Interpreting an Event

Event logs consist of a header, a description of the event (based on the event type), and additional data. Most security log entries consist of the header and a description.

SunLink Server Manager displays events from each log separately. Each line shows information about one event, including date, time, source, category, Event ID, user account, and computer name.

Event Header

An event header contains the following information:

• Date - The date the event occurred.

• Time - The time the event occurred.

• Source - The software module that logged the event, which can be either an application name or a component of the system or of a large application, such as a service name.

• Category - A classification of the event by the event source. This information is used primarily in the security log.

• Event - A number identifying the particular event type. The first line of the description usually contains the name of the event type. For example, 6005 is the ID of the event that occurs when the log service is started. The first line of the description of such an event is "The Event log service was started." The Event ID and the Source can be used by product support representatives to troubleshoot system problems.

• User - The user name of the user on whose behalf the event occurred. If the event is not logged by a user, then the Security ID of the logging entity is displayed.

• Computer - The name of the computer on which the event occurred.

Event Description

The format and contents of the event description vary, depending on the event type. The description is often the most useful piece of information, indicating what happened or the significance of the event.

Event Types

The SunLink Server Manager logs indicate the event types:

• Error - Significant problems, such as a loss of data or loss of functions. For example, an Error event would be logged if a service was not loaded during SunLink Server startup.

• Warning - Events that are not necessarily significant, but that indicate possible future problems. For example, a Warning event would be logged that the server is low on key resources.

• Information - Infrequent significant events that describe successful operations of major server services. For example, when a service starts successfully, it would log an Information event.

• Success Audit - Audited security access attempts that were successful. For example, a user's successful attempt to log on to the system would be logged as a Success Audit event.

• Failure Audit - Audited security access attempts that failed. For example, if a user tried to access a network drive and failed, the attempt would be logged as a Failure Audit event.

Additional Data

The data field contains binary data that you can display in bytes or words. The application that was the source of the event record generates this information. Because the data appears in hexadecimal format, only someone who is familiar with the source application can interpret its meaning.