LogRhythm Diagnostics | LogRhythm Documentation

Classification

Rule Name	Rule Type	Common Event	Classification
LogRhythm Diagnostics	Base Rule	LogRhythm Diagnostics Event	Other Operations
JwtRetrievalFailure	Sub Rule	Jwt Retrieval Failure	Warning
DPtoDXJWTFailure	Sub Rule	DPtoDX JWT Failure	Warning
DPtoDXMessagingGatewayOffline	Sub Rule	DPtoDX Messaging Gateway Offline	Warning
DPtoDXMessagingGatewayOnline	Sub Rule	DPtoDX Messaging Gateway Online	Information
DPtoDXMessagingReceiverOnline	Sub Rule	DPtoDX Messaging Gateway Online	Information
DPtoDXMessagingReceiverOffline	Sub Rule	DPtoDX Messaging Receiver Offline	Warning
DPtoDXDeserializationFailureOnLoadPersist	Sub Rule	DPtoDX Deserialization Failure	Warning
DPtoDXDeserializationFailureOnEnqueue	Sub Rule	DPtoDX Deserialization Failure	Warning
MessagingPersistenceLoading	Sub Rule	LogRhythm Message Loading	Information
MessagingPersistenceStoring	Sub Rule	LogRhythm Message Storing	Warning
LogRhythm MPE Event 2052	Sub Rule	LogRhythm MPE Rule Performing Poorly	Warning
LogRhythm Mediator Event 10055	Sub Rule	InsertMgr Event Spooled Count Exceeds 5Million	Warning
LogRhythm Mediator Event 10054	Sub Rule	InsertMgr Event Spooled Count Exceeds 1Million	Warning
LogRhythm Mediator Event 10053	Sub Rule	InsertMgr Log Spooled Count Exceeds 5Million	Warning
LogRhythm Mediator Event 10052	Sub Rule	InsertMgr Log Spooled Count Exceeds 1Million	Warning
LogRhythm Mediator Event 10051	Sub Rule	Unprocessed Log Spooled Count Exceeds 5Million	Warning
LogRhythm Mediator Event 10050	Sub Rule	Unprocessed Log Spooled Count Exceeds 1Million	Warning
LogRhythm Agent Event 30002	Sub Rule	Smart Response Action Completed Error	Error
LogRhythm Agent Event 30001	Sub Rule	Smart Response Action Completed OK	Information
LogRhythm Agent Event 30000	Sub Rule	Failed To Start Smart Response Thread	Error
LogRhythm Agent Event 20001	Sub Rule	Failed To Queue Registry Monitor Log Data	Error
LogRhythm Agent Event 20000	Sub Rule	Failed To Load Registry Monitor Config	Error
LogRhythm Agent Event 10118	Sub Rule	Failed To Load Secure Syslog Certificate	Error
LogRhythm Agent Event 10117	Sub Rule	Failed To Create SSL Certificate	Error
LogRhythm Agent Event 10116	Sub Rule	Secure Syslog Authentication Failed	Error
LogRhythm Agent Event 7014	Sub Rule	Agent Needs Reboot After Update	Error
LogRhythm Agent Event 7013	Sub Rule	Agent Updated	Information
LogRhythm Agent Event 7012	Sub Rule	Cannot Update Agent	Error
LogRhythm Agent Event 7011	Sub Rule	Beginning Agent Update	Information
LogRhythm Mediator Event 10042	Sub Rule	Agent Software Update Package Sent	Information
LogRhythm Job Manager Event 6013	Sub Rule	LIMaintenance Items Removed	Information
LogRhythm Job Manager Event 6012	Sub Rule	LIMaintenance Error	Error
LogRhythm Agent Event 7010	Sub Rule	Incorrect Windows OS LogSource	Error
LogRhythm Agent Event 6059	Sub Rule	No Matching Enum Closest Match In Sflow Diags 6059	Information
LogRhythm Agent Event 6058	Sub Rule	Failed To Extract Sflow Data	Error
LogRhythm Agent Event 6057	Sub Rule	Failed To Start Sflow ReaderThread	Information
LogRhythm Agent Event 6056	Sub Rule	Failed To Bind Sflow Server Socket	Error
LogRhythm Agent Event 6055	Sub Rule	Failed To Parse Sflow Server IP	Error
LogRhythm Agent Event 6053	Sub Rule	No Matching Enum Closest Match In Sflow Diags 6053	Information
LogRhythm Agent Event 6052	Sub Rule	No Matching Enum Closest Match In Sflow Diags 6052	Information
LogRhythm Agent Event 6015	Sub Rule	Data Loss Defender Imapi Service Error	Warning
LogRhythm Agent Event 6014	Sub Rule	Data Loss Defender File Watch Error	Error
LogRhythm Agent Event 6013	Sub Rule	Failed To Start Data Loss Defender Thread	Error
LogRhythm Agent Event 6012	Sub Rule	Failed To Start Data Loss Defender	Error
LogRhythm Agent Event 4037	Sub Rule	Platform Manager At Capacity	Warning
LogRhythm Agent Event 4035	Sub Rule	Agent Acceptance Pending Warning	Warning
LogRhythm Agent Event 10207	Sub Rule	RealTime FileMonitor Driver Not Installed	Warning
LogRhythm Agent Event 10204	Sub Rule	RealTime FileMonitor Driver Connected	Information
LogRhythm Agent Event 10203	Sub Rule	RealTime FileMonitor Driver ConnectFailed	Error
LogRhythm Agent Event 10202	Sub Rule	RealTime FileMonitor Driver StartFailed	Error
LogRhythm Agent Event 10201	Sub Rule	RealTime FileMonitor Driver Stop	Information
LogRhythm Agent Event 10200	Sub Rule	RealTime FileMonitor Driver Start	Information
LogRhythm Agent Event 10111	Sub Rule	No Matching Enumeration	Information
LogRhythm Agent Event 10108	Sub Rule	No Matching Enum Closest Match In Msg Src Methods	Information
LogRhythm Job Manager Event 6204	Sub Rule	Subscription License For KB Has Expired	Error
LogRhythm Job Manager Event 6203	Sub Rule	Subscription License For KB Will Expire In 30 Days	Warning
LogRhythm Job Manager Event 5557	Sub Rule	Failed To Collect CMDB Stats	Warning
LogRhythm Job Manager Event 5556	Sub Rule	CMDB Capacity Error	Error
LogRhythm Job Manager Event 5555	Sub Rule	CMDB Capacity Warning	Warning
LogRhythm Job Manager Event 6202	Sub Rule	License MPS Error Deployment	Warning
LogRhythm Job Manager Event 6201	Sub Rule	License MPS Error Log Manager	Warning
LogRhythm Agent Event 7010	Sub Rule	LogRhythm Agent Incorrect Log Source OS	Error
LogRhythm Agent Event 2064	Sub Rule	LogRhythm Agent Max Memory Error	Error
LogRhythm Agent Event 10208	Sub Rule	Real Time File Monitor Driver File Missing	Critical
LogRhythm Agent Event 10206	Sub Rule	Real Time File Monitor Driver Stop Failed	Warning
LogRhythm Agent Event 10205	Sub Rule	Real Time File Monitor Driver Disconnect Failed	Error
LogRhythm Agent Event 10207	Sub Rule	Realtime File Monitor Driver Not Installed	Critical
LogRhythm Mediator Event 11009	Sub Rule	Batch Job Submit Warning	Warning
LogRhythm Mediator Event 11008	Sub Rule	Failed To Rotate Log	Error
LogRhythm Mediator Event 11007	Sub Rule	Deleting Disk Queue Spool File	Warning
LogRhythm Mediator Event 11006	Sub Rule	Error Loading Spooled Insert File	Critical
LogRhythm Mediator Event 11005	Sub Rule	Error Spooling Realtime Queue	Critical
LogRhythm Mediator Event 11004	Sub Rule	Error Deserializing Queue	Critical
LogRhythm Mediator Event 11003	Sub Rule	Error Serializing Queue	Critical
LogRhythm Mediator Event 11001	Sub Rule	Smart Response Processing Error	Error
LogRhythm Mediator Event 11000	Sub Rule	Smart Response Status Update Error	Error
LogRhythm Mediator Event 6012	Sub Rule	Recycling Mediator Server Due To Hung MPE Threads	Error
LogRhythm Mediator Event 6011	Sub Rule	Failed To Refresh List Proxies	Error
LogRhythm Mediator Event 2102	Sub Rule	Failed To Start Data Provider	Critical
LogRhythm Mediator Event 2101	Sub Rule	Inactive Archive Disk Space Low	Error
LogRhythm Mediator Event 2100	Sub Rule	Active Archive Disk Space Low	Error
LogRhythm Mediator Event 2067	Sub Rule	SQL Server Agent Not Running	Critical
LogRhythm Mediator Event 2066	Sub Rule	SQL Server Agent Query Failed	Critical
LogRhythm Mediator Event 2065	Sub Rule	Min State Space Reached	Error
LogRhythm Mediator Event 2064	Sub Rule	Min Unprocessed Spool Reached	Error
LogRhythm Mediator Event 2063	Sub Rule	Max Unprocessed Spool Exceeded	Error
LogRhythm Mediator Event 2062	Sub Rule	Max EM Insert Manager Spool Exceeded	Error
LogRhythm Mediator Event 2061	Sub Rule	Max LM Insert Manager Spool Exceeded	Error
LogRhythm Mediator Event 2060	Sub Rule	Failed To Load Entity Info	Error
LogRhythm MPE Event 5107	Sub Rule	LogMart Suspend Log Processing Flag Disabled	Configuration
LogRhythm MPE Event 5106	Sub Rule	LogMart Suspend Log Processing Flag Enabled	Configuration
LogRhythm MPE Event 2051	Sub Rule	Circular Reference In Sort Above Lists	Warning
LogRhythm AIE Event 8029	Sub Rule	Failure During Data Refresh	Error
LogRhythm AIE Event 8028	Sub Rule	Failed To Restore Rule State	Error
LogRhythm AIE Event 2066	Sub Rule	Failed Software Integrity Test	Critical
LogRhythm AIE Event 6011	Sub Rule	Failed To Refresh List Proxies	Error
LogRhythm Agent Event 10022	Sub Rule	Position File Inaccessible	Error
LogRhythm ARM Event 6011	Sub Rule	Failed To Refresh List Proxies	Error
LogRhythm ARM Event 3013	Sub Rule	NFN Text File Failure	Error
LogRhythm ARM Event 3012	Sub Rule	NFN Startup Success	Startup and Shutdown
LogRhythm Linux Agent Event 8511	Sub Rule	RTFIM Failed To Remove Audit Rule	Warning
LogRhythm Linux Agent Event 8510	Sub Rule	RTFIM Failed To Remove Inode Rule	Warning
LogRhythm Linux Agent Event 8509	Sub Rule	RTFIM Failed To Add Inode Rule	Error
LogRhythm Linux Agent Event 8508	Sub Rule	RTFIM Failed To Open Inotify	Critical
LogRhythm Linux Agent Event 8507	Sub Rule	RTFIM Failed To Start RTFIM Thread	Critical
LogRhythm Linux Agent Event 8506	Sub Rule	RTFIM Failed To Start Inode Thread	Critical
LogRhythm Linux Agent Event 8505	Sub Rule	RTFIM Failed To Add Audit Rule	Error
LogRhythm Linux Agent Event 8504	Sub Rule	RTFIM Failed To Start Audit Thread	Critical
LogRhythm Linux Agent Event 8503	Sub Rule	RTFIM Failed To Set Audit Backlog Limit	Error
LogRhythm Linux Agent Event 8502	Sub Rule	RTFIM Failed To Set Audit PID	Critical
LogRhythm Linux Agent Event 8501	Sub Rule	RTFIM Audit Not Enabled	Critical
LogRhythm Linux Agent Event 8500	Sub Rule	RTFIM Failed To Open Audit	Critical
LogRhythm Job Manager Event 7007	Sub Rule	AD Group User Updated Error	Critical
LogRhythm Job Manager Event 7006	Sub Rule	AD Group User Created Error	Critical
LogRhythm Job Manager Event 7005	Sub Rule	AD Group Profile Conflict	Critical
LogRhythm Job Manager Event 7004	Sub Rule	AD Group User Profile Conflict	Critical
LogRhythm Job Manager Event 7003	Sub Rule	AD Group User Updated	Account Modified
LogRhythm Job Manager Event 7002	Sub Rule	AD Group User Disabled	Access Revoked
LogRhythm Job Manager Event 7001	Sub Rule	AD Group User Created	Account Created
LogRhythm Linux Agent Event 6011	Sub Rule	RTFIM Failed To Remove Audit Rule	Warning
LogRhythm Linux Agent Event 6010	Sub Rule	RTFIM Failed To Remove Inode Rule	Warning
LogRhythm Linux Agent Event 6009	Sub Rule	RTFIM Failed To Add Inode Rule	Error
LogRhythm Linux Agent Event 6008	Sub Rule	RTFIM Failed To Open Inotify	Critical
LogRhythm Linux Agent Event 6007	Sub Rule	RTFIM Failed To Start RTFIM Thread	Critical
