- module
Name of a samhain module (e.g. the module to watch login/logout events). Used in initialization/error reports for a module.
- return_code
Return code from a module. Used in initialization/error reports for a module.
- syscall
ID of bad syscall. Formerly used by kernel checking module.
- ip
IP address. Login/logout watch. Also used in received syslog messages (see below).
- tty
Terminal used. Login/logout watch.
- time
Login/logout time. Also used in some other messages (e.g. time to complete file check).
- fromhost
Host from which user is logged in. Login/logout watch.