The interpretation of the EventSubType field depends on the major type of the event.
|
Notes |
|
|---|---|
|
For Web and email events (EventMajorType 1 and 2) the EventSubType describes the direction of the event. Possible values are: |
|
|
0 |
The direction is not known or is not applicable. |
|
1 |
The event is incoming (eg, web page or incoming email). |
|
2 |
The event is outgoing (eg, submitted form data or outgoing email). |
|
17 |
The event is via the webmail channel. |
|
For email and file events (EventMajorType 1 and 5) captured at the network boundary the EventSubType describes the channel of communication: |
|
|
17 |
The event is via the webmail channel. |
|
18 |
The event is via the web channel. |
|
19 |
The event is via the FTP channel. |
|
20 |
The event is via the NNTP channel |
|
21 |
The event is via the IM channel |
|
For Transaction events (EventMajorType 127), possible values of EventSubType are: |
|
|
1 |
The event is a "full" transaction and contains the merged results of one or more partial transactions |
|
2 |
The event is a "partial" transaction and contains the transaction data corresponding to a single captured sequence. |
|
Copyright © 2014 CA.
All rights reserved.
|
|