LogRhythm Linux Agent Event 6006	Sub Rule	RTFIM Failed To Start Inode Thread	Critical
LogRhythm Linux Agent Event 6005	Sub Rule	RTFIM Failed To Add Audit Rule	Error
LogRhythm Linux Agent Event 6004	Sub Rule	RTFIM Failed To Start Audit Thread	Critical
LogRhythm Linux Agent Event 6003	Sub Rule	RTFIM Failed To Set Audit Backlog Limit	Error
LogRhythm Linux Agent Event 6002	Sub Rule	RTFIM Failed To Set Audit PID	Critical
LogRhythm Linux Agent Event 6001	Sub Rule	RTFIM Audit Not Enabled	Critical
LogRhythm Linux Agent Event 6000	Sub Rule	RTFIM Failed To Open Audit	Critical
LogRhythm AIEDP Event 4034	Sub Rule	Client Certificate Name Mismatch	Critical
LogRhythm AIEDP Event 4033	Sub Rule	Failed To Write Queued Log Data To Suspense Files	Error
LogRhythm AIEDP Event 4032	Sub Rule	Failed To Load Client Certificate From Store	Error
LogRhythm AIEDP Event 4031	Sub Rule	Server Certificate Trusted Authority Check Failed	Critical
LogRhythm AIEDP Event 4030	Sub Rule	Server Certificate Revocation Check Failed	Critical
LogRhythm AIEDP Event 4029	Sub Rule	Server Certificate Is Missing	Error
LogRhythm AIEDR Event 1004	Sub Rule	AIE Shutdown Failure	Error
LogRhythm AIEDR Event 2005	Sub Rule	Failed To Connect To EMDB	Error
LogRhythm AIEDR Event 3023	Sub Rule	AIE Invalid Payload Size	Error
LogRhythm AIEDR Event 2047	Sub Rule	AIE Shutdown Timeout	Error
LogRhythm AIEDR Event 2046	Sub Rule	Processing Thread Join Timeout	Error
LogRhythm AIEDR Event 1003	Sub Rule	The AIEDR Service Failed To Start	Error
LogRhythm Job Manager Event 6113	Sub Rule	KB CE Migration Detected	Information
LogRhythm Job Manager Event 6112	Sub Rule	KB Auto Sync Failed	Error
LogRhythm Job Manager Event 6111	Sub Rule	KB Auto Sync Completed	Information
LogRhythm Job Manager Event 6102	Sub Rule	KB Auto Download Failed	Error
LogRhythm Job Manager Event 6101	Sub Rule	KB Auto Download Completed	Information
LogRhythm KB Admin Service Event 1003	Sub Rule	No Deployment Record Found	Error
LogRhythm KB Admin Service Event 1002	Sub Rule	Get Latest KB Success	Information
LogRhythm KB Admin Service Event 1001	Sub Rule	Check For Update Success	Information
LogRhythm KB Download Service Event 1002	Sub Rule	Get Latest KB Without Snapshot Failure	Error
LogRhythm KB Download Service Event 1001	Sub Rule	Check For Updates Failure	Error
LogRhythm Mediator Event 11002 : Type I	Sub Rule	Failed To Submit Batch Job To Database : Type I	Warning
LogRhythm Mediator Event 10041	Sub Rule	InsertMgr Event Spooled Count Exceeds 1Billion	Warning
LogRhythm Mediator Event 10040	Sub Rule	InsertMgr Event Spooled Count Exceeds 500Million	Warning
LogRhythm Mediator Event 10039	Sub Rule	InsertMgr Event Spooled Count Exceeds 250Million	Warning
LogRhythm Mediator Event 10038	Sub Rule	InsertMgr Event Spooled Count Exceeds 100Million	Warning
LogRhythm Mediator Event 10037	Sub Rule	InsertMgr Event Spooled Count Exceeds 50Million	Warning
LogRhythm Mediator Event 10036	Sub Rule	InsertMgr Event Spooled Count Exceeds 25Million	Warning
LogRhythm Mediator Event 10035	Sub Rule	InsertMgr Event Spooled Count Exceeds 10Million	Warning
LogRhythm Mediator Event 10034	Sub Rule	InsertMgr Log Spooled Count Exceeds 1Billion	Warning
LogRhythm Mediator Event 10033	Sub Rule	InsertMgr Log Spooled Count Exceeds 500Million	Warning
LogRhythm Mediator Event 10032	Sub Rule	InsertMgr Log Spooled Count Exceeds 250Million	Warning
LogRhythm Mediator Event 10031	Sub Rule	InsertMgr Log Spooled Count Exceeds 100Million	Warning
LogRhythm Mediator Event 10030	Sub Rule	InsertMgr Log Spooled Count Exceeds 50Million	Warning
LogRhythm Mediator Event 10029	Sub Rule	InsertMgr Log Spooled Count Exceeds 25Million	Warning
LogRhythm Mediator Event 10028	Sub Rule	InsertMgr Log Spooled Count Exceeds 10Million	Warning
LogRhythm Mediator Event 10027	Sub Rule	Unprocessed Log Spooled Count Exceeds 1Billion	Warning
LogRhythm Mediator Event 10026	Sub Rule	Unprocessed Log Spooled Count Exceeds 500Million	Warning
LogRhythm Mediator Event 10025	Sub Rule	Unprocessed Log Spooled Count Exceeds 250Million	Warning
LogRhythm Mediator Event 10024	Sub Rule	Unprocessed Log Spooled Count Exceeds 100Million	Warning
LogRhythm Mediator Event 10023	Sub Rule	Unprocessed Log Spooled Count Exceeds 50Million	Warning
LogRhythm Mediator Event 10022	Sub Rule	Unprocessed Log Spooled Count Exceeds 25Million	Warning
LogRhythm Mediator Event 10021	Sub Rule	Unprocessed Log Spooled Count Exceeds 10Million	Warning
LogRhythm Mediator Event 11002	Sub Rule	Failed To Submit Batch Job To Database	Critical
LogRhythm Job Manager Event 6011	Sub Rule	List Auto Import File Imported	Information
LogRhythm Job Manager Event 6010	Sub Rule	List Auto Import Error Importing File	Error
LogRhythm Job Manager Event 6009	Sub Rule	List Auto Import Directory Not Accessible	Error
LogRhythm Agent Event 6059	Sub Rule	Failed To Process sFlow Data	Warning
LogRhythm Agent Event 6058	Sub Rule	Failed To Extract sFlow Data From Packet	Warning
LogRhythm Agent Event 6057	Sub Rule	Failed To Start sFlow Server Thread	Critical
LogRhythm Agent Event 6056	Sub Rule	Failed To Bind To sFlow Server Socket	Critical
LogRhythm Agent Event 6055	Sub Rule	Failed To Parse sFlow Server IP Address	Critical
LogRhythm Agent Event 6054	Sub Rule	Failed To Delete sFlow Suspense File	Error
LogRhythm Agent Event 6053	Sub Rule	Failed To Open sFlow Suspense File	Error
LogRhythm Agent Event 6052	Sub Rule	Failed To Locate Oldest sFlow Suspense File	Error
LogRhythm Agent Event 6051	Sub Rule	Failed To Start sFlow Server	Critical
Qualys Agent Event 21012	Sub Rule	Error Querying Qualys API	Error
Qualys Agent Event 21011	Sub Rule	Invalid Qualys User Name Or Password	Error
Qualys Agent Event 21007	Sub Rule	Error Getting Message From Qualys Message Queue	Error
Qualys Agent Event 21006	Sub Rule	Error Connecting To Qualys API	Error
LogRhythm MPE Event 5108	Sub Rule	LogRhythm MPE LogMart Update Warning	Warning
LogRhythm Mediator Event 7103	Sub Rule	Log Source Acceptance Rejected Warning	Warning
LogRhythm Mediator Event 7102	Sub Rule	Log Source Acceptance Pending Warning	Warning
LogRhythm Mediator Event 7101	Sub Rule	Agent Acceptance Rejected	Information
LogRhythm Mediator Event 7100	Sub Rule	Agent Acceptance Pending	Information
LogRhythm ARM Event 2019	Sub Rule	Failed Software Integrity Test	Critical
LogRhythm ARM Event 2018	Sub Rule	FIPS Mode Windows Auth Only	Warning
LogRhythm Job Manager Event 6006	Sub Rule	Failed Software Integrity Test	Critical
LogRhythm Job Manager Event 6005	Sub Rule	FIPS Mode Windows Auth Only	Warning
LogRhythm AI Engine Comm Manager Event 4019	Sub Rule	Failed Software Integrity Test	Critical
LogRhythm AI Engine Comm Manager Event 4018	Sub Rule	Client Certificate Trusted Authority Check Failed	Critical
LogRhythm AI Engine Comm Manager Event 4017	Sub Rule	Client Certificate Revocation Check Failed	Critical
LogRhythm AI Engine Comm Manager Event 4016	Sub Rule	Client Certificate Required	Critical
LogRhythm AI Engine Comm Manager Event 4015	Sub Rule	Client Certificate Name Mismatch	Critical
LogRhythm AI Engine Comm Manager Event 4014	Sub Rule	Failed To Load AIE Com Mgr TLS Certificate	Critical
LogRhythm AI Engine Comm Manager Event 4013	Sub Rule	IPV6 Not Supported By OS	Error
LogRhythm Agent Event 4036	Sub Rule	Agent Acceptance Rejected Error	Error
LogRhythm Agent Event 10204	Sub Rule	Realtime File Monitor Driver Connected	Information
LogRhythm Agent Event 10203	Sub Rule	Realtime File Monitor Driver Connect Failed	Critical
LogRhythm Agent Event 10202	Sub Rule	Realtime File Monitor Driver Start Failed	Critical
LogRhythm Agent Event 10201	Sub Rule	Realtime File Monitor Driver Stop	Information
LogRhythm Agent Event 10200	Sub Rule	Realtime File Monitor Driver Start	Information
LogRhythm Agent Event 10115	Sub Rule	Failed To Load Agent TLS Certificate	Critical
LogRhythm Agent Event 10114	Sub Rule	Server Certificate Trusted Authority Check Failed	Critical
LogRhythm Agent Event 10113	Sub Rule	Server Certificate Revocation Check Failed	Critical
LogRhythm Agent Event 10112	Sub Rule	Server Certificate Required	Critical
LogRhythm Agent Event 10111	Sub Rule	Server Certificate Name Mismatch	Critical
LogRhythm Agent Event 10110	Sub Rule	Config File Write Warning	Warning
LogRhythm Agent Event 10109	Sub Rule	Log Source Acceptance Rejected Error	Error
LogRhythm Agent Event 10108	Sub Rule	Log Source Acceptance Pending Warning	Warning
LogRhythm Agent Event 10107	Sub Rule	Failed To Construct Message Source State Data	Error
LogRhythm Agent Event 10106	Sub Rule	Failed To Send Message Source State To Mediator	Error
LogRhythm Agent Event 10105	Sub Rule	Failed Software Integrity Test	Critical
LogRhythm Agent Event 10104	Sub Rule	SNMPv3 Not Supported In FIPS Mode	Warning
LogRhythm Agent Event 10103	Sub Rule	Error Starting Log Read Thread	Error
LogRhythm Agent Event 10102	Sub Rule	Invalid IP Address Format	Error
LogRhythm Agent Event 10101	Sub Rule	Mixed IPV4V6 Not Supported	Error
LogRhythm Agent Event 10100	Sub Rule	IPV6 Not Supported By OS	Error
LogRhythm Mediator Event 10020	Sub Rule	Client Certificate Trusted Authority Check Failed	Critical
LogRhythm Mediator Event 10019	Sub Rule	Client Certificate Revocation Check Failed	Critical
LogRhythm Mediator Event 10018	Sub Rule	Client Certificate Required	Critical
LogRhythm Mediator Event 10017	Sub Rule	Client Certificate Name Mismatch	Critical
LogRhythm Mediator Event 10016	Sub Rule	Invalid Agent Identification Data	Critical
LogRhythm Mediator Event 10015	Sub Rule	Failed To Load Mediator TLS Certificate	Critical
LogRhythm Mediator Event 10010	Sub Rule	SNMP ID Failed To Identify Device	Warning
LogRhythm Mediator Event 10003	Sub Rule	FIPS Mode Windows Auth Only	Warning
LogRhythm Mediator Event 10002	Sub Rule	Failed Software Integrity Test	Critical
LogRhythm Mediator Event 10001	Sub Rule	Failed To Decrypt EMDB Password	Critical
LogRhythm Mediator Event 10000	Sub Rule	IPV6 Not Supported By OS	Error
LogRhythm Mediator Event 9004	Sub Rule	Failed To Shutdown Event Insert Processor	Error
LogRhythm Mediator Event 9003	Sub Rule	Failed To Start Event Insert Processor	Critical
LogRhythm Mediator Event 6010	Sub Rule	Failed To Validate Events DB Connection	Critical
LogRhythm Mediator Event 6009	Sub Rule	Failed To Connect To Events DB	Critical
