <Value> Systems: <Value>
2194	A system was assigned an asset value in the EventTracker application User Information: Account Name: <Value> Account Domain: <Value> Network Information: Client Address: <Value> Client Browser Version: <Value> Configuration Information Name : <Value> Old value Asset value: <Value> New value Asset value: <Value>
2196	A system was deleted in the EventTracker application User Information: Account Name: <Value> Account Domain: <Value> Network Information: Client Address: <Value> Client Browser Version: <Value> Configuration Information Name : <Value>
2197	A system’s agent components were removed in the EventTracker application User Information: Account Name: <Value> Account Domain: <Value> Network Information: Client Address: <Value> Client Browser Version: <Value> Configuration Information Name : <Value>
2198	Systems were moved in the EventTracker application User Information: Account Name: <Value> Account Domain: <Value> Network Information: Client Address: <Client Address> Client Address (IPv6): <Client Address (IPv6)> Client Browser Version: InternetExplorer v 11.0 Configuration Information: Systems: <Systems> Old value: Group: Default New value: Group: <Group Name>
2221	A generated Config Assessment policy was deleted in the EventTracker application User Information: Account Name: <Value> Account Domain: <Value> Network Information: Client Address: <Client Address> Client Browser Version: Chrome v 430 Configuration Information: Name: MS-SCM win 8 Domain
2231	A scheduled Change Audit policy was added in the EventTracker application User Information: Account Name: <Value> Account Domain: <Value> Network Information: Client Address: <Client Address> Client Browser Version: Chrome v 430 Configuration Information: Title: <Title> Policy Name: <Policy Name> Systems: <Systems> Start from: 7/22/2015 2:51:22 AM Frequency: Daily
2232	A scheduled Change Audit policy was modified in the EventTracker application User Information: Account Name: <Value> Account Domain: <Value> Network Information: Client Address: <Client Address> Client Browser Version: Chrome v 430 Configuration Information: Old value Title: <Title> Policy Name: <Policy Name> Systems: <Systems> Start from: 7/22/2015 2:51:22 AM Frequency: Daily New value Title: <Title> Policy Name: <Policy Name> Systems: <Systems> Start from: 7/22/2015 2:51:22 AM Frequency: Daily
2233	A scheduled Change Audit policy was deleted in the EventTracker application User Information: Account Name: <Value> Account Domain: <Value> Network Information: Client Address: <Client Address> Client Browser Version: Chrome v 430 Configuration Information: Name: SampleCriticPol
2209	An incident was acknowledged in the EventTracker application User Information: Account Name: <Value> Account Domain: <Value> Network Information: Client Address: <Value> Client Browser Version: <Value> Configuration Information Incident Name: <Value> Event ID:<Value> Event Time:<Value> Event Source:<Value> Log Type:<Value> Event Type: <Value> User:<Value> Description:<Value> Risk Value:<Value> Risk Description:<Value>
2210	An incident was un-acknowledged in the EventTracker application User Information: Account Name: <Value> Account Domain: <Value> Network Information: Client Address: <Value> Client Browser Version: <Value> Configuration Information Incident Name: <Value> Event ID:<Value> Event Time:<Value> Event Source:<Value> Log Type:<Value> Event Type: <Value> User:<Value> Description:<Value> Risk Value:<Value> Risk Description:<Value>
2211	An Alert was added in the EventTracker application User Information: Account Name: <Value> Account Domain: <Value>Network Information: Client Address: <Value> Client Browser Version: <Value>Configuration Information Name : <Value> Thread level: <Value> Threshold level: <Value> Status: <Active/Inactive>Event Details: Rule <Number> <event information here. Repeat for as many entered.>Event Filters: Rule <Number> <event information here. Repeat for as many entered.>Custom Details: <custom information here>Groups/Systems: <Groups/systems selected here> Actions: E-mail <details here> RSS: <details here> Beep: <details here> Net Message: <details here> SNMP: <details here> Syslog: <details here> Agent Remedial Action: <details here> Console Remedial Action: <details here>
2212	An alert was deleted in the EventTracker application User Information: Account Name: <Value> Account Domain: <Value> Network Information: Client Address: <Value> Client Browser Version: <Value> Configuration Information Name : <Value>
2213	An alert was <Activated/Inactivated> in the EventTracker application User Information: Account Name: <Value> Account Domain: <Value> Network Information: Client Address: <Value> Client Browser Version: <Value> Configuration Information Name : <Value> Status: Active/Inactive
2214	An action was modified for an alert in the EventTracker application User Information: Account Name: <Value> Account Domain: <Value> Network Information: Client Address: <Value> Client Browser Version: <Value> Configuration Information Name : <Value> Old Value Actions: <E-mail:/RSS:/Beep:Net Message:/SNMP:/Syslog:/Agent Remedial Action:/Console Remedial Action:> <details here> New value <E-mail:/RSS:/Beep:Net Message:/SNMP:/Syslog:/Agent Remedial Action:/Console Remedial Action:> <details here>
2215	An alert was <Activated/Inactivated> in the EventTracker application An Alert was modified in the EventTracker application User Information: Account Name: <Value> Account Domain: <Value> Network Information: Client Address: <Value> Client Browser Version: <Value> Configuration Information Old Value Name : <Value> Thread level: <Value> Threshold level: <Value> Status: <Active/Inactive> Event Details: Rule <Number> <event information here. Repeat for as many entered.> Event Filters: Rule <Number> <event information here. Repeat for as many entered.> Custom Details: <custom information here> Groups/Systems: <Groups/systems selected here> Actions: E-mail <details here> RSS: <details here> Beep: <details here> Net Message: <details here> SNMP: <details here> Syslog: <details here> Agent Remedial Action: <details here> Console Remedial Action: <details here> New value Name : <Value> Thread level: <Value> Threshold level: <Value> Status: <Active/Inactive> Event Details: Rule <Number> <event information here. Repeat for as many entered.> Event Filters: Rule <Number> <event information here. Repeat for as many entered.> Custom Details: <custom information here> Groups/Systems: <Groups/systems selected here> Actions: E-mail <details here> RSS: <details here> Beep: <details here> Net Message: <details here> SNMP: <details here> Syslog: <details here> Agent Remedial Action: <details here> Console Remedial Action: <details here></td> </tr>
2222	A deviation was added for a benchmark rule in the EventTracker application User Information: Account Name: <Value> Account Domain: <Value> Network Information: Client Address: <Client Address> Client Browser Version: Chrome v 430 Configuration Information: Title: <Title> Benchmark Name: <Benchmark Name> Deviation Rationale: deviation added Plan of Action and Milestones (POAM) Planned: False Deviation for this valuation only: True
