Classification
|
Rule Name |
Rule Type |
Classification |
Common Event |
|---|---|---|---|
|
General Cache Messages |
Base Rule |
Information |
General Process Information |
|
Database Updates Complete |
Sub Rule |
Information |
Update Complete |
|
Shutdown Complete |
Sub Rule |
Startup and Shutdown |
Process/Service Startup Or Shutdown Activity |
|
Shutting Down Cache |
Sub Rule |
Startup and Shutdown |
Process/Service Startup Or Shutdown Activity |
|
Updating Journal File |
Sub Rule |
Information |
Update Event |
|
Notifying Clients |
Sub Rule |
Information |
Client Information |
|
Stopping Client Networking |
Sub Rule |
Startup and Shutdown |
Process/Service Stopping |
|
Stopping Network Servers |
Sub Rule |
Startup and Shutdown |
Process/Service Stopping |
|
Stopping System Jobs |
Sub Rule |
Startup and Shutdown |
Process/Service Stopping |
|
Stopping User Jobs |
Sub Rule |
Startup and Shutdown |
Process/Service Stopping |
|
Removing Database Locks |
Sub Rule |
Information |
Lock Released |
|
Waiting For Database Updates To Complete |
Sub Rule |
Information |
Update Event |
|
Waiting For Users To Stop |
Sub Rule |
Information |
Waiting For Response |
|
Withdrawing From License Domain |
Sub Rule |
Information |
License Request |
|
Process ID Value |
Sub Rule |
Information |
Process ID |
|
No Routines To Execute |
Sub Rule |
Information |
General Process Information |
|
Routine Used In Instance |
Sub Rule |
Information |
General Process Information |
SMapping with LogRhythm Schema
|
Device Key in log message |
LogRhythm Schema |
Data Type |
|---|---|---|
|
USER |
<severity> |
Text/String |
|
Jun 4 23:59:45 Message forwarded from |
<dname> |
Text/String |
|
N/A |
<process> |
Text/String |
|
(POC) |
<processid> |
Number |
|
N/A |
<subject> |
Text/String |
|
N/A |
<object> |
Text/String |
|
N/A |
<version> |
Number |
|
N/A |
<parentprocesspath> |
Text/String |