LogRhythm Mediator Event 10014	Sub Rule	LogRhythm Mediator LST Acceptance Update Exception	Warning
LogRhythm Mediator Event 10013	Sub Rule	LogRhythm Mediator LST Accept Update Thread Shtdwn	Error
LogRhythm Mediator Event 10012	Sub Rule	LogRhythm Mediator LST Acceptance Insert Exception	Warning
LogRhythm Mediator Event 10011	Sub Rule	LogRhythm Mediator LST Accept Insert Thread Shtdwn	Error
LogRhythm Mediator Event 10008	Sub Rule	LogRhythm Mediator SNMP Id Thread Shutdown Error	Error
LogRhythm Mediator Event 10007	Sub Rule	LogRhythm Mediator SNMP Id No Such SNMP Name	Error
LogRhythm Mediator Event 10006	Sub Rule	LogRhythm Mediator SNMP Id SNMP Exception	Warning
LogRhythm Mediator Event 10005	Sub Rule	LogRhythm Mediator SNMP Id Unexpected Exception	Warning
LogRhythm Mediator Event 10004	Sub Rule	LogRhythm Mediator SNMP Id Maximum Attempts Warn	Warning
LogRhythm ARM Event 3210	Sub Rule	LogRhythm ARM AutoRmdn Plugin Deployment Error	Error
LogRhythm ARM Event 3209	Sub Rule	LogRhythm ARM AutoRmdn Plugin Cannot Be Deployed	Error
LogRhythm ARM Event 3208	Sub Rule	LogRhythm ARM AutoRmdn Action Generation Error	Error
LogRhythm ARM Event 3207	Sub Rule	LogRhythm ARM AutoRmdn Action Creation Error	Error
LogRhythm ARM Event 3206	Sub Rule	LogRhythm ARM AutoRmdn Insert Thread Shutdown Err	Error
LogRhythm ARM Event 3205	Sub Rule	LogRhythm ARM AutoRmdn Action Completion Failed	Warning
LogRhythm ARM Event 3204	Sub Rule	LogRhythm ARM AutoRmdn Action Failure Failed	Error
LogRhythm ARM Event 3203	Sub Rule	LogRhythm ARM AutoRmdn Action Execution Failure	Warning
LogRhythm ARM Event 3202	Sub Rule	LogRhythm ARM AutoRmdn Windows Could Not Execute	Error
LogRhythm ARM Event 3201	Sub Rule	LogRhythm ARM AutoRmdn Engine Thread Shutdown Err	Error
Qualys Agent Event 21010	Sub Rule	Unable To Query Qualys Knowledge Base For QID	Warning
Qualys Agent Event 21005	Sub Rule	Failed To Parse Qualys Event	Error
Qualys Agent Event 21004	Sub Rule	Error Parsing Qualys Knowledge Base For QID	Error
Qualys Agent Event 21003	Sub Rule	Error Parsing Qualys Host Vulnerability	Error
Qualys Agent Event 21002	Sub Rule	Error Parsing Qualys Host	Error
Qualys Agent Event 21001	Sub Rule	Error Reading The Qualys Configuration	Error
Qualys Agent Event 21000	Sub Rule	Processing List Of Qualys Host Vulnerabilities	Information
AI Engine Data Provider Stopped	Sub Rule	AI Engine Data Provider Stopped	Startup and Shutdown
Failed To Start The AIE Data Provider	Sub Rule	Failed To Start AI Engine Data Provider	Error
LogRhythm AIE Event 8026	Sub Rule	Rule Suspended Runtime Error	Error
LogRhythm AIE Event 8025	Sub Rule	Rule Suspended Triage	Error
LogRhythm AIE Event 9000	Sub Rule	Undeletable Files Remain In Data Folder	Warning
LogRhythm AIE Event 8022	Sub Rule	Failure During Data Loading	Critical
LogRhythm AIE Event 8021	Sub Rule	Log Input Rate Exceeding Engine Capacity	Critical
LogRhythm AIE Event 8020	Sub Rule	Logs Per Day Info Message	Information
LogRhythm AIE Event 8019	Sub Rule	Memory Use Exceeds Hard Limit	Warning
LogRhythm AIE Event 8018	Sub Rule	Memory Use Exceeds Soft Limit	Information
LogRhythm AIE Event 8017	Sub Rule	Aborting Thread	Warning
LogRhythm AIE Event 8016	Sub Rule	Failed To Load Engine State File	Error
LogRhythm AIE Event 8015	Sub Rule	Data Block State File Not Found	Error
LogRhythm AIE Event 8014	Sub Rule	Engine State File Not Found	Error
LogRhythm AIE Event 8013	Sub Rule	AI Engine Stopped	Startup and Shutdown
LogRhythm AIE Event 8012	Sub Rule	AI Engine Stopping	Startup and Shutdown
LogRhythm AIE Event 8011	Sub Rule	Unhandled Exception Stopping AI Engine	Error
LogRhythm AIE Event 8010	Sub Rule	Unhandled Exception In AI Engine	Critical
LogRhythm AIE Event 8009	Sub Rule	AI Engine Started	Startup and Shutdown
LogRhythm AIE Event 8024	Sub Rule	AI Engine Starting	Startup and Shutdown
LogRhythm AIE Event 8023	Sub Rule	Failed To Move State File	Error
LogRhythm AIE Event 8008	Sub Rule	Failed To Delete State File	Error
LogRhythm AIE Event 8007	Sub Rule	Rule Enabled Status Changed	Information
LogRhythm AIE Event 8006	Sub Rule	Rule Enabled Status Changing	Other Audit Success
LogRhythm AIE Event 8005	Sub Rule	Failed To Save Engine State	Error
LogRhythm AIE Event 8004	Sub Rule	Failed To Save Data Block State	Error
LogRhythm AIE Event 8002	Sub Rule	Failed To Restore Data Block State	Warning
LogRhythm AIE Event 8001	Sub Rule	No Data Block For Engine State Data	Error
LogRhythm AIE Event 7027	Sub Rule	Failed To Write Event	Error
LogRhythm AIE Event 6008	Sub Rule	Recycling Engine Server	Warning
LogRhythm AIE Event 6003	Sub Rule	Failed To Validate EMDB Connection	Error
LogRhythm AIE Event 6001	Sub Rule	Failed To Connect To EMDB	Error
LogRhythm AIE Event 4002	Sub Rule	Failure In DataInputProvider	Error
LogRhythm AIE Event 4001	Sub Rule	Failed To Load Log Data From Disk	Error
LogRhythm AIE Event 2064	Sub Rule	Failure In Updating AIE Rule State	Error
LogRhythm AIE Event 2063	Sub Rule	Failed To Update AIE Rules After Suspend	Error
LogRhythm AIE Event 2062	Sub Rule	Failed To Translate RuleSet To Schema	Error
LogRhythm AIE Event 2061	Sub Rule	Failed To Find Events Parameters	Error
LogRhythm AIE Event 2060	Sub Rule	Failed To Start AI Engine	Error
LogRhythm AIE Event 2044	Sub Rule	Engine Thread Join Timeout	Error
LogRhythm AIE Event 2043	Sub Rule	Maintenance Thread Join Timeout	Warning
LogRhythm AIE Event 2042	Sub Rule	Main Thread Join Timeout	Error
LogRhythm AIE Event 2041	Sub Rule	AIE Shutdown Timeout	Error
LogRhythm AIE Event 2030	Sub Rule	Failed To Setup Performance Counter	Error
LogRhythm AIE Event 2027	Sub Rule	Invalid AIE Server License	Error
LogRhythm AIE Event 2024	Sub Rule	Failed To Set Service Recovery	Error
LogRhythm AIE Event 2021	Sub Rule	Failed To Find EMDB Parameters	Error
LogRhythm AIE Event 2008	Sub Rule	Error In Maintenance Thread	Error
LogRhythm AIE Event 2007	Sub Rule	Fatal Error In Maintenance Thread	Error
LogRhythm AIE Event 2006	Sub Rule	Failed To Load Engine Schema	Error
LogRhythm AIE Event 2005	Sub Rule	Failed To Load Schema Assembly	Error
LogRhythm AIE Event 2003	Sub Rule	Failed To Open Or Read Local Config	Error
LogRhythm AIE Event 2002	Sub Rule	Failed To Find Local Config	Error
LogRhythm AIE Event 2001	Sub Rule	Failed To Start Main Thread	Error
LogRhythm AIE Event 1004	Sub Rule	Service Shutdown Failure	Error
LogRhythm AIE Event 1003	Sub Rule	Service Start Failure	Error
LogRhythm AIE Event 1002	Sub Rule	Service Shutdown	Startup and Shutdown
LogRhythm AIE Event 1001	Sub Rule	Service Start	Startup and Shutdown
LogRhythm AIEDR Event 4012	Sub Rule	Failed To Send Config Change Message To AIEDP	Error
LogRhythm AIEDR Event 4011	Sub Rule	Failed To Send Disconnect Message To AIEDP	Error
LogRhythm AIEDR Event 4010	Sub Rule	Failed To Close Socket Connection	Error
LogRhythm AIEDR Event 4009	Sub Rule	Listening Thread Join Timeout	Error
LogRhythm AIEDR Event 4008	Sub Rule	MGMT Connection Not Found In Connection Table	Error
LogRhythm AIEDR Event 4007	Sub Rule	AIEDP Not Found	Error
LogRhythm AIEDR Event 4006	Sub Rule	Received Data Connect Req From Unauth End Point	Error
LogRhythm AIEDR Event 4005	Sub Rule	Received Connect Request From Unauthor End Point	Error
LogRhythm AIEDR Event 4004	Sub Rule	Failed To Create AIEDR SSL Certificate	Error
LogRhythm AIEDR Event 4003	Sub Rule	No Valid AIEDR ID Found	Error
LogRhythm AIEDR Event 4002	Sub Rule	Failed To Send Resume Message To AIEDP	Error
LogRhythm AIEDR Event 4001	Sub Rule	Failed To Send Pause Message To AIEDP	Error
LogRhythm AIEDR Event 4000	Sub Rule	Data Connection Not Found In Connections Table	Error
LogRhythm AIEDR Event 3022	Sub Rule	Failed To Set One Or More Socket Options	Error
LogRhythm AIEDR Event 3021	Sub Rule	Failed To Write Data Message To File	Error
LogRhythm AIEDR Event 3020	Sub Rule	Failed Asynchronous Data Message Payload Read	Error
LogRhythm AIEDR Event 3019	Sub Rule	Failed Asynchronous MGMT Message Payload Read	Error
LogRhythm AIEDR Event 3018	Sub Rule	Error Reading Data Message Header	Error
LogRhythm AIEDR Event 3017	Sub Rule	Error Reading Management Message Header	Error
LogRhythm AIEDR Event 3016	Sub Rule	Failed To Complete Asynchronous Data Payload Read	Error
LogRhythm AIEDR Event 3015	Sub Rule	Failed To Complete Asynchronous MGNT Payload Read	Error
LogRhythm AIEDR Event 3014	Sub Rule	Failed To Handle New Data Connection	Error
LogRhythm AIEDR Event 3013	Sub Rule	Failed To Begin Asynchronous Data Socket Receive	Error
LogRhythm AIEDR Event 3012	Sub Rule	Invalid Message Code	Error
LogRhythm AIEDR Event 3011	Sub Rule	Invalid Message Protocol Version	Error
LogRhythm AIEDR Event 3010	Sub Rule	Message Payload Size Exceeded Buffer Size	Error
LogRhythm AIEDR Event 3009	Sub Rule	Failed To Handle New Management Connection	Error
LogRhythm AIEDR Event 3008	Sub Rule	Failed To Begin Asynchronous MGMT Socket Receive	Error
LogRhythm AIEDR Event 3007	Sub Rule	Connection Authentication Failed	Authentication Failure
LogRhythm AIEDR Event 3006	Sub Rule	The Connection Limit Has Been Reached	Error
LogRhythm AIEDR Event 3005	Sub Rule	Failed To Accept Data Socket Connection	Error
LogRhythm AIEDR Event 3004	Sub Rule	Failed To Listen For Data Connections	Error
LogRhythm AIEDR Event 3003	Sub Rule	Failed To Bind To The Data Socket	Error
LogRhythm AIEDR Event 3002	Sub Rule	Failed To Accept Management Socket Connection	Error
LogRhythm AIEDR Event 3001	Sub Rule	Failed To Listen For Management Socket Connections	Error
LogRhythm AIEDR Event 3000	Sub Rule	Failed To Bind To The Management Socket	Error
LogRhythm AIEDR Event 2004	Sub Rule	Purged AIEDR Log Data File(s)	Warning
LogRhythm AIEDR Event 2003	Sub Rule	Failed To Purge AIEDR Log Data File(s)	Error
LogRhythm AIEDR Event 2002	Sub Rule	Failed To Start The Processing Thread	Error
LogRhythm AIEDR Event 2001	Sub Rule	Failed To Rotate Or Purge AIEDR Log File(s)	Error
LogRhythm AIEDR Event 2000	Sub Rule	Failed To Open Or Read Local Config	Error
LogRhythm AIEDR Event 2006	Sub Rule	Failed To Set Up One Or More Performance Counters	Error
LogRhythm AIEDR Event 1002	Sub Rule	The AIEDR Service Has Stopped	Startup and Shutdown
LogRhythm AIEDR Event 1001	Sub Rule	The AIEDR Service Has Started	Startup and Shutdown
LogRhythm AIEDP Event 4024	Sub Rule	Purged Spooled Data File	Error
