The EventDatabase is a
The database contains also tables, which knows something about events. There are three tables, which contains events:
| tablename | purpose |
| tbEventlogMessages |
Stores the events collected by the
|
| tbUniqueEvents | Stores all events, which were uniquely seen by this application. Each of this event has really happened while this application collects the events. |
| tbWellknownEvents |
This table conatins events which were
originally provided by |
Regard:This is not a complete set of tables used in this application. This is provided as an overview at the end of this chapter.
There are some importent points to note:
To show, what is stored into the tbEventlogMessages table, the following table list's all fields of it:
| Propertyname | Type | Description |
| RowId | int | This is the unique key of this table. |
| TimeReceived | datetime | This is the time a machine received an event. |
| MachineName | nvarchar(15) | This is the name of the machine, which saved this event. |
| TimeGenerated | datetime | This is the time a machine found an event generated. |
| TimeWritten | datetime | This is the time a machine saved the event. |
| Logfile | nvarchar(24) | The logfile, the event is associated with. |
| RecordNumber | int | This is the unique id of this event inside the machines logfiles. |
| SourceName | nvarchar(48) |
The name of the source of this event
[== |
| Category | int | Categories are specified to each SourceName. |
| CategoryString | nvarchar(32) | This is the Category translated to text. |
| EventType | int | Valid types range from 0 to 5 |
| EventCode | int |
This is the unique id of this event within
it's |
| Message | nvarchar(2048) | This is the text of the message. |
| InsertionStrings | nvarchar(256) | This contains the parameters used by the logging program together with the message above. |
| Username | nvarchar(64) | An event can be associated to a user on the system, which caused the event. |
| Computername | nvarchar(64) | The computer, were the event was originally created on. Because one can log even from remote applications, this is also importent. On clusternodes, an event may appear to both's nodes local eventlog, but this computer property shows, on which machine the event was caused. |
Regard:The usual viewer use only a subset of this fields!
Though this is not the technical documentation about the database, the following table list the database objects and their purpose:
| Objectname | Type | Purpose |
| tbEventlogMessages | table | Stores the events data |
| tbUniqueEvents | table | stores each event exactly one time |
| vwEventlogMessages-DistributionExtended | view | used by EventlogAnalyzer2.aspx and WellknownEvents-ListBySource1.aspx |
| vwEventlogSamples-List | view | Used by WellknownEvents-ListAll1.aspx |
| spEventlogMessages-EventOverview-LastHours | stored procedure | Used to obtain the number of events within a given interval; used by EventlogOverview |
| spInsertNewMessageSamples | stored procedure | Find new unique events and store them into tbUniqueEvents |
| ??? | sql batch | Runs all 24h; Uses spInsertNewMessageSamples to insert into tbUniqueEvents |
| ??? | sql batch | Runs all 24h;Used to delete all events in tbEventlogMessages which are older than 10 days. |