Previous Topic: About Policy Incident LogsNext Topic: Trigger-level Messages

Platform Deployment GuideLog FilesAbout Log FilesAbout Policy Incident LogsEvent-level Messages

Event-level Messages

Only one of these messages is logged for each event, regardless of how many triggers the event causes to fire. They are structured as follows:

<Associated user>
<Message ID> 
<User action>
<Policy outcome>
<Event severity>
<Machine name> 
<Event ID> 
<Event URL>

where:

<Associated user>

Is the primary participant of an event, for example, the sender of an outgoing e‑mail.

For details about how CA DataMinder assigns participants to files events (such as files scanned by the FSA or captured by the NBA), see the Event Participants technical note, available from CA Technical Support.

<Message ID>

Is a code that identifies the message type (event-level or trigger-level) and severity.

<User action>

Describes what the user did (for example, ‘The user sent an email’) or the event type (such as ‘Scanned file’) .

<Policy outcome>

Summarizes the outcome of policy processing. For example, CA DataMinder blocked the email or warned the sender.

<Event severity>

Indicates which severity band the event is assigned to (Low, Medium or High).

<Machine name>

Indicates the source machine. For example, this could be the machine from which an email was sent.

<Event ID>

Uniquely identifies a captured or imported event in the CMS database.

<Event URL>

Provides a URL to display the event in the iConsole. Users can browse to this URL to view the event in the iConsole.