LogRhythm AIEDP Event 4023	Sub Rule	Unknown Log Type In Log Data Queue	Error
LogRhythm AIEDP Event 4022	Sub Rule	Failed To Delete Suspense File	Error
LogRhythm AIEDP Event 4021	Sub Rule	Failed To Send Data To AIEDR	Error
LogRhythm AIEDP Event 4020	Sub Rule	Log Data Flush Exited Early : Data Delivery Error	Error
LogRhythm AIEDP Event 4019	Sub Rule	Failed To Setup Log Data Transfer	Error
LogRhythm AIEDP Event 4018	Sub Rule	Failed To Dequeue Log Data	Error
LogRhythm AIEDP Event 4017	Sub Rule	Failed To Send Disconnect Message To AIEDR	Error
LogRhythm AIEDP Event 4016	Sub Rule	Failed To Complete Comm - Broken Connection	Error
LogRhythm AIEDP Event 4015	Sub Rule	Management Payload Size Exceeded Buffer Size	Error
LogRhythm AIEDP Event 4014	Sub Rule	Failed To Complete Comm - Broken Connection	Error
LogRhythm AIEDP Event 4013	Sub Rule	Failed To Retrieve AIEDP ID From Event Manager DB	Error
LogRhythm AIEDP Event 4012	Sub Rule	No Valid AIEDP ID Found	Error
LogRhythm AIEDP Event 4011	Sub Rule	Received Resume Service Request	Information
LogRhythm AIEDP Event 4010	Sub Rule	Received Pause Service Request	Information
LogRhythm AIEDP Event 4009	Sub Rule	Received Service Restart Service Request	Information
LogRhythm AIEDP Event 4008	Sub Rule	Received Service Stop Service Request	Information
LogRhythm AIEDP Event 4007	Sub Rule	Received Configuration Change Service Request	Information
LogRhythm AIEDP Event 4006	Sub Rule	Failed To Send Log To AIEDR Due To Broken Connec	Error
LogRhythm AIEDP Event 4005	Sub Rule	Failed To Construct Log Data Message	Error
LogRhythm AIEDP Event 4004	Sub Rule	Failed To Send Heartbeat To AIEDR	Error
LogRhythm AIEDP Event 4003	Sub Rule	Communication Inturrpted Broken Connection	Error
LogRhythm AIEDP Event 4002	Sub Rule	Invalid Message Header - Closing Connection	Error
LogRhythm AIEDP Event 4001	Sub Rule	Failed To Send Identification To AIEDR	Error
LogRhythm AIEDP Event 4000	Sub Rule	Failed To Purge Spooled Data File	Error
LogRhythm AIEDP Event 3005	Sub Rule	Failed Connection Attempt To AIEDP	Warning
LogRhythm AIEDP Event 3004	Sub Rule	Failed To Bind Local Socket	Error
LogRhythm AIEDP Event 3003	Sub Rule	Failed To Set One Or More Socket Options	Error
LogRhythm AIEDP Event 3002	Sub Rule	The Specified IP Endpoint Is Invalid	Error
LogRhythm AIEDP Event 3001	Sub Rule	Failed To Parse The Specified IP Address	Error
LogRhythm AIEDP Event 3000	Sub Rule	Failed To Close Previously Used Socket	Error
LogRhythm AIEDP Event 2005	Sub Rule	No Valid AIEDRs Configured	Error
LogRhythm AIEDP Event 2004	Sub Rule	Max Queue Exceeded - Writing Incoming Logs To Disk	Warning
LogRhythm AIEDP Event 2003	Sub Rule	Failed To Rotate Or Purge AIEDP Log File(s)	Error
LogRhythm AIEDP Event 2002	Sub Rule	Failed To Start The Maintenance Thread	Error
LogRhythm AIEDP Event 2001	Sub Rule	Failed To Start The Processing Thread	Error
LogRhythm AIEDP Event 2000	Sub Rule	The AIEDP Service Has Started	Startup and Shutdown
LogRhythm AIEDP Event 1004	Sub Rule	AIEDP Couldnt Find Its Config File (lraiedp.ini)	Error
LogRhythm AIEDP Event 1003	Sub Rule	AIEDP Couldnt Find Its Config File (lraiedp.ini)	Error
LogRhythm AIEDP Event 1002	Sub Rule	An Error Occurred During Maintenance	Error
LogRhythm AIEDP Event 1001	Sub Rule	Failed To Set Up One Or More Performance Counters	Error
LogRhythm AIEDP Event 1000	Sub Rule	Failed To Initialize The Log Data Queue	Error
LogRhythm Agent Event 1012	Sub Rule	LogRhythm Agent NCM Starting	Information
LogRhythm Agent Event 1011	Sub Rule	LogRhythm Agent Process Monitor Stopped	Information
LogRhythm Agent Event 1010	Sub Rule	LogRhythm Agent Process Monitor Stopping	Information
LogRhythm Agent Event 1009	Sub Rule	LogRhythm Agent Process Monitor Started	Information
LogRhythm Agent Event 1008	Sub Rule	LogRhythm Agent Process Monitor Starting	Information
LogRhythm Agent Event 1007	Sub Rule	LogRhythm Agent Bad Log Interface	Error
LogRhythm Agent Event 1006	Sub Rule	LogRhythm Agent FIPS Mode	Information
LogRhythm Agent Event 10021	Sub Rule	LogRhythm Agent General Processing Error	Error
LogRhythm Agent Event 10020	Sub Rule	LogRhythm Agent NCM Read Data Error	Error
LogRhythm Agent Event 10019	Sub Rule	LogRhythm Agent Process Monitor Read Data Error	Error
LogRhythm Agent Event 10018	Sub Rule	LogRhythm Agent NCM Write Data Error	Error
LogRhythm Agent Event 10017	Sub Rule	LogRhythm Agent Process Monitor Write Data Error	Error
LogRhythm Agent Event 10016	Sub Rule	LogRhythm Agent NCM Thread Error	Error
LogRhythm Agent Event 10015	Sub Rule	LogRhythm Agent Network Connection Mon Start Error	Error
LogRhythm Agent Event 10014	Sub Rule	LogRhythm Agent Process Monitor Thread Error	Error
LogRhythm Agent Event 10013	Sub Rule	LogRhythm Agent Process Monitor Start Error	Error
LogRhythm Agent Event 6016	Sub Rule	LogRhythm Agent DLD Drive Eject Error	Error
LogRhythm Agent Event 5050	Sub Rule	LogRhythm Agent Failed To Send Virtl Src Request	Information
LogRhythm Agent Event 5049	Sub Rule	LogRhythm Agent Failed To Loc Oldest Unproc File	Information
LogRhythm Agent Event 5048	Sub Rule	LogRhythm Agent Syslog Svr Fail Read Syslog Susp	Information
LogRhythm Agent Event 5047	Sub Rule	LogRhythm Agent Syslog Svr Fail Open Unproc File	Information
LogRhythm Agent Event 5046	Sub Rule	LogRhythm Agent Syslog Svr Fail Read Unproc File	Information
LogRhythm Agent Event 5045	Sub Rule	LogRhythm Agent Syslog Svr Fail Obtain Virt Src Id	Information
LogRhythm Agent Event 5044	Sub Rule	LogRhythm Agent Syslog Svr Fail Res Virt Src Id	Information
LogRhythm Agent Event 5043	Sub Rule	LogRhythm Agent Syslog Server Shutdown	Information
LogRhythm Agent Event 5042	Sub Rule	LogRhythm Agent Syslog Error Loading Regex	Error
LogRhythm Agent Event 5041	Sub Rule	LogRhythm Agent Syslog Error Loading Host List	Error
LogRhythm Agent Event 5040	Sub Rule	LogRhythm Agent Syslog Server Stopped UDP Read	Information
LogRhythm Agent Event 5039	Sub Rule	LogRhythm Agent Syslog Server Starting UDP Read	Information
LogRhythm Agent Event 5038	Sub Rule	LogRhythm Agent Syslog Svr Started UDP Processor	Information
LogRhythm Agent Event 5037	Sub Rule	LogRhythm Agent Syslog Svr Starting UDP Processor	Information
LogRhythm Agent Event 5036	Sub Rule	LogRhythm Agent Syslog Server UDP Socket Bound	Information
LogRhythm Agent Event 5035	Sub Rule	LogRhythm Agent Syslog Svr Fail Get UDP Skt Name	Information
LogRhythm Agent Event 5034	Sub Rule	LogRhythm Agent Syslog Svr Failed Create TCP Skt	Information
LogRhythm Agent Event 5033	Sub Rule	LogRhythm Agent Syslog Server Stopped TCP Read	Information
LogRhythm Agent Event 5032	Sub Rule	LogRhythm Agent Syslog Svr Starting TCP Processor	Information
LogRhythm Agent Event 5031	Sub Rule	LogRhythm Agent Syslog Svr Failed Create UDP Skt	Information
LogRhythm Agent Event 5030	Sub Rule	LogRhythm Agent Syslog Svr Fail Listen On TCP Skt	Information
LogRhythm Agent Event 5029	Sub Rule	LogRhythm Agent Syslog Server TCP Socket Bound	Information
LogRhythm Agent Event 5028	Sub Rule	LogRhythm Agent Syslog Server Starting	Information
LogRhythm Agent Event 5027	Sub Rule	LogRhythm Agent Syslog Server Initializing	Information
LogRhythm Agent Event 5026	Sub Rule	LogRhythm Agent Syslog Server Stopped	Information
LogRhythm Agent Event 5025	Sub Rule	LogRhythm Agent Syslog Server Stopping	Information
LogRhythm Agent Event 5024	Sub Rule	LogRhythm Agent Syslog Server Started	Information
LogRhythm Agent Event 5023	Sub Rule	LogRhythm Agent Syslog Server Starting	Information
LogRhythm Agent Event 1016	Sub Rule	LogRhythm Agent User Activity Monitor Error	Information
LogRhythm Agent Event 1015	Sub Rule	LogRhythm Agent Network Connection Monitor Stopped	Information
LogRhythm Agent Event 1014	Sub Rule	LogRhythm Agent Network Connect Monitor Stopping	Information
LogRhythm Agent Event 1013	Sub Rule	LogRhythm Agent Network Connection Monitor Started	Information
LogRhythm MPE Event 2050	Sub Rule	LogRhythm MPE Rule Performing Poorly	Warning
LogRhythm Agent Event 10012	Sub Rule	LogRhythm Agent SNMP Trap Rcvr Encryption Error	Error
LogRhythm Agent Event 10011	Sub Rule	LogRhythm Agent SNMP Trap Rcvr Auth Error	Error
LogRhythm Agent Event 10010	Sub Rule	LogRhythm Agent SNMP Trap Receiver Error	Error
LogRhythm Agent Event 10009	Sub Rule	LogRhythm Agent SNMP Trap Receiver Bad Packet	Error
LogRhythm Agent Event 10008	Sub Rule	LogRhythm Agent SNMP Trap Receiver OID Not Found	Warning
LogRhythm Agent Event 10007	Sub Rule	LogRhythm Agent SNMP Trap Rcvr Processing Failure	Error
LogRhythm Agent Event 10006	Sub Rule	LogRhythm Agent SNMP Trap Rcvr File Open Failed	Error
LogRhythm Agent Event 10005	Sub Rule	LogRhythm Agent SNMP Trap Rcvr File Delete Fail	Error
LogRhythm Agent Event 10004	Sub Rule	LogRhythm Agent SNMP Trap Receiver File Not Found	Error
LogRhythm Agent Event 10003	Sub Rule	LogRhythm Agent SNMP Trap Rcvr Socket Bind Fail	Error
LogRhythm Agent Event 10002	Sub Rule	LogRhythm Agent SNMP Trap Receiver Bad IP Address	Error
LogRhythm Agent Event 10001	Sub Rule	LogRhythm Agent SNMP Trap Receiver Missing Address	Warning
LogRhythm Agent Event 10000	Sub Rule	LogRhythm Agent SNMP Trap Receiver Error	Error
LogRhythm Job Manager Error	Sub Rule	General LogRhythm Job Manager Error	Error
LogRhythm Job Manager Warning	Sub Rule	General LogRhythm Job Manager Warning	Warning
LogRhythm Job Manager Information	Sub Rule	General LogRhythm Job Manager Information	Information
LogRhythm ARM Error	Sub Rule	General LogRhythm ARM Error	Error
LogRhythm ARM Warning	Sub Rule	General LogRhythm ARM Warning	Warning
LogRhythm ARM Information	Sub Rule	General LogRhythm ARM Information	Information
LogRhythm MPE Error	Sub Rule	General LogRhythm MPE Error	Error
LogRhythm MPE Warning	Sub Rule	General LogRhythm MPE Warning	Warning
LogRhythm MPE Information	Sub Rule	General LogRhythm MPE Information	Information
LogRhythm Mediator Error	Sub Rule	General LogRhythm Mediator Error	Error
LogRhythm Mediator Warning	Sub Rule	General LogRhythm Mediator Warning	Warning
LogRhythm Mediator Information	Sub Rule	General LogRhythm Mediator Information	Information
LogRhythm Agent Error	Sub Rule	General LogRhythm Agent Error	Error
LogRhythm Agent Warning	Sub Rule	General LogRhythm Agent Warning	Warning
LogRhythm Agent Information	Sub Rule	General LogRhythm Agent Information	Information