2224	A deviation declared for a benchmark rule was deleted in the EventTracker application User Information: Account Name: <Value> Account Domain: <Value> Network Information: Client Address: <Client Address> Client Browser Version: Chrome v 430 Configuration Information: Title: <Title> Benchmark Name: <Benchmark Name>
2225	A deviation was modified for a benchmark rule in the EventTracker application User Information: Account Name: <Value> Account Domain: <Value> Network Information: Client Address: <Client Address> Client Browser Version: Chrome v 430 Configuration Information: Title: <Title> Benchmark Name: <Benchmark Name> Old value Deviation Rationale: deviation added Plan of Action and Milestones (POAM) Planned: False Deviation for this valuation only: True New value Deviation Rationale: deviation added. Edited to add new info Plan of Action and Milestones (POAM) Planned: False Deviation for this valuation only: True
2226	A deviation declared for a benchmark rule was deleted in the EventTracker application User Information: Account Name: <Value> Account Domain: <Value> Network Information: Client Address: <Client Address> Client Browser Version: Chrome v 430 Configuration Information: Title: <Title> Benchmark Name: <Benchmark Name>
2245	An Event Filter was added in the EventTracker application User Information: Account Name: <Value> Account Domain: <Value> Network Information: Client Address: <Client Address> Client Browser Version: Chrome v 430 Configuration Information: Name : <Value> Description: <Value> Status: <Status> Filter Details: Rule <1> Filter Exceptions: Rule <1> Groups/Systems:
2246	An Event Filter was modified in the EventTracker application User Information: Account Name: <Value> Account Domain: <Value> Network Information: Client Address: <Client Address> Client Browser Version: Chrome v 430 Configuration Information: Old value Name : <Value> Description: <Value> Status: <Active/Inactive> Filter Details: Rule <1> Filter Exceptions: Rule <1> Groups/Systems: New value Name : <Value> Description: <Value> Status: <Active/Inactive> Filter Details: Rule <1> Filter Exceptions: Rule <1> Groups/Systems:
2247	An Event Filter was deleted in the EventTracker application User Information: Account Name: <Value> Account Domain: <Value> Network Information: Client Address: <Client Address> Client Browser Version: Chrome v 430 Configuration Information: Name : <Value> Status: <Active/Inactive>
2248	An Event Filter was in the EventTracker application User Information: Account Name: <Value> Account Domain: <Value> Network Information: Client Address: <Client Address> Client Browser Version: Chrome v 430 Configuration Information: Name : <Value> Status: <Active/Inactive>
2257	Resource status changed. Resource Type: System Resource: <Resource Name> Status: Down
2290	Patterns was added in the EventTracker application User Information: Account Name: <Value> Account Domain: <Value> Network Information: Client Address: <Client Address> Client Browser Version: Chrome v 430 Number of patterns: <Client Address> Class name: <IP Address> Group name: <Group name> File type:<File type> File name: <File name> Separator: \n Terminator: \n Data index: 0 Description index: 0 Skip Header Rows: 0 Added by: <Account Name>
2291	Entity was updated in the EventTracker application User Information: Account Name: <Value> Account Domain: <Value> Network Information: Client Address: <Client Address> Client Browser Version: IE v 90 Configuration Information: Entity pattern : <processnames.exe> Class name : <Processes> Updated by : <Account Name>
2292	Entitiy was deleted from EventTracker application User Information: Account Name: <Value> Account Domain: <Value> Network Information: Client Address: <Client Address> Client Browser Version: IE v 90 Configuration Information: Entities : 1 Updated by : <Account Name>
2293	Class was added in the EventTracker application User Information: Account Name: <Value> Account Domain: <Value> Network Information: Client Address: <Client Address> Client Browser Version: Chrome v 430 Configuration Information: Class name: <HashValues> Selected rules: <Unique process hash,> Validation type: String
2294	Class was updated in the EventTracker application User Information: Account Name: <Value> Account Domain: <Value> Network Information: Client Address: <Client Address> Client Browser Version: Chrome v 430 Configuration Information: Old values: Class name: <HashValues> Selected rules: <Unique process hash,> Validation type: String New values: Class name: <HashValues> Selected rules: <Unique process hash,> Validation type: String
2295	Class was deleted from EventTracker application User Information: Account Name: <Value> Account Domain: <Value> Network Information: Client Address: <Client Address> Client Browser Version: Chrome v 430 Configuration Information: Class name: <HashValues>
3000	Logbook configuration modified User Information: Account Name: <Value> Account Domain: <Value> Network Information: Client Address: <Client Address> Client Browser Version: Chrome v 430 Configuration Information: Column name: <Column name> Display name: <Display name>
3001	Logbook entry added. User Information: Account Name: <Value> Account Domain: <Value> Network Information: Client Address: <Client Address> Client Browser Version: Chrome v 430 Configuration Information: Logbook Number: <Logbook Number> Logbook Title: <Logbook Title> Reason: verify Tag Criticality: 1 Added By:<Account Name> Added On: 7/23/2015 5:22:44 AM
3002	Logbook entry edited. User Information: Account Name: <Value> Account Domain: <Value> Network Information: Client Address: <Client Address> Client Browser Version: Chrome v 430 Configuration Information: Logbook Number: <Logbook Number> Logbook Title: <Logbook Title> Reason: verify Tag Criticality: 3 Added By: <Account Name> Added On: 7/23/2015 5:25:19 AM
3003	Logbook activity added. User Information: Account Name: <Value> Account Domain: <Value> Network Information: Client Address: <Client Address> Client Browser Version: Chrome v 430 Configuration Information: Logbook Number: <Logbook Number> Logbook Title: <Logbook Title> Activity Added By Activity Added On: 7/23/2015 5:27:54 AM
3004	Logbook activity added. User Information: Account Name: <Value> Account Domain: <Value> Network Information: Client Address: <Client Address> Client Browser Version: Chrome v 430 Configuration Information: Logbook Number: <Logbook Number> Logbook Title: <Logbook Title> Activity Added By Activity Added On: 7/23/2015 5:27:54 AM
3005	Logbook attachment added. User Information: Account Name: <Value> Account Domain: <Value> Network Information: Client Address: <Client Address> Client Browser Version: Chrome v 430 Configuration Information: Logbook Number: <Logbook Number> Logbook Title: <Logbook Title> Filename: <Filename>
