Codes of dictionary settings in audit event records

If logging of audit events and modified settings is enabled in Event Log settings, when a dictionary is created, edited, or deleted in the Rules → Dictionaries section, detailed information about the changes is recorded in an Audit Log event.

Changes in the Dictionary usage group of settings are not logged.

The following table shows how dictionary settings are coded in an Audit Log record.

Codes of dictionary settings in an audit event record

Setting in the Rules → Dictionaries section	Code in the audit event record	Examples
Dictionary ID	`id` Changes of the setting are only logged when a dictionary is created or deleted.	Dictionary created: `id[][1]` `name[][New dictionary]` `description[][]` `content.type[][Text]` Dictionary modified: `name[New dictionary][Test dictionary]` `description[][Some desc]` Dictionary deleted: `id[1][]` `name[Test dictionary][]` `description[Some desc][]` `content.type[Text][]`
Name	`name`
Description	`description`
Dictionary contents	`content.type` Possible values: `texts` if Strings is selected. `attachmentFormats` if File types is selected.
Text	`content.texts.textList` After creating a dictionary with string content type, the audit log record will also contain lines for the Search types setting of the following form: `content.attachmentFormats.<category code>.<file type code>[][false]` If a data category has a subcategory, the record contains `<category code>.<` `subcategory code>.` For category, subcategory, and file type codes, see Dictionary category and file type codes in audit events.	Dictionary created: `content.texts.textList.Added[Abc Def]` Dictionary modified: `content.texts.textList.Added[Ghi Xyz]` `content.texts.textList.Removed[Def]` Dictionary deleted: `content.texts.textList.Removed[Abc Ghi Xyz]`
Wildcard	`content.texts.wildcardList` After creating a dictionary with string content type, the audit log record will also contain lines for the Search types setting of the following form: `content.attachmentFormats.<category code>.<file type code>[][false]`	Dictionary created: `content.texts.wildcardList.Added[.exe]` Dictionary modified: `content.texts.wildcardList.Added[.vbs]` `content.texts.wildcardList.Removed[.exe]` Dictionary deleted: `content.texts.wildcardList.Removed[.vbs]`
Regexp	`content.texts.regexList` After creating a dictionary with string content type, the event record will also contain records for the Search types setting of the following form: `content.attachmentFormats.<category code>.<file type code>[][false]`	Dictionary created: `content.texts.regexList.Added[^test_pattern$]` Dictionary modified: `content.texts.regexList.Added[\Atest_pattern\z]` `content.texts.regexList.Removed[^test_pattern$]` Dictionary deleted: `content.texts.regexList.Removed[\Atest_pattern\z]`
Search types	When creating or deleting a dictionary, a line of the following form is logged for each file type: `content.attachmentFormats.<category code>.<subcategory code>.<file type code>` When modifying the dictionary, for file types whose check box state has changed, a line of the following form is logged: `content.attachmentFormats.<category code>.<subcategory code>.<file type code>` After creating a dictionary with File types content type, the log also includes records for the Text, Wildcard, Regexp settings of the following form: `content.texts.textList.Added[]` `content.texts.wildcardList.Added[]` `content.texts.regexList.Added[]`	The dictionary is created for the following file types: 7Z*; ACE; ARJ; EXE; DLL; OCX; SCR; SWF. `content.attachmentFormats.archiveCategory.archive7z[][true]` `content.attachmentFormats.archiveCategory.archiveAce[][true]` `content.attachmentFormats.archiveCategory.archiveArj[][true]` `content.attachmentFormats.executableCategory.` `executableWin[][true` `content.attachmentFormats.imageCategory.` `animationSubcategory.multimediaSwf[][true]` Lines are also added for all file types that were not selected: `content.attachmentFormats.archiveCategory.archiveBzip2[][false]` `...` `content.attachmentFormats.archiveCategory.archiveZip[][false]` `...` `content.attachmentFormats.officeCategory.` `spreadsheetSubcategory.officeOds[][false]` `content.attachmentFormats.unknown[][false]` Dictionary modified: `content.attachmentFormats.archiveCategory.` `archiveArj[true][false]` No records are added for other file types because the other file types are unchanged. Dictionary deleted: `content.attachmentFormats.archiveCategory.archive7z` `[true][]` `content.attachmentFormats.archiveCategory.archiveAce` `[true][]` `content.attachmentFormats.archiveCategory.archiveArj` `[false][]` `content.attachmentFormats.executableCategory.` `executableWin[true][]content.attachmentFormats.` `imageCategory.animationSubcategory.multimediaSwf` `[true][]` For all other file types, records like this are logged: `content.attachmentFormats.<category code>.<file type>[false][]`

Page top