LogRhythm MPE Event 2049	Sub Rule	LogRhythm MPE GLPR Processing Error	Error
LogRhythm MPE Event 2048	Sub Rule	LogRhythm MPE GLPR Preparation Error	Error
LogRhythm MPE Event 2047	Sub Rule	LogRhythm MPE GLPR Collection Update Error	Error
LogRhythm MPE Event 2046	Sub Rule	LogRhythm MPE Global Data Mgmt Settings Error	Error
LogRhythm Mediator Event 9002	Sub Rule	LogRhythm Mediator Failed Shutdown Msg Insert Proc	Error
LogRhythm Mediator Event 9001	Sub Rule	LogRhythm Mediator Failed To Start Msg Insert Proc	Error
LogRhythm Mediator Event 2059	Sub Rule	LogRhythm Mediator Failed To Get Mediator ID	Error
LogRhythm Mediator Event 2058	Sub Rule	LogRhythm Mediator Failed To Open Config File	Error
LogRhythm Job Manager Event 6004	Sub Rule	LogRhythm JobMgr AD Synch Abort	Warning
LogRhythm Job Manager Event 6003	Sub Rule	LogRhythm JobMgr AD Synch Error	Error
LogRhythm Job Manager Event 6002	Sub Rule	LogRhythm JobMgr AD Synch Completed	Information
LogRhythm Job Manager Event 6001	Sub Rule	LogRhythm JobMgr AD Synch Started	Information
LogRhythm Job Manager Event 5016	Sub Rule	LogRhythm JobMgr HbMon Error Query LS Last Log Inf	Error
LogRhythm Job Manager Event 5015	Sub Rule	LogRhythm JobMgr HbMon Log Source State Deser Err	Error
LogRhythm Job Manager Event 5014	Sub Rule	LogRhythm JobMgr HbMon Log Source State Ser Error	Error
LogRhythm Job Manager Event 5013	Sub Rule	LogRhythm JobMgr HbMon Missing LS State File	Warning
LogRhythm Job Manager Event 5012	Sub Rule	LogRhythm JobMgr HbMon Missing Agent State File	Warning
LogRhythm Job Manager Event 5011	Sub Rule	LogRhythm JobMgr HbMon Missing Mediator State File	Warning
LogRhythm Job Manager Event 5010	Sub Rule	LogRhythm JobMgr HbMon Error Writing HB Event	Error
LogRhythm Job Manager Event 5009	Sub Rule	LogRhythm JobMgr HbMon Error Query Agent HB Info	Error
LogRhythm Job Manager Event 5008	Sub Rule	LogRhythm JobMgr HbMon Error Query Med HB Info	Error
LogRhythm Job Manager Event 5007	Sub Rule	LogRhythm JobMgr HbMon Error Loading Common Events	Error
LogRhythm Job Manager Event 5006	Sub Rule	LogRhythm JobMgr HbMon Agent State Deser Error	Error
LogRhythm Job Manager Event 5005	Sub Rule	LogRhythm JobMgr HbMon Mediator State Deser Error	Error
LogRhythm Job Manager Event 5004	Sub Rule	LogRhythm JobMgr HbMon Agent State Ser Error	Error
LogRhythm Job Manager Event 5003	Sub Rule	LogRhythm JobMgr HbMon Mediator State Ser Error	Error
LogRhythm Job Manager Event 5002	Sub Rule	LogRhythm JobMgr HbMon Shutdown	Information
LogRhythm Job Manager Event 5001	Sub Rule	LogRhythm JobMgr HbMon Started	Information
LogRhythm ARM Event 9999	Sub Rule	LogRhythm ARM Unexpected Error	Error
LogRhythm ARM Event 2017	Sub Rule	LogRhythm ARM Alarm Rule Conversion Error	Error
LogRhythm ARM Event 2016	Sub Rule	LogRhythm ARM Max Memory Reached	Error
LogRhythm ARM Event 1007	Sub Rule	LogRhythm ARM Configuration Update Error	Error
LogRhythm Agent Event 6015	Sub Rule	LogRhythm Agent DLD IMAPI Service Error	Warning
LogRhythm Agent Event 6014	Sub Rule	LogRhythm Agent DLD File Watch Error	Error
LogRhythm Agent Event 6013	Sub Rule	LogRhythm Agent Failed To Start DLD Thread	Error
LogRhythm Agent Event 6012	Sub Rule	LogRhythm Agent Failed To Start Data Loss Defender	Error
LogRhythm Agent Event 2062	Sub Rule	LogRhythm Agent Missing Path Parameter	Error
LogRhythm Job Manager Event 1007	Sub Rule	LogRhythm Job Manager Config Update Error	Error
LogRhythm Job Manager Event 9999	Sub Rule	LogRhythm Job Manager Unexpected Error	Error
LogRhythm Job Manager Event 4007	Sub Rule	LogRhythm Job Manager Scheduled Rpt Unexpected Err	Error
LogRhythm Job Manager Event 4006	Sub Rule	LogRhythm Job Manager Scheduled Rpt Email Error	Error
LogRhythm Job Manager Event 4005	Sub Rule	LogRhythm Job Manager Scheduled Rpt Export Error	Error
LogRhythm Job Manager Event 4004	Sub Rule	LogRhythm Job Manager Scheduled Rpt Prep Error	Error
LogRhythm Job Manager Event 4003	Sub Rule	LogRhythm Job Manager Scheduled Rpt Pkg Failure	Error
LogRhythm Job Manager Event 4002	Sub Rule	LogRhythm Job Manager Scheduled Rpt Job Failure	Error
LogRhythm Job Manager Event 4001	Sub Rule	LogRhythm Job Manager Scheduled Rpt Init Error	Error
LogRhythm Job Manager Event 2016	Sub Rule	LogRhythm Job Manager Memory Recycle	Warning
LogRhythm Job Manager Event 2004	Sub Rule	LogRhythm Job Manager Maintenance Error	Error
LogRhythm Job Manager Event 1006	Sub Rule	LogRhythm Job Manager Shutdown Initiated	Information
LogRhythm Job Manager Event 1005	Sub Rule	LogRhythm Job Manager Startup Initiated	Information
LogRhythm Job Manager Event 1004	Sub Rule	LogRhythm Job Manager Shutdown Failure	Error
LogRhythm Job Manager Event 1003	Sub Rule	LogRhythm Job Manager Startup Failure	Critical
LogRhythm Job Manager Event 1002	Sub Rule	LogRhythm Job Manager Stopped	Information
LogRhythm Job Manager Event 1001	Sub Rule	LogRhythm Job Manager Started	Information
LogRhythm Mediator Event 8025	Sub Rule	LogRhythm Mediator Failed To Quarantine Archive	Error
LogRhythm Mediator Event 8024	Sub Rule	LogRhythm Mediator Active Archive Seal Error	Error
LogRhythm Mediator Event 8023	Sub Rule	LogRhythm Mediator Active Archive Update Error	Error
LogRhythm Mediator Event 8022	Sub Rule	LogRhythm Mediator Archive Verification Failure	Warning
LogRhythm Mediator Event 8021	Sub Rule	LogRhythm Mediator Archive Verification Error	Error
LogRhythm Mediator Event 7026	Sub Rule	LogRhythm Mediator Shutdown Reply Send Error	Error
LogRhythm Mediator Event 7025	Sub Rule	LogRhythm Mediator Message Source Auth Error	Error
LogRhythm Mediator Event 7024	Sub Rule	LogRhythm Mediator No Agent Configuration	Error
LogRhythm Mediator Event 7023	Sub Rule	LogRhythm Mediator Unregistered Agent Error	Warning
LogRhythm Mediator Event 7022	Sub Rule	LogRhythm Mediator Service Request Send Error	Error
LogRhythm Mediator Event 6008	Sub Rule	LogRhythm Mediator Recycling Service Process	Error
LogRhythm Mediator Event 3021	Sub Rule	LogRhythm Mediator Agent SSL Auth Failed	Error
LogRhythm Mediator Event 3020	Sub Rule	LogRhythm Mediator Agent Name Conflict	Error
LogRhythm Mediator Event 2057	Sub Rule	LogRhythm Mediator Failed To Create Svr SSL Cert	Warning
LogRhythm Mediator Event 2056	Sub Rule	LogRhythm Mediator Using Default Server SSL Port	Warning
LogRhythm Agent Event 5022	Sub Rule	LogRhythm Agent Syslogng Socket Option Failed	Warning
LogRhythm Agent Event 5021	Sub Rule	LogRhythm Agent Syslogng File Delete Failed	Warning
LogRhythm Agent Event 5020	Sub Rule	LogRhythm Agent Syslogng File Open Failed	Warning
LogRhythm Agent Event 5019	Sub Rule	LogRhythm Agent Syslogng File Not Found	Warning
LogRhythm Agent Event 5018	Sub Rule	LogRhythm Agent Syslogng Read Begin Failure	Warning
LogRhythm Agent Event 5017	Sub Rule	LogRhythm Agent Syslogng Read Complete Failure	Warning
LogRhythm Agent Event 5016	Sub Rule	LogRhythm Agent Syslogng Connection Failure	Warning
LogRhythm Agent Event 5015	Sub Rule	LogRhythm Agent Syslogng Processing Failure	Warning
LogRhythm Agent Event 5014	Sub Rule	LogRhythm Agent Syslogng Extraction Failure	Warning
LogRhythm Agent Event 5013	Sub Rule	LogRhythm Agent Syslogng Reader Thread Failure	Warning
LogRhythm Agent Event 5012	Sub Rule	LogRhythm Agent Syslogng Socket Bind Failure	Warning
LogRhythm Agent Event 5011	Sub Rule	LogRhythm Agent Syslogng Server Start Failure	Warning
LogRhythm Agent Event 4034	Sub Rule	LogRhythm Agent Failed To Check Mediator Shutdown	Error
LogRhythm Agent Event 4033	Sub Rule	LogRhythm Agent Upgrade Service Request	Error
LogRhythm Agent Event 4032	Sub Rule	LogRhythm Agent Resume Service Request	Error
LogRhythm Agent Event 4031	Sub Rule	LogRhythm Agent Restart Service Request	Information
LogRhythm Agent Event 4030	Sub Rule	Received Service Restart Service Request	Information
LogRhythm Agent Event 4029	Sub Rule	LogRhythm Agent Stop Service Request	Error
LogRhythm Agent Event 4028	Sub Rule	LogRhythm Agent Config Change Service Request	Information
LogRhythm Agent Event 4027	Sub Rule	LogRhythm Agent Pre-existing Connection Error	Error
LogRhythm Agent Event 4026	Sub Rule	LogRhythm Agent No Configuration Error	Error
LogRhythm Agent Event 4025	Sub Rule	LogRhythm Agent Unregistered Agent Error	Error
LogRhythm Agent Event 2061	Sub Rule	LogRhythm Agent No Log Manager Configured	Error
LogRhythm Agent Event 2060	Sub Rule	LogRhythm Agent No Log Manager Configured	Error
LogRhythm Agent Event 1005	Sub Rule	LogRhythm Agent Recycling	Information
LogRhythm MPE Event 2045	Sub Rule	LogRhythm MPE Maintenance ThreadLock Timeout	Warning
LogRhythm MPE Event 2044	Sub Rule	LogRhythm MPE Log Processing Thread Shutdown Error	Error
LogRhythm MPE Event 2043	Sub Rule	LogRhythm MPE Diagnostics Processing Error	Error
LogRhythm MPE Event 2042	Sub Rule	LogRhythm MPE Log Processing Thread Start Error	Error
LogRhythm ARM Event 3102	Sub Rule	LogRhythm ARM SNMP Trap Was Not Sent	Error
LogRhythm ARM Event 3101	Sub Rule	LogRhythm ARM SNMP Trap Send Error	Warning
LogRhythm Agent Event 9003	Sub Rule	LogRhythm Agent Checkpoint Stop Collection Error	Error
LogRhythm Agent Event 9002	Sub Rule	LogRhythm Agent Checkpoint Stop Collection Error	Error
LogRhythm Agent Event 9001	Sub Rule	LogRhythm Agent Checkpoint Start Collection Error	Error
LogRhythm Agent Event 8002	Sub Rule	LogRhythm Agent Failed To Obtain Identifier	Error
LogRhythm Agent Event 8001	Sub Rule	LogRhythm Agent Failed Virtual Source Lookup	Warning
LogRhythm Agent Event 4024	Sub Rule	LogRhythm Agent VirtSrc Info Reply Constr Failed	Error
LogRhythm Agent Event 4023	Sub Rule	LogRhythm Agent VirtSrc Info Req Send Failure	Error
LogRhythm Agent Event 4022	Sub Rule	LogRhythm Agent VirtSrc Info Req Constr Failed	Error
LogRhythm MPE Event 5105	Sub Rule	LogRhythm MPE LogMart Abort On Shutdown	Error
LogRhythm MPE Event 5104	Sub Rule	LogRhythm MPE LogMart Update Error	Error
LogRhythm MPE Event 5103	Sub Rule	LogRhythm MPE LogMart Serialization Error	Error
LogRhythm MPE Event 5102	Sub Rule	LogRhythm MPE LogMart Deserialization Error	Error
LogRhythm MPE Event 5101	Sub Rule	LogRhythm MPE LogMart No State File	Warning
LogRhythm MPE Event 5001	Sub Rule	LogRhythm MPE LogMart Initialization Error	Critical
LogRhythm MPE Event 4107	Sub Rule	LogRhythm MPE Stats Abort On Shutdown	Error