3006	Logbook attachment deleted. User Information: Account Name: <Value> Account Domain: <Value> Network Information: Client Address: <Client Address> Client Browser Version: Chrome v 430 Configuration Information: Logbook Number: <Logbook Number> Logbook Title: <Logbook Title>
3007	Logbook reference added. User Information: Account Name: <Value> Account Domain: <Value> Network Information: Client Address: <Client Address> Client Browser Version: Chrome v 430 Configuration Information: Logbook Number: <Logbook Number> Logbook Title: <Logbook Title>
3008	Logbook reference deleted. User Information: Account Name: <Value> Account Domain: <Value> Network Information: Client Address: <Client Address> Client Browser Version: Chrome v 430 Configuration Information: Logbook Number: <Logbook Number> Logbook Title: <Logbook Title>
3009	Logbook referenced attachment deleted. User Information: Account Name: <Value> Account Domain: <Value> Network Information: Client Address: <Client Address> Client Browser Version: Chrome v 430 Configuration Information: Logbook Number: <Logbook Number> Logbook Title: <Logbook Title>
3010	Logbook investigation Completed. User Information: Account Name: <Value> Account Domain: <Value> Network Information: Client Address: <Client Address> Client Browser Version: Chrome v 430 Configuration Information: Logbook Number: <Logbook Number> Logbook Title: <Logbook Title> Reason: verify
3011	Logbook reopened. User Information: Account Name: <Value> Account Domain: <Value> Network Information: Client Address: <Client Address> Client Browser Version: Chrome v 430 Configuration Information: Logbook Number: <Logbook Number> Logbook Title: <Logbook Title> Reason: verify
3012	Logbook email sent. User Information: Account Name: <Value> Account Domain: <Value> Configuration Information: Logbook Number: <Logbook Number> Logbook Title: <Logbook Title> Email Address: <Email Address>
3021	Knowledge object added. User Information: Account Name: <Value> Account Domain: <Value> Network Information: Client Address: <Client Address> Client Browser Version: InternetExplorer v 110 Configuration Information: Object name: <Object name> Applies to: eventtracker 7.6 Description: <Description> Enabled: True
3022	Knowledge object modified. User Information: Account Name: <Value> Account Domain: <Value> Network Information: Client Address: <Client Address> Client Browser Version: InternetExplorer v 110 Configuration Information: Object name: <Object name> Applies to: eventtracker 7.6 Description: <Description> Enabled: True
3023	Knowledge object deleted. User Information: Account Name: <Value> Account Domain: <Value> Network Information: Client Address: <Client Address> Client Browser Version: InternetExplorer v 110 Configuration Information: Object name: <Object name>
3030	EventTracker Agent Configuration template is modified. Template Name: <Template Name> Agent Version: <Agent Version> User Information: Account Name: <Value> Account Domain: <Value> Network Information: Client Address: <Client Address> Client Browser Version: Firefox v 24.0 Configuration Information: File Transfer: File transfer frequency: 11 Purge days: 3 Max retries: 5 Retry interval: 15 Generate event for each attempt: False
3060	An Unknown process filter was added in EventTracker application. User Information: Account Name: <Value> Account Domain: <Value> Network Information: Client Address: <Client Address> Client Address (IPv6): <Client Address (IPv6)> Client Browser Version: InternetExplorer v 11.0 Configuration Information: Rule Name: <Rule Name> Rule Description: <Rule Description> Group Name:<Group Name> Publisher: <Publisher> Publisher Operator: Contains Signed: Yes Product Name: <Product Name> Product Name Operator: Equals Product Version: <Product Version> Product Version Operator: Contains File Name: <File Name> File Name Operator: Regular Expression Image File Path: <Image File Path> Image File Path Operator: Equals Parent Process Name: <Parent Process Name> Parent Process Name Operator: Equals Parent Image File Path:<Parent Image File Path> Parent Image File Path Operator: Regular Expression File Version: <File Version> File Version Operator: Contains Type: Safe Active: True
3061	An Unknown process filter was modified in Event Tracker application. User Information: Account Name: <Value> Account Domain: <Value> Network Information: Client Address: <Client Address> Client Address (IPv6): <Client Address (IPv6)> Client Browser Version: InternetExplorer v 11.0 Configuration Information: Old value Rule Name: <Rule Name> Rule Description: <Rule Description> Group Name: <Group Name> Publisher: <Publisher> Publisher Operator: Equals Signed: Yes Product Name: <Product Name> Product Name Operator: Equals Product Version: <Product Version> Product Version Operator: Contains File Name: <File Name> File Name Operator: Regular Expression Image File Path: <Image File Path> Image File Path Operator: Equals Parent Process Name: <Parent Process Name> Parent Process Name Operator: Equals Parent Image File Path:<Parent Image File Path> Parent Image File Path Operator: Regular Expression File Version: <File Version> File Version Operator: Contains Type: Safe Active: True New value Rule Name: <Rule Name> Rule Description: <Rule Description> Group Name: <Group Name> Publisher: <Publisher> Publisher Operator: Equals Signed: Yes Product Name: <Product Name> Product Name Operator: Equals Product Version: <Product Version> Product Version Operator: Contains File Name: <File Name> File Name Operator: Regular Expression Image File Path: <Image File Path> Image File Path Operator: Equals Parent Process Name: <Parent Process Name> Parent Process Name Operator: Equals Parent Image File Path:<Parent Image File Path> Parent Image File Path Operator: Regular Expression File Version: <File Version> File Version Operator: Contains Type: Safe Active: False
3062	An Unknown process filter(s) was deleted in Event Tracker application. User Information: Account Name: <Value> Account Domain: <Value> Network Information: Client Address: <Client Address> Client Address (IPv6): <Client Address (IPv6)> Client Browser Version: InternetExplorer v 11.0 Configuration Information: Rule Name(s): Unknown process filter test rule for testing, Test rule1, Test rule2
3063	An Unknown process filter was activated in the Event Tracker application. User Information: Account Name: <Value> Account Domain: <Value> Network Information: Client Address: <Client Address> Client Address (IPv6): <Client Address (IPv6)> Client Browser Version: InternetExplorer v 11.0 Configuration Information: Rule Name: <Rule Name>
3064	An Unknown process filter was deactivated in the Event Tracker application. User Information: Account Name: <Value> Account Domain: <Value> Network Information: Client Address: <Client Address> Client Address (IPv6): <Client Address (IPv6)> Client Browser Version: InternetExplorer v 11.0 Configuration Information: Rule Name: <Rule Name>
