Supported Variables and Fields

<< Click to Display Table of Contents >>

Navigation:  Working with EventSentry > Computer Groups > Variables >

Supported Variables and Fields

Run-time variables

Run-time variables are variables that may change during run-time or that depend on the event record being processed. These variables are supported in the following fields:

 

warning_32

For email actions, event variables (e.g. $EVENTID) always reflect the value of the first event contained in the email (since emails may contain multiple records).

 


Email

File

Syslog

SNMP Trap

Desktop (Growl)

Process Action

Event Log Backup

Service / Process

HTTP


Sender Name

Sender Email

Subject

Header & Footer

Email Msg Override

File Name

Prefix

Custom Data

Title
Message

Command Line

Arguments

File Name

Service Name

Process Name

All Form Fields

$HOSTNAME

$HOSTNAMEFQDN

$HOSTNAMEALIAS

X

X

X

X

X

 

 

 

 

X

 

X

$EVENT... VARIABLES (1)

 

X

X

X

X

X

X

X

X

 

 

X

$STR1 .. $STR28

$STRelementName

X

X

 

 

 

 

 

X

X

 

X

X

DATE / TIME VARIABLES (2)

 

 

 

 

X

 

 

 

X

X

 

 

$LOG

 

 

 

 

 

 

 

 

 

X

 

 

$COUNT

 

X

 

 

 

 

 

 

 

 

 

 

$IPADDRESS

 

X

X

X

 

 

X

 

X

 

 

X

$LICENSEE

 

X

X

 

 

 

 

 

 

 

 

 

 

info_32

In email actions, the $LOG variable may be resolved to "Various" in the subject if the email contains events from multiple event logs.

 

Event Variables (1)

$GROUP

$FILTER

$NOTES

$EVENTSOURCE

$EVENTCATEGORY

$EVENTID

$EVENTUSER

$EVENTDATETIME

$EVENTDATETIMEISO8601

$EVENTNUMBER

$EVENTCOMPUTER

$EVENTMESSAGE

 

Date / Time Variables (2)

$DAY

$MONTH

$YEAR

$HOUR

$MINUTE

 

$IPADDRESS: Resolves either to the IP address associated with a host entry in a group, or - if not set there, to the IP address of the interface with the fastest network connection on the system.

 

 

Insertion String Variables

Most Windows events are based on templates and contain dynamic values usually called "Insertion Strings" or "Event meta data". These insertion strings are exposed as variables in EventSentry and can be used in most actions.

 

Insertion string variables always start with $STR and are supported both in numerical (e.g. $STR2) as well as textual form (e.g. $STRIpAddress). The sequence number of an insertion string can be identified with the Event Message Browser, where insertion strings are identified with percentage signs followed by a number, e.g. %1, %2 etc..

 

Event insertion string are specified with the $STRx variable, where x is replaced with the number from the insertion string. For example, to display the 3rd insertion string from an event in an email subject, $STR3 could be included in the email subject of the action. The above table lists which fields support insertion string variables.

 

Insertion strings in their textual form are also specified using the $STRx variable, whereas x is replaced with the name of the meta data element. For example, $STRSubjectUserName would resolve to the content of the field SubjectUserName. Data element names can be found in the Windows event viewer in either the "Friendly View" or "XML View" tab of the event details tab.

 

warning_32

Variable names are case sensitive - only $STRSubjectUserName would resolve to Administrator in the example below, $STRSUBJECTUSERNAME would not!

 

 

clip0332

 

Custom Variables

Custom variables can have any name, but may only contain letters. Numbers and special characters are not supported in the name of a custom variable. Custom variables are supported in the following fields:

 

Backup Event Logs

 Backup File ("File")

 

Log File Monitoring

 File Path

 

Filters

 Source

 Category

 Username

 Computer

 Advanced: Email Subject Override

 Advanced: Email Content Override

 

SMTP Notification

 Sender Name

 Sender Email

 Recipients

 Subject

 Primary (incl. User & Pass)

 Secondary (incl. User & Pass)

 Dial

 Header & Footer

 Character Set

 

HTTP

 Form fields

 HTTP Content Type (PUT/POST)

 HTTP Content Data (PUT/POST)

 

Database Notification

 DSN Name

 Table Name

 Username

 Password

 

Syslog

 Host Name

 Custom data

 

SNMP + SNPP Notification

 Host Name

 

File

 File Name

 Character Set

 

Network Message

 NetBIOS Name

 

Process

 Process Name

 Arguments

 

XMPP

 Chat room