CAS Changes domain
Tracks changes to monitored items (files, registry variables, etc.). This topic describes the domain's entities and attributes.
Available to roles: all
Monitored Changes Entity
This entity is created each time a monitored item changes. It identifies the monitored item within the CAS instance, and points to the saved data for the change.
Attribute | Description |
---|---|
Change Identifier | Unique identifier for the change. |
Sample Time | Timestamp (date and time on host) that sample was taken. |
Audit Config Id | Identifies the host configuration. |
Saved Data Id | Identifies the Saved Data entity for this change. |
Audit State Label Id | Identifies the Host Configuration entity for this change. |
Timestamp | Date and time this change record was created on the server (Guardium appliance server clock). |
MD5 | Indicates whether or not the comparison is done by calculating a checksum using the MD5 algorithm and comparing that value with the value calculated the last time the item was checked. The default is to not use MD5. If MD5 is used but the size of the raw data is greater than the MD5 Size Limit configured for the CAS host, the MD5 calculation and comparison will be skipped. Regardless of whether or not MD5 is used, both the current value of the last modified timestamp for the item and the size of the item are compared with the values saved the last time the item was checked. |
Owner | Unix only. If the item type is a file, the file owner. |
Permissions | Unix only. If the item type is a file, the file permissions. |
Size | File size, but there are special values as follows: -1 = File exists, but has a zero bytes 0 (zero) = File does not exist, but this file name is being monitored (it never existed or may have been deleted) |
Last Modified | Timestamp for the last modification, taken from the file system at the sample time.. |
Last Modified Date | Date for the last modification. |
Last Modified Time | Time for the last modification. |
Last Modified Weekday | Day of week for the last modification. |
Last Modified Year | Year for the last modification. |
Group | Unix only. If the item type is a file, the group owner. |
Host Configuration Entity
A Host Configuration entity is created for each item in a CAS instance.
Attribute | Description |
---|---|
Audit State Label Id | Unique numeric identifier for the configuration item |
Timestamp | Timestamp for creation of the entity |
Host Name | Database server host name or IP address |
OS Type | Operating system: Unix or Windows |
DB Type | Database type: Oracle, MS-SQL, DB2®, Sybase, Informix®, or N/A if the change is to an operating system instance |
Instance Name | Name of the template set instance |
Type |
Type of monitored item that changed. OS Script or SQL Script: A change triggered by the OS script contained in the monitored item template definition. Environment Variable: An environment variable (Unix only) Registry Variable: A registry variable (Windows only) File: A specific file. There is no host configuration entity for a file pattern defined in the template set used by the instance. Instead, there is a separate host configuration entity for each file that matches the pattern. |
Monitored Item | The name of the changed item, from the Description (if entered), otherwise a default name depending on the Type (a file name, for example). |
Saved Data Entity
A Saved Data entity is created each time a change is detected for an item being monitored, if the Keep data box is marked for that item in the item template definition.
Attribute | Description |
---|---|
Saved Data ID | Unique numeric identifier for the saved data item. |
Saved Data | The actual data saved. |
Timestamp | Timestamp for when the saved data entity was recorded in the server database. |
Change Identifier | Identifies the monitored changes entity for this saved data entity. |
Saved Data ID is only available to users with the admin role.