SQL Tables
All discovered USB, CDROM and file system events are saved in SQL table ARGSOFT_SE_FS_EVENT.
Column | Type | Size | Description |
UUID | varchar | 36 | Unique identifier |
CREATE_TIME | datetime | Record creation time | |
MODIFY_TIME | datetime | Record modification time | |
MACHINE | nvarchar | 128 | Workstation name |
EVENT_TIME | datetime | Event time | |
DEVICE_TYPE | int | 1 – USB 2 – CDROM Others – Fixed Hard Drives |
|
OBJECT_TYPE | int | 1 – Directory 2 – Device Others – Regular File |
|
FILE_PATH | nvarchar | 512 | Path for the relevant file or folder |
WHO | nvarchar | 256 | User that causes the event |
OPERATION | int | 1 – USB detached or CDROM ejected
2 – File created 3 – File deleted 4 – File renamed 5 – File changed Others – USB attached or CDROM loaded |
|
OWNER | nvarchar | 256 | Who created this record |
CRC_HIGH | int | Record CRC high dword | |
CRC_LOW | int | Record CRC low dword |