3075	User e-mail id not valid for resetting password Invalid e-mail id : <E-mail Address>
3201	Detected free space in drive <drive:> is less than N percent. Disk Size: X MB, Free: Y MB
3202	Detected Service <Service Name> is not running.
3203	Detected Service <Service Name> was restarted successfully.
3204	Detected Service <Service Name> could not be restarted.
3206	Detected High Memory Usage. More than N percent in use for last X seconds. Peak Memory: Q percent. Total Physical: Y MB, Total Paging: Z MB, Avail Physical: B MB, Avail Paging: C MB.
3207	Detected High CPU Usage. More than N percent in use for last X seconds.
3208	Detected software <Some S/W> has been installed on this system.
3209	Detected software <Some S/W> has been uninstalled from this system.
3210	<Some Log> Event Log is near to its maximum log size. Take administrative actions. Maximum Log Size : X Kilobytes, Current Log Size : Y Kilobytes.
3211	<Some Log> Event Log has already reached its maximum log size. New events cannot be logged. Take administrative actions. Maximum Log Size : X Kilobytes.
3212	<Some Log> Event Log has reached its maximum size. EventTracker has backed up to <Backup File> and reset the event log.
3213	Detected disk usage for drive X: is back to below configured threshold limit. Disk Size: Y MB, Free: Z MB
3214	Detected Service <Service Name> is now running.
3215	Detected Memory usage is back to below configured threshold limit. Peak Memory: N percent. Total Physical: W MB, Total Paging: X MB, Avail Physical: Y MB, Avail Paging: Z MB.
3216	Detected CPU usage is back to below configured threshold limit. Current CPU usage is N percent.
3217	Process <Process Name> has crossed the memory usage limit of N megabytes. Actual Use: M Megabytes
3218	Process <Process Name> has crossed the CPU usage limit of X%. Actual Use: Y%
3219	The memory usage by process <Process Name> is now normal and below the usage limit of X megabytes. Actual Use: Y Megabytes
3220	The CPU usage by process <Process Name> is now normal and below the usage limit of X%. Actual Use: Y%
3221	App Open: Exe: <Exe Name> Name: <App Name> Description: <App Description> Version: <App Version> Vendor: <App Vendor> PID: <Process ID>
3222	App Close: Exe: <Exe Name> Name: <App Name> PID: <Process ID>
3223	TCP connection ESTABLISHED Type: TCP Status: New Local Address: <Local Addr> Local Port: <Local Port> Remote Address: <Remote Address> Remote Port: <Remote Port> Connection State: <State> Process Name: <Process Name>
3224	TCP connection MODIFIED Type: TCP Status: Changed Local Address: <Local Address> Local Port: <Local Port> Remote Address: <Remote Address> Remote Port: <Remote Port> New Connection States: <State> Old Connection States: <State> Process Name: <Process Name>
3225	TCP connection DISCONNECTED Type: TCP Status: Deleted Local Address: <Local Address> Local Port: <Local Port> Remote Address: <Remote Address> Remote Port: <Remote Port> Connection active time: %<N> secs Last know Connection State: <State> Process Name: <Process Name>
3226	UDP connection ESTABLISHED Type: UDP Status: New Local Address: <Local Address> Local Port: <Local Port> Process Name: <Process Name>
3227	UDP connection DISCONNECTED Type: UDP Status: Deleted Local Address: <Local Address> Local Port: <Local Port> Connection active time: %<N> secs Process Name: <Process Name>
3228	Detected new drive <H:> Volume Label: Volume Serial No: 553439901 Volume ID: \\?\Volume{a6f19931-6ce9-11dd-8f6f-0013d38afad4}\ Type: Removable File System: FAT32 Network Volume: No Description: Change affects physical device or drive.
3229	Drive <H:> removed. Network Volume: No Description: Change affects physical device or drive.
3229	Events generated by solaris agent.
3230	Descr : FILE: <File Name> \r\n TYPE: <File Type> \r\n FIELD: <Search String> \r\n ENTRY: <Record Found> \r\n
3231	The agent less client <%s> could not be accessed for the last %d poll attempts. Please take administrative action.
3232	Disk space availability Drive C:, Disk Size: 20000 MB, Free: 10980 MB, Free(in percent): 54 Drive D:, Disk Size: 76316 MB, Free: 58921 MB, Free(in percent): 77 Drive E:, Disk Size: 18161 MB, Free: 5109 MB, Free(in percent): 28 Drive G:, Disk Size: 38475 MB, Free: 3482 MB, Free(in percent): 9 Drive H:, Disk Size: 199996 MB, Free: 7782 MB, Free(in percent): 3
3233	action: monitor orig: i/f_dir: inbound i/f_name: RTL8023xp7 uuid: <00000000,00000000,00000000,00000000> product: SmartDefense __policy_id_tag: product=VPN-1 & FireWall-1[db_tag={A46E46F9-5E4A-4D14-B716-84ED6CB4D88B};mgmt=123-mar_mgmt;date=1180443405;policy_name=Standard] Attack Info: Non MD5-authenticated RIP Protocol Detected on Connection attack: RIP Enforcement Violation SmartDefense profile: Default_Protection src: 192.164.1.1 s_port: rip dst: 192.164.1.255 service: rip proto: udp
3234	Received Remedial action request for <Action Type> action.
3235	Agent <Agent System Name> : Successfully initiated <Action Type> action.
3236	Agent <Agent System Name> : Failed to initiate <Action Type> Remedial action.
3237	Agent <Agent System Name> : Remedial action is disabled at the agent side. Ignoring the request. Remedial Action: Restart Service (1) action.
