TerribleDev/TimberWinR
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

More docs

Browse Source
This commit is contained in:
Eric Fontana
2014-07-30 08:01:03 -04:00
parent ce8d21a525
commit 65ea328544
2 changed files with 19 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
TimberWinR/mdocs/WindowsEvents.md
View File

@@ -30,4 +30,22 @@ Example Input:
}
}
}
```
```
## Fields
After a successful parse of an event, the following fields are added:
|Name|Type Description|
|EventLog|STRING Name of the Event Log or Event Log backup file containing this event
|RecordNumber|INTEGER|Index of this event in the Event Log or Event Log backup file containing this event
|TimeGenerated|TIMESTAMP|The date and time at which the event was generated (local time)
|TimeWritten|TIMESTAMP|The date and time at which the event was logged (local time)
|EventID|INTEGER|The ID of the event
|EventType|INTEGER|The numeric type of the event
|EventTypeName|STRING|The descriptive type of the event
|EventCategory|INTEGER|The numeric category of the event
|EventCategoryName|STRING|The descriptive category of the event
|SourceName|STRING|The source that generated the event
|Strings|STRING|The textual data associated with the event
|ComputerName|STRING|The name of the computer on which the event was generated
|SID|STRING|The Security Identifier associated with the event
|Message|STRING|The full event message
|Data|STRING|The binary data associated with the event

0
foo.mkd.txt
View File