How to confirm which field parameters to use when creating or editing rules (NETIQKB72374)

  • 7772374
  • 03-Jun-2010
  • 10-Feb-2011


Security Manager 6x

Development console


Whenever a rule is created in the development console, it is sometimes necessary to use advanced criteria. However it is not always obvious which parameter equates to which criteria for a particular event id.


To find a list of parameter mappings:

1. Go to development console

2. right click any processing rule group

3. click "import dynamic link library"

4. click file\browse\security\security\open

The resulting window will display a list of parameter mappings.  For example: event id 538 contains entry: "%tUserName:t%t%t%1%n  %tDomain:t%t%t%2%n    %tLogon ID:t%t%t%3%n  %tLogon Type:t%t%t%4%n" 

The subsequent number entry is the parameter for that criteria.  In this example Parameter 1 = UserName, Parameter 2 = Domain, Parameter 3 = Logon ID, and Parameter 4 = Logon Type.

Note: Some event id's will contain more parameter mappings than others and the event id list is not in numerical order.


Additional Information

Formerly known as NETIQKB72374

Feedback service temporarily unavailable. For content questions or problems, please contact Support.