3238	Matched Remedial action on Manager.
3239	USB Monitoring started for H:\ Volume Label: Volume Serial No: 553439901 Volume ID: \\?\Volume{a6f19931-6ce9-11dd-8f6f-0013d38afad4}\ Type: Removable File System: FAT32 Network Volume: No Description: Change affects physical device or drive. Console User: Active Users:
3240	USB Monitoring stopped for H:\ Volume Label: Volume Serial No: 1918040687 Volume ID: \\?\Volume{bf4b109d-44f2-11dd-b2fb-00148549755f}\ Type: Removable File System: FAT32 Network Volume: No Description: Change affects physical device or drive. Console User: Active Users: No files added or modified or deleted.
3241	EventTracker has backed up the log file :Security: because its offset has been lost. The backed up file is stored in the following directory F:\Program Files\Prism Microsystems\EventTracker\Agent\SPIDER\Eventlog_1217928508.evt for further analysis. For EventTracker to continue the main log file will be cleared.
3242	Media drive <H:> is disabled by EventTracker. Please contact your system administrator. Volume Label: Volume Serial No: 553439901 Volume ID: \\?\Volume{a6f19931-6ce9-11dd-8f6f-0013d38afad4}\ Type: Removable File System: FAT32 Network Volume: No Description: Change affects physical device or drive.
3243	Error ejecting removable device F:
3244	Direct log archiver started processing.
3245	Direct log archiver successfully processed the following files: C:\LogFiles\W3SVC1\ex070709.log C:\LogFiles\W3SVC1\ex070710.log C:\LogFiles\W3SVC1\ex070712.log
3246	Direct log archiver stopped processing. Total number of files processed: No files are available for processing. OR Direct log archiver stopped processing. Total number of files processed: 3
3247	Direct log archiver failed to process the following files: C:\LogFiles\W3SVC1\ex070622.log C:\LogFiles\W3SVC1\ex070626.log C:\LogFiles\W3SVC1\ex070628.log
3248	Detected following windows updates are installed on this system: 1) KB902848 Title: Outlook Live 2003 Service Pack 2 Date: Wednesday, February 22, 2006 2) KB887619 Title: OneNote 2003 Service Pack 2 Date: Wednesday, February 22, 2006 3) KB887620 Title: Project 2003 Service Pack 2 Date: Wednesday, February 22, 2006 4) KB829019 Title: Microsoft .NET Framework 2.0: x86 (KB829019) Date: Tuesday, January 24, 2006 5) KB887618 Title: Office 2003 Service Pack 2 for Proofing Tools Date: Tuesday, February 21, 2006
3249	EventTracker Agent Configuration Modified Version: 6.3 – Build 41 Agent System Name: <System Name> Managers: No change Event Filters: Enable High Performance mode: enabled. System Monitor: No change Monitor Apps: No change Services: No change Log Backup: No change Processes: No change Network Connection Monitor: No change Logfile Monitor: No change
3250	Critical Network alarm – Several systems are not reachable \N\NNumber of ping failure in your enterprise have crossed defined limit.\N\NPlease generate a report on event id 2008 to verify that which system are not reachable.
3251	Critical alert- Intrusion detected.\N\N\NAn unauthorized and repeated logon request from $IntrEvt1.Description&Client Address: &13.\N\NIt may be due to sophisticated hacking attempt. Please investigate and if required block the IP address on the firewall
3252	Critical security alarm – Intrusion is detected – Excessive logon failures \N\N number of log failures in your enterprise have crossed the limit. \NPlease generate a report on event id 676 to verify that which system and user is trying responsible for intrusion.
3253	Intrusion is detected – Excessive logon failures due to bad password \N\N Number of log failures in your enterprise have crossed the limit. \N\NPlease generate a report on event id 675 to verify that which system and user is trying responsible for intrusion.
3254	DLA File not found for processing in last 24 hour
3256	Intrusion Detection: Excessive network logon in your enterprise: \N\NFor more information about this condition\NGenerate a report on event ID 540 using EventTracker – Log Search
3257	Intrusion Detection: Excessive network user lockout in your enterprise: \N\NFor more information about this condition\NGenerate a report on event ID 644 using EventTracker – Log Search
3258	Intrusion Detection: Excessive user lockout in your enterprise: \N\NFor more information about this condition\NGenerate a report on event ID 539 using EventTracker – Log Search
3259	Intrusion Detection: Excessive network logon on computer $ExcessiveC540.ComputerName \N\NFor more information about this condition.\NGenerate a report on event ID 540 using EventTracker – Log Search
3260	Intrusion Detection: Excessive Authentication in your enterprise. \N\NFor more information about this condition.\NGenerate a report on event ID 672 using EventTracker – Log Search
3261	Intrusion Detection: Excessive network logon on computer $ExcessiveC672.ComputerName \N\NFor more information about this condition.\NGenerate a report on event ID=672 using EventTracker – Log Search
3262	Critical security alarm – excessive amount of resource access failures on $ExcessiveC560.ComputerName. \NIt is highly possible that user is persistently trying to access files and operation is not allowed. \N \NGenerate a report for event id 560 by selecting the involved computer names. Examine the origin of the traffic including the user.
3263	Intrusion detected\N\NUnauthorized excessive file access failure on $ExcessiveF560.&Object Name:&&New Handle ID:&. \NIt is highly possible that user is persistently trying to access file and operation is not allowed. \N\NGenerate a report for event id 560 by selecting the involved computer names. Examine the origin of the traffic including the user.