LogRhythm ARM Event 2015	Sub Rule	LogRhythm ARM Error Loading Alarm Rule	Error
LogRhythm Mediator Event 7021	Sub Rule	LogRhythm Mediator Failed VirtSrc Registration	Error
LogRhythm Mediator Event 6007	Sub Rule	LogRhythm Mediator Database Capacity Error	Error
LogRhythm Mediator Event 6006	Sub Rule	LogRhythm Mediator Database Capacity Warning	Warning
LogRhythm Mediator Event 2055	Sub Rule	LogRhythm Mediator Failed To Poll For Maint Status	Warning
LogRhythm Mediator Event 2054	Sub Rule	LogRhythm Mediator Virt. Source Auto Register On	Information
LogRhythm Mediator Event 2018	Sub Rule	LogRhythm Mediator Bad Inactive Count	Warning
LogRhythm Agent Event 2042	Sub Rule	LogRhythm Agent Failed To Parse Date Format File	Error
LogRhythm Agent Event 2026	Sub Rule	LogRhythm Agent Missing Log Source Name	Warning
LogRhythm Mediator Event 2023	Sub Rule	LogRhythm Mediator ID Retrieval Failure	Error
LogRhythm Mediator Event 8001	Sub Rule	LogRhythm Mediator Script Start Failure	Error
LogRhythm Agent Event 2045	Sub Rule	LogRhythm Agent Serialized Log Data Read Failure	Error
LogRhythm Mediator Event 7009	Sub Rule	LogRhythm Mediator Auth Success Send Error	Error
LogRhythm Mediator Event 4012	Sub Rule	LogRhythm Mediator Closed Agent Connections	Warning
LogRhythm Mediator Event 2026	Sub Rule	LogRhythm Mediator License Retrieval Failure	Error
LogRhythm Mediator Event 8004	Sub Rule	LogRhythm Mediator Archive Dir Error	Error
LogRhythm ARM Event 5012	Sub Rule	LogRhythm ARM HbMon Missing Agent State File	Warning
LogRhythm Agent Event 4004	Sub Rule	LogRhythm Agent Failed Authentication	Error
LogRhythm Mediator Event 3016	Sub Rule	LogRhythm Mediator Remote Endpoint Error	Error
LogRhythm Mediator Event 2031	Sub Rule	LogRhythm Mediator MPE Startup Failure	Critical
LogRhythm Agent Event 2057	Sub Rule	LogRhythm Agent Failed Custom Command Exec	Error
LogRhythm Agent Event 2002	Sub Rule	LogRhythm Agent Failed To Start Maint Timer	Error
LogRhythm MPE Event 2001	Sub Rule	LogRhythm MPE Processing Thread Abort	Error
LogRhythm ARM Event 5008	Sub Rule	LogRhythm ARM Err Querying Mediator HB Info	Error
LogRhythm Mediator Event 4017	Sub Rule	LogRhythm Mediator Queue Processor Status Error	Warning
LogRhythm Agent Event 2018	Sub Rule	LogRhythm Agent Bad Flush Batch	Warning
LogRhythm Agent Event 2017	Sub Rule	LogRhythm Agent Bad Local Log Lifetime	Warning
LogRhythm MPE Event 2014	Sub Rule	LogRhythm MPE Get Spooled Event Files List Error	Error
LogRhythm Mediator Event 7018	Sub Rule	LogRhythm Mediator Log Data Extraction Failure	Error
LogRhythm MPE Event 4101	Sub Rule	LogRhythm MPE Stats No State File	Information
LogRhythm MPE Event 2022	Sub Rule	LogRhythm MPE Error Loading Spooled Log File	Error
LogRhythm Agent Event 4002	Sub Rule	LogRhythm Agent Sync Header Read Failure	Error
LogRhythm ARM Event 5001	Sub Rule	LogRhythm ARM HbMon Started	Information
LogRhythm Agent Event 1001	Sub Rule	LogRhythm Agent Started	Information
LogRhythm MPE Event 4104	Sub Rule	LogRhythm MPE Stats Update Error	Error
LogRhythm Mediator Event 4014	Sub Rule	LogRhythm Mediator Queue Processor Abort Error	Warning
LogRhythm Mediator Event 2020	Sub Rule	LogRhythm Mediator Bad Queue Threads	Warning
LogRhythm Agent Event 4017	Sub Rule	LogRhythm Agent Heartbeat Send Failure	Error
LogRhythm Mediator Event 6004	Sub Rule	LogRhythm Mediator DP Connection Validation Error	Error
LogRhythm Agent Event 2046	Sub Rule	LogRhythm Agent Log Rotation Error	Error
LogRhythm MPE Event 2005	Sub Rule	LogRhythm MPE Error Requeuing Processed Logs	Error
LogRhythm Mediator Event 2027	Sub Rule	LogRhythm Mediator Invalid License	Error
LogRhythm Mediator Event 8005	Sub Rule	LogRhythm Mediator Archive Min/Max Error	Error
LogRhythm Mediator Event 4006	Sub Rule	LogRhythm Mediator Queue Processor Conn Failure	Error
LogRhythm Agent Event 4005	Sub Rule	LogRhythm Agent Data Processor Unavailable	Warning
LogRhythm Agent Event 4018	Sub Rule	LogRhythm Agent Shutdown Send Failure	Warning
LogRhythm ARM Event 5004	Sub Rule	LogRhythm ARM HbMon Agent State To Disk Error	Error
LogRhythm Mediator Event 7002	Sub Rule	LogRhythm Mediator Unknown Agent Error	Error
LogRhythm Agent Event 4013	Sub Rule	LogRhythm Agent MS Auth Send Failure	Error
LogRhythm Agent Event 2003	Sub Rule	LogRhythm Agent Failed To Start Process Thread	Error
LogRhythm Agent Event 5002	Sub Rule	LogRhythm Agent Syslog File Not Found	Error
LogRhythm Mediator Event 2035	Sub Rule	LogRhythm Mediator Message Source Read Failure	Error
LogRhythm Agent Event 4012	Sub Rule	LogRhythm Agent MS Auth Construction Failed	Error
LogRhythm MPE Event 2040	Sub Rule	LogRhythm MPE Diagnostic Rule Update Error	Error
LogRhythm Agent Event 3004	Sub Rule	LogRhythm Agent Socket Option Failure	Error
LogRhythm Agent Event 2059	Sub Rule	LogRhythm Agent Bad Syslog Server Parameter	Error
LogRhythm Mediator Event 4013	Sub Rule	LogRhythm Mediator Queue Processor Bad State	Warning
LogRhythm Mediator Event 3019	Sub Rule	LogRhythm Mediator Invalid Connection Closed	Warning
LogRhythm ARM Event 5007	Sub Rule	LogRhythm ARM HbMon Error Loading Common Events	Error
LogRhythm Mediator Event 7019	Sub Rule	LogRhythm Mediator Log Data Parsing Failure	Error
LogRhythm MPE Event 2030	Sub Rule	LogRhythm MPE Shutdown During Initialization	Warning
LogRhythm MPE Event 2016	Sub Rule	LogRhythm MPE Spooled Events Requeing Error	Error
LogRhythm Agent Event 7003	Sub Rule	LogRhythm Agent Log Read Failure	Error
LogRhythm MPE Event 4105	Sub Rule	LogRhythm MPE Stats Mediator Heartbeat Error	Error
LogRhythm Mediator Event 2021	Sub Rule	LogRhythm Mediator Bad Platform Manager Data	Error
LogRhythm Mediator Event 4002	Sub Rule	LogRhythm Mediator Unprocessed Log Read Error	Error
LogRhythm Agent Event 7006	Sub Rule	LogRhythm Agent Log Source Close Failed	Warning
LogRhythm Mediator Event 3017	Sub Rule	LogRhythm Mediator Socket Close Error	Error
LogRhythm Mediator Event 4010	Sub Rule	LogRhythm Mediator Unprocessed Serialization Error	Error
LogRhythm Agent Event 2037	Sub Rule	LogRhythm Agent File Monitor Duplicate Policy	Warning
LogRhythm MPE Event 2020	Sub Rule	LogRhythm MPE Log Spool Write Error	Error
LogRhythm Agent Event 4019	Sub Rule	LogRhythm Agent Log Data Construction Failed	Error
LogRhythm Mediator Event 3007	Sub Rule	LogRhythm Mediator Begin Async Read Failure	Error
LogRhythm Agent Event 2040	Sub Rule	LogRhythm Agent File Monitor Config Failed	Error
LogRhythm Agent Event 1002	Sub Rule	LogRhythm Agent Stopped	Information
LogRhythm Agent Event 5003	Sub Rule	LogRhythm Agent Syslog File Open Failed	Error
LogRhythm Mediator Event 2042	Sub Rule	LogRhythm Mediator Listening Thread Timeout	Warning
LogRhythm Mediator Event 2003	Sub Rule	LogRhythm Mediator Config File Read Failure	Error
LogRhythm Mediator Event 2025	Sub Rule	LogRhythm Mediator License ID Retrieval Failure	Error
LogRhythm Mediator Event 2038	Sub Rule	LogRhythm Mediator MS License Load Failure	Error
LogRhythm Mediator Event 6001	Sub Rule	LogRhythm Mediator PM Connection Error	Error
LogRhythm Mediator Event 4004	Sub Rule	LogRhythm Mediator Unprocessed Log Write Error	Error
LogRhythm Agent Event 7004	Sub Rule	LogRhythm Agent Log Parse Failure	Error
LogRhythm Mediator Event 2010	Sub Rule	LogRhythm Mediator Invalid Active Archive Path	Error
LogRhythm ARM Event 5006	Sub Rule	LogRhythm ARM HbMon Agent State From Disk Error	Error
LogRhythm Agent Event 2049	Sub Rule	LogRhythm Agent File Monitor Add Error	Error
LogRhythm Mediator Event 4003	Sub Rule	LogRhythm Mediator Unprocessed Data Write Error	Warning
LogRhythm Agent Event 2016	Sub Rule	LogRhythm Agent Self File Monitoring Failed	Error
LogRhythm Mediator Event 2051	Sub Rule	LogRhythm Mediator MS Record Update Error	Error
LogRhythm Agent Event 2041	Sub Rule	LogRhythm Agent Failed To Open Date Format File	Error
LogRhythm Agent Event 4008	Sub Rule	LogRhythm Agent Unlicensed Agent Error	Error
LogRhythm Mediator Event 8020	Sub Rule	LogRhythm Mediator Script Open Failure	Error
LogRhythm MPE Event 2018	Sub Rule	LogRhythm MPE Error Requeuing Events	Error
LogRhythm Agent Event 3006	Sub Rule	LogRhythm Agent Socket Connect Failure	Warning
LogRhythm Agent Event 2033	Sub Rule	LogRhythm Agent No Clock Offset File Found	Warning
LogRhythm Mediator Event 4011	Sub Rule	LogRhythm Mediator Entered Suspend State	Warning
LogRhythm Agent Event 2035	Sub Rule	LogRhythm Agent Performance Counter Failure	Warning
LogRhythm Mediator Event 2050	Sub Rule	LogRhythm Mediator MS Load Error	Error
LogRhythm Agent Event 4016	Sub Rule	LogRhythm Agent MS Unlicensed Error	Error
LogRhythm Agent Event 2009	Sub Rule	LogRhythm Agent Bad Event Log Read Timeout	Warning
LogRhythm MPE Event 2036	Sub Rule	LogRhythm MPE Unable To Load Global Entity	Error
LogRhythm Agent Event 5007	Sub Rule	LogRhythm Agent Syslog Receive Start Failure	Critical
LogRhythm Agent Event 7008	Sub Rule	LogRhythm Agent Log Transfer Setup Failure	Error
LogRhythm Agent Event 7005	Sub Rule	LogRhythm Agent Missed Event Logs	Warning
LogRhythm Mediator Event 4007	Sub Rule	LogRhythm Mediator Queue Processor Comm Error	Error
LogRhythm Agent Event 2032	Sub Rule	LogRhythm Agent REParsingFile Option Missing	Error
LogRhythm Agent Event 2030	Sub Rule	LogRhythm Agent Regex File Read Failure	Error
LogRhythm Agent Event 2027	Sub Rule	LogRhythm Agent Bad Max Message Count	Warning
LogRhythm Mediator Event 6002	Sub Rule	LogRhythm Mediator DP Connection Error	Error
LogRhythm Mediator Event 4005	Sub Rule	LogRhythm Mediator Queue Processor Init Failure	Error
LogRhythm MPE Event 2019	Sub Rule	LogRhythm MPE Bad Log Spool Path	Error
LogRhythm MPE Event 2035	Sub Rule	LogRhythm MPE Policy Update Error	Error
LogRhythm Mediator Event 2014	Sub Rule	LogRhythm Mediator Bad Archive Batch	Warning
LogRhythm ARM Event 5002	Sub Rule	LogRhythm ARM HbMon Shutdown	Information
LogRhythm Mediator Event 7020	Sub Rule	LogRhythm Mediator Failed To Queue Log Data	Error
LogRhythm Agent Event 4009	Sub Rule	LogRhythm Agent Auth Reply Send Failure	Warning
LogRhythm Mediator Event 4008	Sub Rule	LogRhythm Mediator Log Data Format Failure	Error
LogRhythm Agent Event 5004	Sub Rule	LogRhythm Agent Syslog File Delete Failed	Error
LogRhythm Agent Event 4021	Sub Rule	LogRhythm Agent Received Suspend Message	Warning
LogRhythm Agent Event 6011	Sub Rule	LogRhythm Agent Netflow Flow Record Parse Error	Error
