This page (revision-1) was last changed on 29-Nov-2024 16:16 by UnknownAuthor

Only authorized users are allowed to rename pages.

Only authorized users are allowed to delete pages.

Page revision history

Version Date Modified Size Author Changes ... Change note

Page References

Incoming links Outgoing links
NotesOnNsureAuditQueries
NotesOnNsureAuditQueries

Version management

Difference between version and

At line 1 added 27 lines
This is a "Distribution" Query for IDM for the last 24 hours
{{{select EventID, count(*) 'Total Count' from [TABLE]
where EventID between HexToDec[0x30000] and HexToDec[0x3FFFF]
and [TIME] = [LAST_24_HOURS]
group by eventid}}}
This is a "Distribution" Query for eDir for the last 24 hours
{{{select EventID, count(*) 'Total Count' from [TABLE]
where EventID between HexToDec[0x000B0000] and HexToDec[0x000BFFFF]
and [TIME] = [LAST_24_HOURS]
group by eventid
Outsdide of iManager it would be:
select EventID, count(*) 'Total Count' from log
where EventID between 0x000B0000 and 0x000BFFFF group by EventID
}}}
As iManager will "Translate" the fields based on the application "Schema", the ouput outside of iManager is not nearly as readable.
A good SQL Statment to start with is:{{{
select INET_NTOA(Sourceip), FROM_UNIXTIME(ClientTimeStamp), clientms, FROM_UNIXTIME(ServerTimeStamp), sessionID, component, eventID, Severity, grouping, Originator, Target, SubTarget, text1, text2, text3, value1, value2, value3, data from log }}}
!! More Information
There might be more information for this subject on one of the following:
[{ReferringPagesPlugin before='*' after='\n' }]
This page (revision-1) was last changed on 29-Nov-2024 16:16 by UnknownAuthorTop