3264	Intrusion detected:\N\NUnauthorized user $ExcessiveU560.User is persistently attempting to access resources which not permitted. \NIt is highly possible that user is persistently trying to access file and operation is not allowed. \N \NGenerate a report for event id 560 by selecting the involved computer names. Examine the origin of the traffic including the user.
3265	High Security Alert:\N\NToo many files are being deleted from $ExcessiveD560.ComputerName \NIt may be a normal deletes. \N\NGenerate a report for event id 560 by selecting the involved computer names. Examine the origin of the traffic including the user.
3266	Critical Security alarm: Excessive logon on computer $ExcessiveC528.ComputerName \N\NFor more information about this condition.\NGenerate a report on event ID=528 using EventTracker – Log Search
3267	Critical Security alarm: Excessive logon on computer $ExcessiveC529.ComputerName \N\NFor more information about this condition\NGenerate a report on event ID=529 using EventTracker – Log Search
3268	Critical Security alarm: Excessive logon on domain $Excessive529.Domain \N\NFor more information about this condition.\NGenerate a report on event ID=529 using EventTracker – Log Search
3271	This event indicates that the user has initially logged onto the network. $InitEvt3.Description
3272	EventTracker Diagnostics found.Status: Normal
3272	EventTracker Diagnostics found few issues. Services Stopped: Service: <Service Name> Service: <Service Name>
3273	Used for vmware logs by EventTracker Agent. Also for Succesful creation of manual collection point
3274	Used for vmware logs by EventTracker Agent. Event Source will be VMWARE Also for Successful creation of manual collection point. Event Source will be EventTracker
3275	Collection Point: <CP Name> deleted successfully Drop Data: <True/False>
3276	A system’s type was modified in the EventTracker application User Information: Account Name: <Value> Account Domain: <Value> Network Information: Client Address: <Value> Client Browser Version: <Value> Configuration Information Name : <Value> Old value Type: <Value> New value Type: <Value>
3277	Agent Installation Status : <Install / Upgrade> Agent version on system Agent Systemname : < Agent version > OS Type : <OS Type > File Versions : etagent.exe <Version / Tme stamp > etagent.dll <Version / Tme stamp > etaconfig.exe <Version / Tme stamp > etaconfig.ini <Tme stamp>
3278	EventTracker Agent Configuration Modified Version:<EvenTracker Build Number> Agent <System Name>Managers: No change Event Filters: No change System Monitor: No change Monitor Apps: No change Services: No change Log Backup: No change Processes: No change Network Connection Monitor: No change Logfile Monitor: No changeSystem(s) requested for configuration changes: <system names>
3279	Agent DLA file send attempt Manager: <system names> File: <EC file name> Status: Success/Failed Reason: Descriptive message for failure with error codes etc (applicable only for failures)
3280	An account was successfully logged on to EventLogCentralNew Logon: Account Name: <User Name> Account Domain: <Domain name> Network Information: Client Network Address: <Network Address> Client Browser Version: Gecko v1.0.
3281	An account failed to log on to EventLogCentralAccount For Which Logon Failed: Account Name: <User Name> Account Domain: <Domain name> Failure Information: Failure Reason: Invalid username or password Network Information: Client Network Address: <Network Address> Client Browser Version: Gecko v1.0.
3282	An account was logged off from EventLogCentral.Subject: Account Name: <User name> Account Domain: <Domain name> Network Information: Client Network Address: <Network Address> Client Browser Version: IE v7.
3283	A scheduled analysis was added from EventTracker User Information Account Name: <User name> Account Domain: <Domain name> Configuration Information: Analysis title: Logs – Detail Analysis type: Logs – Detail Categories: *ALERTS* Schedule Freq: Daily Schedule Time: 12:00:00 AM Systems: <System1:System2: . .> System Groups: <Group1:Group2: . .> Sites: <Site Name> Sort by: Log Time Export type: PDF File (*.pdf) Analysis Header: Analysis Footer:
3284	A scheduled analysis was modified from EventLogCentralUser Information: Account Name: <User name> Account Domain: <Domain name>Network Information:Client Address: <Client Address> Client Browser Version: IE v7.0Configuration Information:Analysis Name: alerts analysis Old Value: Description: Analysis type:Logs Schedule frequency:Daily Schedule start time:12:00:00 AM Schedule, first run:1/29/2009 12:00:00 AM Email: Systems: Site:ETSERVER, Groups:DLA, Systems:attacktestRefine User: Refine Desc: Filter User: Filter Desc: Sort by:Computer Export type:PDF file RSS feed:None Report Header:EventLogCentral Report Footer:New Value: Description: Analysis type:Logs Schedule frequency:Daily Schedule start time:12:00:00 AM Schedule, first run:1/29/2009 12:00:00 AM Email: Systems: Site:ETSERVER, Groups:DLA, Systems:attacktest Refine User: Refine Desc: Filter User: Filter Desc: Sort by:Computer Export type:PDF file RSS feed:None Report Header:EventLogCentral Report Footer:
3285	A scheduled report was deleted from EventTracker User Information Account Name: <User name> Account Domain: <Domain name> Configuration Information: Report title: Daily USER Logon Schedule Freq: Daily Schedule Time: 2/11/2009 11:59:59 PM
3286	A custom column was added from EventTracker User Information Account Name: <User name> Account Domain: <Domain name> Configuration Information: Column Name: EmpLogoffTime Column Key: LogOffTime Key Value Splitter: : Key Value Terminator: ; Custom Resolution:
3287	A custom column was modified from EventTracker User Information Account Name: <User name> Account Domain: <Domain name> Configuration Information: Old Values: Column Name: EmpName Column Key: UserName Key Value Splitter: : Key Value Terminator: ; Custom Resolution: New Values: Column Name: Column Key: Key Value Splitter: : Key Value Terminator: ; Custom Resolution:
3288	A custom column was deleted from EventTracker User Information Account Name: <User name> Account Domain: <Domain name> Configuration Information: Column Name: U Name Column Key: UNa
3289	A report Configuration was modified from EventTracker User Information Account Name: <User name> Account Domain: <Domain name> Configuration Information: Option screen: E-mail Configuration Old Values: Authentication: False Username: New Values: Authentication: True Username:
3290	A role was added from EventLogCentralUser Information: Account Name: <User name> Account Domain: <Domain name>Network Information: Client Address: <Client Address> Client Browser Version: IE v7.0Configuration Information: Role Name: Testrol
3291	A role was modified from EventLogCentralUser Information: Account Name: <Account name> Account Domain: <Domain name>Network Information: Client Address: <Client Address> Client Browser Version: IE v7.0Configuration Information: Role Name: Testrole Old Value:Home Alerts,New Value:Home,Alerts,Advanced,Advanced Compliance,Advanced Security,Advanced Operations,On Demand,Advanced Scheduled Report,Defined Report,Exception,Dashboard,Configuration
3292	A role was deleted from EventLogCentralUser Information: Account Name: <User Name> Account Domain: <Domain name>Network Information: Client Address: <Client address> Client Browser Version: IE v7.0 Configuration Information:Role Name: ETREPORT Admin
3293	(Asked by UserA for UserB)