LogRhythm Agent Event 2043	Sub Rule	LogRhythm Agent Failed To Add Self Monitoring File	Error
LogRhythm Mediator Event 2039	Sub Rule	LogRhythm Mediator Socket Buffer Error	Error
LogRhythm Agent Event 3002	Sub Rule	LogRhythm Agent IP Address Parsing Failure	Error
LogRhythm Mediator Event 8018	Sub Rule	LogRhythm Mediator Archive Delete Error	Error
LogRhythm Mediator Event 3012	Sub Rule	LogRhythm Mediator Invalid Protocol Msg Code	Warning
LogRhythm Agent Event 4015	Sub Rule	LogRhythm Agent MS Authentication Failure	Error
LogRhythm Mediator Event 2011	Sub Rule	LogRhythm Mediator Invalid Inactive Archive Path	Error
LogRhythm Mediator Event 2044	Sub Rule	LogRhythm Mediator Log Rotation Error	Error
LogRhythm Agent Event 6006	Sub Rule	LogRhythm Agent Netflow Socket Bind Failure	Error
LogRhythm Agent Event 2008	Sub Rule	LogRhythm Agent Bad Event Log Buffer	Warning
LogRhythm MPE Event 2034	Sub Rule	LogRhythm MPE Entity Update Error	Error
LogRhythm Agent Event 4014	Sub Rule	LogRhythm Agent Auth Reply Construction Failed	Error
LogRhythm Agent Event 5001	Sub Rule	LogRhythm Agent Syslog Server Start Failure	Critical
LogRhythm MPE Event 2032	Sub Rule	LogRhythm MPE Maintenance Error	Error
LogRhythm Agent Event 2024	Sub Rule	LogRhythm Agent Bad Server Port	Warning
LogRhythm Mediator Event 6003	Sub Rule	LogRhythm Mediator PM Connection Validation Error	Error
LogRhythm Mediator Event 1002	Sub Rule	LogRhythm Mediator Stopped	Information
LogRhythm Agent Event 5005	Sub Rule	LogRhythm Agent Syslog Server Bad IP Address	Error
LogRhythm Mediator Event 2012	Sub Rule	LogRhythm Mediator Bad Max Archive Size	Warning
LogRhythm Agent Event 2023	Sub Rule	LogRhythm Agent Bad Client Port	Warning
LogRhythm Mediator Event 4001	Sub Rule	LogRhythm Mediator Unprocessed Data Load Error	Warning
LogRhythm Mediator Event 7004	Sub Rule	LogRhythm Mediator Unlicensed Agent Error	Error
LogRhythm Mediator Event 2028	Sub Rule	LogRhythm Mediator License Validation Failure	Error
LogRhythm MPE Event 2031	Sub Rule	LogRhythm MPE Configuration Update Error	Error
LogRhythm Agent Event 2051	Sub Rule	LogRhythm Agent Maintenance Error	Error
LogRhythm Agent Event 2044	Sub Rule	LogRhythm Agent Clock Offset File Write Failure	Error
LogRhythm Agent Event 2022	Sub Rule	LogRhythm Agent Bad NIC	Warning
LogRhythm Agent Event 2031	Sub Rule	LogRhythm Agent Virtual Source File Read Failure	Error
LogRhythm Agent Event 5010	Sub Rule	LogRhythm Agent Syslog Write Non-Match Failure	Error
LogRhythm Mediator Event 2052	Sub Rule	LogRhythm Mediator New MS Record Load Error	Error
LogRhythm MPE Event 2041	Sub Rule	LogRhythm MPE Diagnostic Rule Processing Error	Error
LogRhythm Mediator Event 2045	Sub Rule	LogRhythm Mediator Maintenance Error	Error
LogRhythm Mediator Event 7012	Sub Rule	LogRhythm Mediator MS Authentication Failure	Error
LogRhythm Mediator Event 2015	Sub Rule	LogRhythm Mediator Bad Archive Compression	Warning
LogRhythm Mediator Event 2040	Sub Rule	LogRhythm Mediator Bind Failure	Error
LogRhythm Agent Event 2047	Sub Rule	LogRhythm Agent File Monitor Policy Error	Error
LogRhythm Agent Event 2025	Sub Rule	LogRhythm Agent Failed To Parse Date Format	Warning
LogRhythm Mediator Event 3004	Sub Rule	LogRhythm Mediator Pre-existing Session	Warning
LogRhythm MPE Event 2029	Sub Rule	LogRhythm MPE Unexpected Log Processing Error	Error
LogRhythm MPE Event 2010	Sub Rule	LogRhythm MPE Bad Event Spool Path	Error
LogRhythm Mediator Event 4015	Sub Rule	LogRhythm Mediator Queue Processor Resurrected	Warning
LogRhythm Agent Event 3003	Sub Rule	LogRhythm Agent Invalid Network Endpoint	Error
LogRhythm Mediator Event 8019	Sub Rule	LogRhythm Mediator Archive SubDir Error	Error
LogRhythm Mediator Event 2029	Sub Rule	LogRhythm Mediator Queue Allocation Failure	Error
LogRhythm Mediator Event 2016	Sub Rule	LogRhythm Mediator Bad Max Inactive Count	Warning
LogRhythm ARM Event 5009	Sub Rule	LogRhythm ARM HbMon Error Querying Agent HB Info	Error
LogRhythm Mediator Event 2001	Sub Rule	LogRhythm Mediator Listener Failure	Error
LogRhythm Agent Event 2034	Sub Rule	LogRhythm Agent Clock Offset File Read Failure	Error
LogRhythm MPE Event 2037	Sub Rule	LogRhythm MPE Initialization Error	Error
LogRhythm Mediator Event 3001	Sub Rule	LogRhythm Mediator Connection Handling Error	Error
LogRhythm MPE Event 1006	Sub Rule	LogRhythm MPE Shutdown Initiated	Information
LogRhythm Mediator Event 2004	Sub Rule	LogRhythm Mediator Bad Mediator Name	Error
LogRhythm Mediator Event 5002	Sub Rule	LogRhythm Mediator Agent Update Failure	Error
LogRhythm ARM Event 5003	Sub Rule	LogRhythm ARM HbMon Mediator State To Disk Error	Error
LogRhythm Agent Event 3005	Sub Rule	LogRhythm Agent Socket Bind Failure	Critical
LogRhythm Mediator Event 1003	Sub Rule	LogRhythm Mediator Startup Failure	Critical
LogRhythm Agent Event 2020	Sub Rule	LogRhythm Agent Failed To Init Log Data Queue	Error
LogRhythm Mediator Event 2013	Sub Rule	LogRhythm Mediator Bad Max Archive Age	Warning
LogRhythm Mediator Event 2046	Sub Rule	LogRhythm Mediator DP Stats Failure	Warning
LogRhythm Mediator Event 7005	Sub Rule	LogRhythm Mediator Auth Request Send Error	Error
LogRhythm Agent Event 4001	Sub Rule	LogRhythm Agent Ident Send Failure	Warning
LogRhythm Agent Event 2058	Sub Rule	LogRhythm Agent Failed Syslog File Purge	Error
LogRhythm Mediator Event 8008	Sub Rule	LogRhythm Mediator Archive Reader Error	Error
LogRhythm Mediator Event 3002	Sub Rule	LogRhythm Mediator Connection Accept Error	Error
LogRhythm MPE Event 1005	Sub Rule	LogRhythm MPE Startup Initiated	Information
LogRhythm Agent Event 6007	Sub Rule	LogRhythm Agent Netflow Receive Start Failure	Critical
LogRhythm Mediator Event 7010	Sub Rule	LogRhythm Mediator Session Lookup Failure	Error
LogRhythm Agent Event 6009	Sub Rule	LogRhythm Agent Netflow Processing Failure	Error
LogRhythm Mediator Event 8012	Sub Rule	LogRhythm Mediator Archive Cache Error	Error
LogRhythm MPE Event 2007	Sub Rule	LogRhythm MPE Null Log Source	Error
LogRhythm MPE Event 2028	Sub Rule	LogRhythm MPE IP Octet Conversion Failure	Error
LogRhythm Agent Event 5009	Sub Rule	LogRhythm Agent Syslog Processing Failure	Error
LogRhythm Mediator Event 3010	Sub Rule	LogRhythm Mediator Invalid Protocol Msg Version	Warning
LogRhythm Agent Event 2021	Sub Rule	LogRhythm Agent Bad Mediator Host	Error
LogRhythm Agent Event 6008	Sub Rule	LogRhythm Agent Netflow Extraction Failure	Error
LogRhythm Mediator Event 2053	Sub Rule	LogRhythm Mediator License Record Update Error	Error
LogRhythm Mediator Event 7006	Sub Rule	LogRhythm Mediator Authentication Failure	Error
LogRhythm MPE Event 2012	Sub Rule	LogRhythm MPE Event Spool Write Error	Error
LogRhythm Agent Event 6005	Sub Rule	LogRhythm Agent Netflow Server Bad IP Address	Error
LogRhythm Mediator Event 2002	Sub Rule	LogRhythm Mediator Config File Not Found	Error
LogRhythm Agent Event 6001	Sub Rule	LogRhythm Agent Netflow Server Start Failure	Critical
LogRhythm Mediator Event 7014	Sub Rule	LogRhythm Mediator MS Unlicensed Error	Error
LogRhythm Mediator Event 2005	Sub Rule	LogRhythm Mediator Bad MediatorIP	Error
LogRhythm Agent Event 6004	Sub Rule	LogRhythm Agent Netflow File Delete Failed	Error
LogRhythm Mediator Event 7011	Sub Rule	LogRhythm Mediator MS Auth Failure Send Error	Error
LogRhythm Mediator Event 3005	Sub Rule	LogRhythm Mediator Max Connections Reached	Warning
LogRhythm MPE Event 1002	Sub Rule	LogRhythm MPE Shutdown Successfully	Information
LogRhythm Agent Event 2015	Sub Rule	LogRhythm Agent No FileMonitor Info Found	Warning
LogRhythm Mediator Event 2047	Sub Rule	LogRhythm Mediator Agent Record Poll Error	Error
LogRhythm Mediator Event 8016	Sub Rule	LogRhythm Mediator Archive Batch Error	Warning
LogRhythm Agent Event 4020	Sub Rule	LogRhythm Agent Log Data Send Failure	Error
LogRhythm Mediator Event 2017	Sub Rule	LogRhythm Mediator Bad Inactive Count	Warning
LogRhythm Mediator Event 8009	Sub Rule	LogRhythm Mediator Archive Read Error	Error
LogRhythm Mediator Event 7001	Sub Rule	LogRhythm Mediator Unavailable Send Error	Error
LogRhythm MPE Event 2009	Sub Rule	LogRhythm MPE Event Forwarding Failure	Error
LogRhythm Mediator Event 3006	Sub Rule	LogRhythm Mediator Connection Lookup Add Error	Error
LogRhythm MPE Event 1001	Sub Rule	LogRhythm MPE Started Successfully	Information
LogRhythm Mediator Event 5003	Sub Rule	LogRhythm Mediator MS Update Failure	Error
LogRhythm Mediator Event 3011	Sub Rule	LogRhythm Mediator Invalid Protocol Msg Type	Warning
LogRhythm Agent Event 2050	Sub Rule	LogRhythm Agent File Monitor Removal Error	Error
LogRhythm Mediator Event 2041	Sub Rule	LogRhythm Mediator Listening Socket Error	Error
LogRhythm MPE Event 2003	Sub Rule	LogRhythm MPE Error Loading Performance Counters	Error
LogRhythm Mediator Event 3014	Sub Rule	LogRhythm Mediator Async Payload Read Failure	Error
LogRhythm Agent Event 2038	Sub Rule	LogRhythm Agent File Exceeds Size Hash Limit	Warning
LogRhythm Mediator Event 2048	Sub Rule	LogRhythm Mediator Agent Record Update Error	Error
LogRhythm MPE Event 2033	Sub Rule	LogRhythm MPE KB Update Error	Error
LogRhythm Agent Event 2010	Sub Rule	LogRhythm Agent Bad Event Log Cache Lifetime	Warning
LogRhythm Mediator Event 7015	Sub Rule	LogRhythm Mediator MS Success Send Error	Error
LogRhythm MPE Event 1004	Sub Rule	LogRhythm MPE Shutdown Failure	Error
LogRhythm Mediator Event 2006	Sub Rule	LogRhythm Mediator Bad Server Port	Warning
LogRhythm MPE Event 2008	Sub Rule	LogRhythm MPE Null Classification	Error
LogRhythm Mediator Event 8013	Sub Rule	LogRhythm Mediator Archive Compression Error	Error
LogRhythm Mediator Event 1001	Sub Rule	LogRhythm Mediator Started	Information
LogRhythm Agent Event 7007	Sub Rule	LogRhythm Agent Log Dequeue Failure	Error
LogRhythm MPE Event 2015	Sub Rule	LogRhythm MPE Error Loading Spooled Event File	Error
LogRhythm Mediator Event 7007	Sub Rule	LogRhythm Mediator Session Insert Failure	Warning
LogRhythm Agent Event 4011	Sub Rule	LogRhythm Agent Header Data Extraction Failure	Error
LogRhythm Mediator Event 2043	Sub Rule	LogRhythm Mediator MPE Shutdown Timeout	Warning
LogRhythm MPE Event 2006	Sub Rule	LogRhythm MPE Log Processing Error	Error
LogRhythm Mediator Event 2032	Sub Rule	LogRhythm Mediator Agent Record Load Failure	Error
