KAA Report Spec V.01.2 2009.12.29

Example:
20091223:232053-.-kci302128-.-kpt004-.-kic01/01-.-abcdefg-.-kic01/02-.-12345-.--.- 

0.)GENERAL Mark
	a.)Seperate Mark
	-.-
	b.)Ending Mark
	-.--.-
	c.)Addition Mark
	+++
	b.)Reduction Mark
	---

1.)Header
	a.)Date/TimeMark
	YYYYMMDD:HHMMSS

	b.)Customer ID
	kctXXXXXX

	c.)PC ID
	kptXXX

	d.)Report ID(Initial Star Up Information)
	kicXX/XX
	
	e.)Report ID (Event)
	kecXX/XX
	
	d.)Report ID (Continuing Keep Live)
	kklXX/XX

2.)Initial Star Up (VB=bka PHP=bkm.php LOG=bkm.log)
	kic01.)Star Up Hardware Spec
		kic01/01.)CPU Name
		
		kic01/02.)CPU ID
		
		kic01/03.)CPU Core
		
		kic01/04.)RAM Size (in KB)
		
	kic02.)Star Up Network Spec
		kic02/01.)Physical Address
		
		kic02/02.)IP Address
		
		kic02/03.)DHCP Enable(True = Auto/False = Menaul)
		
		kic02/04.)DHCP Server
		
		kic02/05.)LAN Card Spec
			 
	kic03.)Star Up Install SoftwareName
		kic03/01.)Installed SoftwareNames(StartUp Report All)
							(Addition Mark) SoftwareName
							Example: kic03/01-.-+++Adobe Air1+++Adobe Air2-.-
		
	kic04.)Star Up Executed SoftwareName
		kic04/01.)Execute SoftwareNames (StartUp Report All)
							(Addition Mark Means Executed) SoftwareName
							Example: kic04/01-.-+++QQ.exe Air1+++calc.exe-.-
		
	kic05.)Star Up Plug In Extension USB Storage
		kic05/01.)Plug In Extension USB Storages Device Drive Character (StartUp Report All)
							(Addition Mark Means Plug In)Device Drive Character
							If USB Device Drive then Mark (U)
							Example: kic05/01-.-+++E(U)+++F(U)-.-

	kic06.)New Plug In USB Device
		kic06/01.)Plug In Extension USB Storages Device Names and Manufactor (StartUp Report All)
							(Addition Mark Means Plug In)Device name (Manufactor) 
							Example: kic06/01-.-+++USB Audio(Creative)+++USB Mouse(Micro softe)-.-
		
3.)Modificating Evenet Notification (VB=mka PHP=mkm.php LOG=mkm.log) 
	kec02.)Network Spec Change Event
		kec02/01.)Physical Address
		
		kec02/02.)IP Address
		
		kec02/03.)DHCP Enable(True = Auto/False = Menaul)
		
		kec02/04.)DHCP Server
		
		kec02/05.)LAN Card Spec
			 
	kec03.)New Install/Remove SoftwareName Notification
		kec03/01.)Installed/Removed SoftwareNames by Seperate Mark
							(Addition Mark Means Install/ Reduction Mark Means Removed)SoftwareName
							Example: kec03/01-.-+++Adobe Air1-.----Adobe Air2-.-
		
	kec04.)Execute/Stop SoftwareName Notification
		kec04/01.)Execute/Stop SoftwareNames by Seperate Mark
							(Addition Mark Means Execute/ Reduction Mark Means Stop)SoftwareName
							Example: kec04/01-.-+++QQ.exe Air1-.----calc.exe-.-
		
	kec05.)New Plug In/Remove Extension USB Storage Notification
		kec05/01.)Plug In/Remove Extension USB Storages Device Drive Characters by Seperate Mark
							(Addition Mark Means Plug In/ Reduction Mark Means Remove)Device Drive Character
							If USB Device Drive then Mark (U)
							Example: kic05/01-.-+++E(U)-.----F(U)-.-

	kec06.)PlugIn/Remove USB Device Notification
		kec06/01.)PlugIn/Remove Extension USB Storages Device Names and Manufactor by Seperate Mark
							(Addition Mark Means Plug In / Reduction Mark Means Remove)Device name (Manufactor) 
							Example: kec06/01-.-+++USB Audio(Creative)-.----USB Mouse(Micro softe)-.-

	kec07.)Check COPY/DELETE Filename onto Extension Storage
		kec07/01.)FileName by IE English Vision 6.0 by Seperate Mark
							(Addition Mark Means Copy/ Reduction Mark Means Delete)Full FileName 
							Example: kec07/01-.-+++E:\ABC\123\XXX.DAT---F:\qqq\zzzz\999\YYY.exe-.-
		
	kec08.)Upload FileName by Broser/InstantMessanger
		kec08/01.)FileName by IE English Vision 6.0
		kec08/02.)FileName by Yahoo English Vision 9.0
		
	kec09.)Play Audio/Video File by Application
		kec09/01.)FileName with Flash 10d
		
4.)Continuning Keep Alive Reporting (VB=ska PHP=skm.php LOG=skm.log stop.log)  
	kkl01.)Network Spec Keep Alive Reporting
		kkl02/01.)Physical Address
		
		kkl02/02.)IP Address
		
		kkl02/03.)DHCP Enable(True = Auto/False = Menaul)
		
		kkl02/04.)DHCP Server
		
		kkl02/05.)LAN Card Spec

	kkl02.)VB KAA Stopped Removed Alerm
		kkl02/01.)Stopped/Rmoved FileName with Reduction Mark 
							example: kkl02/01-.----bka---mka---ska-.-
		

SUR=Start Up Report (連續 5 min 以上 沒有 STS LTS 視同 STU
STS=Short Time Scanning = 5 Sec
LTS=Long Time Scanning = 1 min


SUR 1.)開機時回報單機硬體內容(CPU/RAM/HDD) 
SUR+STS 2.)定時回報目前單機使用網路相關設定(IP/MAC/DNS/Gateway)
SUR+LTS 3.)回報單機安裝新軟體
SUR+LTS 4.)回報單機執行指定軟體
SUR+STS 5.)回報單機新增外接媒體(USB Drive/HDD/CD-ROM)
SUR+LTS 6.)回報單機新增外接Camera
STS 7.)回報單機複製/貼上外接媒體檔案(檔名/大小/時間)
STS 8.)回報單機使用網頁上傳檔案(檔名/大小/時間)
LTS 9.)回報單機使用網頁播放多媒體(URL/檔名/時間)


KAA=Komodo Alarm Agent
1.)開機時回報單機硬體內容(CPU/RAM/HDD/CD-ROM)
2.)定時回報目前單機使用網路相關設定(IP/MAC/DNS/Gateway)
3.)回報單機安裝新軟體
4.)回報單機執行指定軟體
5.)回報單機新增外接媒體(USB Drive/HDD/CD-ROM)
6.)回報單機新增外接Camera
7.)回報單機複製/貼上外接媒體檔案(檔名/大小/時間)
8.)回報單機使用網頁上傳檔案(檔名/大小/時間)
9.)回報單機使用網頁播放多媒體(URL/檔名/時間)
%KAA10 併入 KAA08
10.)回報單機使用指定通訊軟體傳送檔案(檔名/大小/時間)

REF-LINK
http://msdn.microsoft.com/en-us/library/aa394353(VS.85).aspx