Managing event structure and log schema

To categorize events, the logging application translates event definitions to a human readable format. Any consumer, which reads the events, relies on event definitions. For example, translation occurs any time a log macro runs or any time you view events.

All event definitions are based on the log schema, which is a fixed set of fields. The following types of event definitions are available:

• Predefined event definitions: A set of Trust Protection Foundation event definitions. The event definitions appear in the Logging Event Definitions folder.

  During installation, CyberArk Configuration Console imports Log Schema Channel (.LSC) files with the pre-defined events to the Log server schema. The imported event definitions appear in the Logging Event Definitions folder.

  To see a complete list of Trust Protection Foundation Event Group IDs and error codes, which are in hexadecimal format, visit our Support article.

• Add-on application event definitions: An optional set of event definitions that you define for your custom SDK applications. Add-on application event definitions use Component IDs in the 0200-0299 range. This reserved range of Component IDs ensures that your event definitions have unique Event IDs. After a successful import, the event definitions appear in the Logging Event Definitions folder.

  TIP  To browse topics in this section, use the menu on the left side of this page.