Submit a ticketCall us

Announcing NCM 7.7
With NCM 7.7, you can examine the rules that make up an access control list for a Cisco ASA device. Then you can apply filters to display only rules that meet the specified criteria, order the rules by line number or by the hit count, and much more.
See new features and improvements.

Home > Success Center > Log & Event Manager (LEM) > SolarWinds LEM 6.3 User Guide > Event Data Fields

Event Data Fields

Table of contents
No headers
Created by Caroline Juszczak, last modified by Steve.Hawkins on Sep 14, 2016

Views: 11 Votes: 0 Revisions: 4

The following table explains the meaning of each grid column or data field that can appear in various alert grids, event grids, and information panes throughout the Console. The actual columns and fields that are shown vary according to the alert, view, or grid you are working with. But the meaning of these fields remains the same, regardless of where you see them.

For convenience, the fields are listed in alphabetical order.

Grid column or field Description

EventName

The name of the event.

ConnectionName

The name of the dial-up or VPN connection.

ConnectionStatus

The current status of the dial-up or VPN connection.

DestinationMachine

The destination IP address of the network traffic.

DestinationPort

The destination port number of the network traffic.

DetectionIP

The source network node for the alert data. This is usually a manager or an agent and is the same as the InsertionIP field. It can also be a network device, such as firewall or an intrusion detection system that may be sending log files over a remote logging protocol.

DetectionTime

The time the network node generated the data. This is usually the same as the InsertionTime field, but they can differ when the agent or manager is reading historical data, or if a network device has an incorrect time setting.

EventInfo

A short summary of the alert details. Additional details appear in the following fields, but EventInfo provides enough information to view a  snapshot of the alert information.

ExtraneousInfo

Additional information relevant to the alert, but not reflected in other fields. This can include information useful for correlating or summarizing alert information in addition to the EventInfo field.

Host

The node the log message came from (the LEM or agent that collected the message for forwarding to nDepth).

HostFromData

The originating network device (if different than the node) that the message came from. Normally, Host and HostFromData are the same, but in the case of a remote logging device (such as a firewall) this field reports the original remote device's address.

InferenceRule

The name of the correlation that caused this alert. The InferenceRule field will generally be blank, but in cases where the alert was related to a rule, it displays the rule name.

InsertionIP

The manager or agent that first created the alert. This is the source that first read the log data from a file or other source.

InsertionTime

The time the manager or agent first created the alert. This time indicates when the data was read from a log file or other source.

IPAddress

The IP address associated with the alert. This is a composite field, drawn from several different alert fields. It shows all the IP addresses that appear in alert data.

Manager

The name of the Manager that received the alert. For data generated from an Agent, this is the Manager the Agent is connected to.

Order

In the Event explorer's event grid, the Order field indicates when each event occurred:

File:Success_Center/Reusable_content_-_InfoDev/LEMUserGuide_MT/0F0/030/Icon-BeforeEvent.pngindicates the event occurred before the central event shown in the event map.

File:Success_Center/Reusable_content_-_InfoDev/LEMUserGuide_MT/0F0/030/Icon-CentralEvent.pngindicates the event occurred during (as part of) the central event shown in the event map.

File:Success_Center/Reusable_content_-_InfoDev/LEMUserGuide_MT/0F0/030/Icon-AfterEvent.pngindicates the event occurred after the central event shown in the event map.

Protocol

Displays the protocol associated with this alert (TCP or UDP).

ProviderSID

A unique identifier for the original data. Generally, the ProviderSID field includes information that can be used in researching information on the alert in the originating network device vendor's documentation.

SourceMachine

The IP address the network traffic is coming from.

SourcePort

The port number the network traffic is coming from.

ConnectorAlias

The Alias Name entered when configuring the connector on the manager or agent.

ConnectorId

The actual connector that generated the log message.

ConnectorType

Connector category for the connector that generated the log message.

Username

The user name associated with the alert. This is a composite field, drawn from several different alert fields. It shows all the places that user names appear in alert data.

 

Last modified
07:36, 14 Sep 2016

Tags

Classifications

Public