7.5.10 Evidence
The Evidence designator provides the error event information that triggered the indictment. The evidence shown depends on the system that generated the error log and the registered rules. As a result the contents of the evidence field may vary.
Typically, the evidence includes the following:
- The time stamp of the event responsible for the callout.
- The event identifier, which is displayed differently depending on the responsible rule set. (In some cases, the event identifier uses new common event header Unique_ID_Prefix and Unique_ID_Count components. Where the Unique_ID_Prefix refers to an OS-specific identification for this event type and the Unique_ID_Count indicates the number of this event type that occurred.)
- The ruleset name and revision number may be included depending on the rule set.