3294	Token template Added
3295	Token template Modified
3296	Token template deleted
3297	Token template Activated/In Activated.
3298	"Access denied. You do not have permission to view this page. URL: http://somedomain/page"
3500	EventTracker Agent has successfully received and processed the file <File Name> Contents that are read. InputDir = OutputDir = Schema Path = C:\Program Files\Prism Microsystems\EventTracker\Agent\xml OVALDefXslValid = 0 OVALDefXslFile = oval-definitions-schematron.xsl XCCDFXsdValid = 1 XCCDFXsdFile = xccdf-1.1.4.xsd OVALResultApplyXSL = 1 OVALResultXSLFile = results_to_html.xsl OVALSysCharFile = OVALSysChar.xml OVALTransFile = OVALResults.html XCCDFResultFile = XCCDFResults.xml XCCDFResultApplyXSL = 0 XCCDFResultXSLFile = xccdf_to_docx.xsl XCCDFTransFile = XCCDFResults.docx InputFolderName = C:\Program Files\Prism Microsystems\EventTracker\Agent\SCAP\NEMO\Input1270544121516 OutputFolderName = C:\Program Files\Prism Microsystems\EventTracker\Agent\SCAP\NEMO\Output1270544121516 BenchmarkProfile = DISA-Gold BenchmarkId = 55 SchedulesId = 4
3501	EventTracker Agent has successfully generated the XCCDF result file.List of files that are generated. OVALTransFilePath = C:\Program Files\Prism Microsystems\EventTracker\Agent\SCAP\NEMO\Output1270543003612\OVALResults.html, OVALResultPath = C:\Program Files\Prism Microsystems\EventTracker\Agent\SCAP\NEMO\Output1270543003612\OVAL_Result.xml, OVALSysCharPath = C:\Program Files\Prism Microsystems\EventTracker\Agent\SCAP\NEMO\Output1270543003612\OVALSysChar.xml, XCCDFResultPath = C:\Program Files\Prism Microsystems\EventTracker\Agent\SCAP\NEMO\Output1270543003612\XCCDFResults.xml.
3502	Agent FDCC process attempt Manager: <System Name > Status: Success
3503	Agent FDCC process attempt Manager: <System Name > Status: Failed/Success Reason: Descriptive message for failure with error codes etc (applicable only for failures)
3505	[Info/Error] License Data receive failed
3506	[Info/Error] EventTracker Agent Configuration update requested from Manager
3507	[Info/Error] EventTracker Agent Script File Execution success/Failure
3508	[Warning] System Handle crossed the threshold limit.
3508	[Info] System Handle Usage is normal and below the usage limit.
3509	[Warning] System Thread crossed the threshold limit.
3509	[Info] System Thread Usage is normal and below the usage limit.
3510	[Warning] Process Handle crossed the threshold limit.
3510	[Info] Process Handle Usage is normal and below the usage limit.
3511	[Warning] Process Thread crossed the threshold limit.
3511	[Info] Process Thread Usage is normal and below the usage limit.
3512	[Info] Network connection opened: Type: TCP IP Version: 4 Local Address: <Local IP Address > Local Hostname: <Local Hostname > Local Port: <Port No> Remote Address: <Remote IP Address > Remote Hostname: <Remote Hostname > Remote Port: <Port No > Direction: Inbound User: <Username > Process ID: <Process ID > Process Name: <Process Name > Image File Name: <Image File Name > Services registered in this process: MSSQLSERVER(SQL Server (MSSQLSERVER))
3513	[Info] Network connection opened: Type: TCP IP Version: 4 Local Address: <Local IP Address > Local Hostname: <Local Hostname > Local Port: <Port No> Remote Address: <Remote IP Address > Remote Hostname: <Remote Hostname > Remote Port: <Port No > Direction: Outbound User: <Username > rocess ID: <Process ID > Process Name: <Process Name > Image File Name: <Image File Name >
3514	[Info] Network connection opened: Type: TCP IP Version: 4 Local Address: <Local IP Address > Local Hostname: <Local Hostname > Local Port: <Port No> Remote Address: <Remote IP Address > Remote Hostname: <Remote Hostname > Remote Port: <Port No > Direction: Outbound User: <Username > rocess ID: <Process ID > Process Name: <Process Name > Image File Name: <Image File Name >
3515	[Info] UDP operation detected: Type: UDP IP Version: 4 Local Address: <Local IP Address > Local Hostname: <Local Hostname > Local Port: <Port No> Remote Address: <Remote IP Address > Remote Hostname: <Remote Hostname > Remote Port: <Port No > Operation: Send Bytes: 659 User: <Username > rocess ID: <Process ID > Process Name: <Process Name > Image File Name: <Image File Name > Services registered in this process: EventTracker Agent(EventTracker Agent)
3516	[Info] UDP operation detected: Type: UDP IP Version: 4 Local Address: <Local IP Address > Local Hostname: <Local Hostname > Local Port: <Port No> Remote Address: <Remote IP Address > Remote Hostname: <Remote Hostname > Remote Port: <Port No > Operation: Receive Bytes: 659 User: <Username > Process ID: <Process ID > Process Name: <Process Name > Image File Name: <Image File Name > Services registered in this process: EventTracker Receiver(EventTracker Receiver)
3517	DLL load
3518	DLL unload
3519	[Info]A Suspicious process has been terminated by EventTracker. Process Name: <Process Name > Image File Name: <Image File Name > Account Name: <Account name> Account Domain: <Domain name> New Process ID: <New Process ID > Creator Process ID: <Creator Process ID > Creator Process Name: <Creator Process Name > Creator Image File Name: <Creator Image File Name > System Name: <System Name > File Version: <File Version > File Description: <File Description > Product Name: <Product Name > Product Version: 6.1.7600.16385 Process Command Line: <Process Command Line > File Size: <File Size > Last Modified Time: 2010-11-20T21:29:39Z Signed: No Signer: N/A Signed On: N/A Counter Signed: No Counter Signer: N/A Counter Signed On: N/A Session ID: 5 UserSid: S-1-5-21-903365541-1942580562-2730907773-1497 Token Elevation Type: TokenElevationTypeDefault(1) LogonId: 0x1d2195f Token Integrity Level: High Hash (MD5): 60b7c0fead45f2066e5b805a91f4f0fc
3520	EventTracker Monitoring Daemon: EventTracker Agent scheduled restart success. EventTracker Monitoring Daemon: EventTracker Agent Forced restart success.
