Name of a samhain module (e.g. the module to watch login/logout events). Used in initialization/error reports for a module.
Return code from a module. Used in initialization/error reports for a module.
ID of bad syscall. Formerly used by kernel checking module.
IP address. Login/logout watch. Also used in received syslog messages (see below).
Terminal used. Login/logout watch.
Login/logout time. Also used in some other messages (e.g. time to complete file check).
Host from which user is logged in. Login/logout watch.