3520	EventTracker Monitoring Daemon: Memory threshold crossed the limit and Memory Usage: 1024 MB, PeakMemoryUsage: 1300 MB of the RAM, restarting the service. EventTracker Monitoring Daemon: CPU usage threshold crossed the limit of 00:01:04:9870 min, restarting the service. EventTracker Monitoring Daemon: Handle threshold crossed the limit of <>, restarting the service. EventTracker Monitoring Daemon: EventTracker Agent Forced restart failure. Current State: 02 Exit Code: 06 Check Point: 00 Wait Hint: 1000
3521	Used for events generated by NCM when new ports starts listening for connection
3522	New process hash detected
3523	New remote IP detected
3524	[Info]A new process, which is communicating to an external IP address, has been detected by EventTracker. Hash (MD5): c5c785497a57fc48ab3d11245b90ed09 Process Name: <Process Name > Image File Name: <Image File Name > Local Address: <Local IP Address > Local Port: <Port No> Remote Address: <Remote IP Address > Remote Port: <Remote Port > Direction: Outbound Account Name: <User name> Account Domain: <Domain name> Process ID: <Process ID> Creator Process ID: <Creator Process ID> Creator Process Name: <Creator Process Name> Creator Image File Name: <Creator Image File Name> System Name: <System Name> File Version: <File Version> File Description: <File Description> Product Name: <Product Name> Product Version: <Product Version> Signed: Yes Signer: Grammarly, Inc. Signed On: 0000-00-00T00:00:00Z Counter Signed: No Counter Signer: Counter Signed On: 0000-00-00T00:00:00Z Session ID: 7 Process Command Line: N/A
3525	Configuration File Missing: EventTracker agent will not terminate suspicious process because WHT_HLST.safe file is not available.
3526	SQL service MSSQL$SQLEXPRESS has crossed the configured threshold value of 2048 MB. Current memory usage is 2058 MB. EventTracker agent is restarting the SQL instance. Instance name: MSSQL$SQLEXPRESS Memory Threshold: 2048 MB Current value: 2050 MB
3529	Event Type: warning Description: EventTracker Agent had detected anomalous login attempt from IP address 178.1.10.26, act of prevention created the firewall rule EventTrackerRDPProtectRule_178.1.10.26 in windows firewall. Event Type: Information Description: EventTracker Agent added anomalous login rule has crossed the rule expire time. Rule EventTrackerRDPProtectRule_178.1.10.26 will be removed from windows firewall.
3530	Event Type: warning Description: EventTracker Agent had detected anomalous login attempt from IP address 1.2.3.4, act of prevention adding the IP address to the EventTracker block list Event Type: Information Description: EventTracker Agent added anomalous login for IP address has crossed the rule expire time. IP address 1.2.4.4 will be removed from EventTracker block list.
3531	Event Type: warning Description: EventTracker Agent had attempt to connect URL https://registrationapi.eventtracker.com/ip2geo.php Failed Error message : Information Description: EventTracker Agent had attempt to connect URL https://registrationapi.eventtracker.com/ip2geo.php Success : collected Geo Information code:200, message:success ip:IP Address country_code:IN country_name:India sub_div_name:Karnataka sub_div_code:KA city:Bengaluru postal_code:560049 latitude:12.9833 longitude:77.5833 time_zone:Asia\/Kolkata
4015	"A new ticket has been created in PSA tool from the EventTracker application Tool Name: <Tool Name> Case id: <Case id> Ticket id: <Ticket id> Title: <Title> Added by: <Added by>"
4016	"A ticket in PSA tool has been modified from the EventTracker application Tool Name: <Tool Name> Case id: <Case id> Ticket id: <Ticket id> Modified by: <Modified by> Notes: ECC observed multiple attacks (Cross-Site Scripting, SQL Injection, and Remote code execution with Directory traversal) on the URL https://www.aarete.com/resources/css/styles.css?, from the bad reputed (Ukraine) which is involved in BOTS activity. and the attack status code is 200(Successful). Criticality: Medium Status: New"
4017	ConnectWise ticket delete
4018	log event when there is a failure to map EventTracker group to ConnectWise Manage company
4019	log event when there is a failure to map EventTracker system to ConnectWise Manage configuration
4021	"A report has been published to RMM Tool from EventTracker application. Tool Name: <Tool Name> Report Name: <Report Name> Report Status : No Record Found Group: <Group>"
4022	"A report has failed to publish to RMM Tool from EventTracker application. Tool Name: <Tool Name> Report Name: <Report Name> Report Status : <Report Status> Group: <Group>"
8011	Unsafe MD5 detected