LogRhythm Mediator Event 8010	Sub Rule	LogRhythm Mediator Archive Write Error	Error
LogRhythm Agent Event 2054	Sub Rule	LogRhythm Agent Failed To Write File Monitor Data	Error
LogRhythm Mediator Event 2019	Sub Rule	LogRhythm Mediator Bad Queue Size	Warning
LogRhythm Mediator Event 8002	Sub Rule	LogRhythm Mediator Script State Failure	Warning
LogRhythm MPE Event 2002	Sub Rule	LogRhythm MPE Forwarding Thread Abort	Error
LogRhythm Agent Event 2014	Sub Rule	LogRhythm Agent Bad Cycle Time	Warning
LogRhythm Mediator Event 3015	Sub Rule	LogRhythm Mediator Complete Async Send Failure	Error
LogRhythm Mediator Event 3008	Sub Rule	LogRhythm Mediator Complete Async Read Failure	Error
LogRhythm Agent Event 2052	Sub Rule	LogRhythm Agent Serialized Log Data Write Failure	Error
LogRhythm Agent Event 2028	Sub Rule	LogRhythm Agent Missing Date Format	Warning
LogRhythm MPE Event 2004	Sub Rule	LogRhythm MPE Error Loading Central Configuration	Error
LogRhythm Mediator Event 2009	Sub Rule	LogRhythm Mediator Bad Archive Start Time	Warning
LogRhythm Mediator Event 7016	Sub Rule	LogRhythm Mediator System Source Creation Failure	Error
LogRhythm ARM Event 5011	Sub Rule	LogRhythm ARM HbMon Missing Mediator State File	Warning
LogRhythm Mediator Event 2007	Sub Rule	LogRhythm Mediator Bad Max Connections	Warning
LogRhythm Agent Event 2004	Sub Rule	LogRhythm Agent Config File Not Found	Error
LogRhythm Agent Event 6003	Sub Rule	LogRhythm Agent Netflow File Open Failed	Error
LogRhythm Mediator Event 4009	Sub Rule	LogRhythm Mediator Queue Processor Timeout	Warning
LogRhythm Agent Event 2036	Sub Rule	LogRhythm Agent File Monitor Config Not Found	Error
LogRhythm Agent Event 3007	Sub Rule	LogRhythm Agent Socket Closed By Data Processor	Warning
LogRhythm MPE Event 2039	Sub Rule	LogRhythm MPE Diagnostic Rule Init Error	Error
LogRhythm Mediator Event 8017	Sub Rule	LogRhythm Mediator Archive Process Error	Error
LogRhythm Mediator Event 2008	Sub Rule	LogRhythm Mediator Bad Connection Timeout	Warning
LogRhythm MPE Event 2011	Sub Rule	LogRhythm MPE Event Spool Preparation Error	Error
LogRhythm Agent Event 2039	Sub Rule	LogRhythm Agent Failed To Obtain File Stats	Error
LogRhythm Agent Event 5008	Sub Rule	LogRhythm Agent Syslog Extraction Failure	Error
LogRhythm Mediator Event 7003	Sub Rule	LogRhythm Mediator Disabled Agent Error	Error
LogRhythm Agent Event 2011	Sub Rule	LogRhythm Agent Bad Max Memory	Warning
LogRhythm MPE Event 4102	Sub Rule	LogRhythm MPE Stats Deserialization Error	Error
LogRhythm Agent Event 7001	Sub Rule	LogRhythm Agent Failed To Obtain Remote Clock	Warning
LogRhythm Mediator Event 5001	Sub Rule	LogRhythm Mediator Session Update Failure	Error
LogRhythm Mediator Event 3013	Sub Rule	LogRhythm Mediator Invalid Protocol Msg Size	Warning
LogRhythm Mediator Event 2036	Sub Rule	LogRhythm Mediator License Keys Load Failure	Error
LogRhythm Mediator Event 8014	Sub Rule	LogRhythm Mediator Archive Attribute Error	Error
LogRhythm Agent Event 6002	Sub Rule	LogRhythm Agent Netflow File Not Found	Error
LogRhythm Agent Event 2006	Sub Rule	LogRhythm Agent Bad System Monitor Name	Error
LogRhythm Mediator Event 8003	Sub Rule	LogRhythm Mediator Script Timeout	Warning
LogRhythm Agent Event 1004	Sub Rule	LogRhythm Agent Log Collection Start	Information
LogRhythm Agent Event 4003	Sub Rule	LogRhythm Agent Sync Payload Read Failure	Error
LogRhythm Agent Event 2048	Sub Rule	LogRhythm Agent File Monitor Error	Error
LogRhythm Mediator Event 8006	Sub Rule	LogRhythm Mediator Archive Fatal Error	Error
LogRhythm Agent Event 2012	Sub Rule	LogRhythm Agent Bad Connection Timeout	Warning
LogRhythm Mediator Event 7017	Sub Rule	LogRhythm Mediator Heartbeat Reply Send Error	Error
LogRhythm ARM Event 5010	Sub Rule	LogRhythm ARM HbMon Error Writing Heartbeat Event	Error
LogRhythm Agent Event 4006	Sub Rule	LogRhythm Agent Unknown Agent Error	Error
LogRhythm Agent Event 2005	Sub Rule	LogRhythm Agent Config File Read Failure	Error
LogRhythm Mediator Event 3003	Sub Rule	LogRhythm Mediator Pre-existing Connection	Warning
LogRhythm Mediator Event 2033	Sub Rule	LogRhythm Mediator Agent Record Read Failure	Error
LogRhythm Mediator Event 8011	Sub Rule	LogRhythm Mediator Archive Meta Data Error	Error
LogRhythm Agent Event 7002	Sub Rule	LogRhythm Agent Log Source Open Failed	Error
LogRhythm Agent Event 2019	Sub Rule	LogRhythm Agent Bad Max Syslog Suspend File Size	Warning
LogRhythm MPE Event 2017	Sub Rule	LogRhythm MPE Error Spooling Partial File	Error
LogRhythm Agent Event 4007	Sub Rule	LogRhythm Agent Disabled Agent Error	Error
LogRhythm MPE Event 2021	Sub Rule	LogRhythm MPE Get Spooled Logs Files List Error	Error
LogRhythm Mediator Event 7008	Sub Rule	LogRhythm Mediator Session Lookup Insert Failure	Error
LogRhythm Agent Event 2007	Sub Rule	LogRhythm Agent Bad Shared Secret	Error
LogRhythm Mediator Event 3009	Sub Rule	LogRhythm Mediator Async Header Read Failure	Error
LogRhythm MPE Event 2027	Sub Rule	LogRhythm MPE Rule Disabled	Warning
LogRhythm Agent Event 5006	Sub Rule	LogRhythm Agent Syslog Socket Bind Failure	Error
LogRhythm Agent Event 2055	Sub Rule	LogRhythm Agent Failed To Read File Monitor Data	Error
LogRhythm Mediator Event 2030	Sub Rule	LogRhythm Mediator Performance Counter Failure	Error
LogRhythm MPE Event 4103	Sub Rule	LogRhythm MPE Stats Serialization Error	Error
LogRhythm Agent Event 7009	Sub Rule	LogRhythm Agent Early Log Flush Exit	Warning
LogRhythm Agent Event 2056	Sub Rule	LogRhythm Agent Failed To Queue File Monitor Data	Error
LogRhythm Mediator Event 2024	Sub Rule	LogRhythm Mediator Invalid ID	Error
LogRhythm MPE Event 4106	Sub Rule	LogRhythm MPE Stats Agent Heartbeat Error	Error
LogRhythm Mediator Event 4016	Sub Rule	LogRhythm Mediator Queue Processor Resurrect Error	Warning
LogRhythm Mediator Event 2022	Sub Rule	LogRhythm Mediator Bad DP Data	Error
LogRhythm Mediator Event 2049	Sub Rule	LogRhythm Mediator New Agent Record Poll Error	Error
LogRhythm MPE Event 2038	Sub Rule	LogRhythm MPE System Message Error	Error
LogRhythm Mediator Event 6005	Sub Rule	LogRhythm Mediator DP Database Type Error	Error
LogRhythm Mediator Event 8007	Sub Rule	LogRhythm Mediator Archive Dir Verification Error	Error
LogRhythm Agent Event 2053	Sub Rule	LogRhythm Agent Max Memory Warning	Warning
LogRhythm Mediator Event 3018	Sub Rule	LogRhythm Mediator Connection Close Error	Error
LogRhythm Agent Event 2029	Sub Rule	LogRhythm Agent Failed To Locate Date Format	Warning
LogRhythm Mediator Event 7013	Sub Rule	LogRhythm Mediator MS Unlicensed Send Error	Error
LogRhythm Agent Event 4010	Sub Rule	LogRhythm Agent Authentication Failure	Error
LogRhythm Agent Event 2001	Sub Rule	LogRhythm Agent Failed To Init Clock Offset Table	Error
LogRhythm Agent Event 3001	Sub Rule	LogRhythm Agent Socket Close Failure	Warning
LogRhythm Mediator Event 2037	Sub Rule	LogRhythm Mediator License Verification Failure	Warning
LogRhythm Mediator Event 8015	Sub Rule	LogRhythm Mediator Archive Move Error	Error
LogRhythm Agent Event 6010	Sub Rule	LogRhythm Agent Netflow Out Of Sequence Data	Warning
LogRhythm MPE Event 2026	Sub Rule	LogRhythm MPE Event Forwarding Connection Error	Error
LogRhythm Agent Event 1003	Sub Rule	LogRhythm Agent Startup Failure	Critical
LogRhythm ARM Event 5005	Sub Rule	LogRhythm ARM HbMon Mediator State From Disk Error	Error
LogRhythm Agent Event 2013	Sub Rule	LogRhythm Agent Bad Heartbeat Interval	Warning
LogRhythm MPE Event 2024	Sub Rule	LogRhythm MPE Unable To Rotate Event Suspense Log	Error
LogRhythm MPE Event 2023	Sub Rule	LogRhythm MPE Spooled Logs Requeing Error	Error
LogRhythm Mediator Event 2034	Sub Rule	LogRhythm Mediator Message Source Load Failure	Error
LogRhythm MPE Event 2025	Sub Rule	LogRhythm MPE Error Writing To Event Suspense Log	Critical
LogRhythm MPE Event 4001	Sub Rule	LogRhythm MPE Stats Initialization Error	Critical
LogRhythm MPE Event 1003	Sub Rule	LogRhythm MPE Startup Failure	Critical
LogRhythm MPE Event 2013	Sub Rule	LogRhythm MPE Max Event Spool Buffer Reached	Critical
LogRhythm ARM Event 3011	Sub Rule	LogRhythm ARM NfnEng Notify By Role Error	Error
LogRhythm ARM Event 3010	Sub Rule	LogRhythm ARM NfnEng Batch Lost On Shutdown	Error
LogRhythm ARM Event 2002	Sub Rule	LogRhythm ARM Notification Process Suspend	Warning
LogRhythm ARM Event 2001	Sub Rule	LogRhythm ARM Main Process Reconnect	Warning
LogRhythm ARM Event 3009	Sub Rule	LogRhythm ARM NfnEng Batch Processing Failure	Error
LogRhythm ARM Event 3007	Sub Rule	LogRhythm ARM NfnEng Tertiary SMTP Failure	Error
LogRhythm ARM Event 2006	Sub Rule	LogRhythm ARM Event Processing Failure	Error
LogRhythm ARM Event 3004	Sub Rule	LogRhythm ARM NfnEng Unexpected SMTP Failure	Error
LogRhythm ARM Event 1004	Sub Rule	LogRhythm ARM Shutdown Failure	Error
LogRhythm ARM Event 3001	Sub Rule	LogRhythm ARM NfnEng Shutdown Failure	Error
LogRhythm ARM Event 3003	Sub Rule	LogRhythm ARM NfnEng Notification Log Failure	Error
LogRhythm ARM Event 3005	Sub Rule	LogRhythm ARM NfnEng Primary SMTP Failure	Error
LogRhythm ARM Event 3006	Sub Rule	LogRhythm ARM NfnEng Secondary SMTP Failure	Error
LogRhythm ARM Event 2008	Sub Rule	LogRhythm ARM Alarm Queue Full	Warning
LogRhythm ARM Event 2005	Sub Rule	LogRhythm ARM Event Query Failure	Error
LogRhythm ARM Event 3008	Sub Rule	LogRhythm ARM NfnEng Batch Processing Error	Error
LogRhythm ARM Event 2009	Sub Rule	LogRhythm ARM Alarm Processing Failure	Error
LogRhythm ARM Event 2004	Sub Rule	LogRhythm ARM Maintenance Failure	Error
LogRhythm ARM Event 2012	Sub Rule	LogRhythm ARM Initializing Global Networks Failure	Critical
LogRhythm ARM Event 2007	Sub Rule	LogRhythm ARM Rule Initialization Failure	Critical
LogRhythm ARM Event 2014	Sub Rule	LogRhythm ARM Connection Failure On Startup	Critical
LogRhythm ARM Event 1003	Sub Rule	LogRhythm ARM Startup Failure	Critical
LogRhythm ARM Event 2010	Sub Rule	LogRhythm ARM All Alarms Processed	Information
LogRhythm ARM Event 2011	Sub Rule	LogRhythm ARM Last Event ID Processed	Information
LogRhythm ARM Event 1006	Sub Rule	LogRhythm ARM Shutdown Initiated	Information
LogRhythm ARM Event 1005	Sub Rule	LogRhythm ARM Startup Initiated	Information
LogRhythm ARM Event 1002	Sub Rule	LogRhythm ARM Shutdown Successfully	Information
LogRhythm ARM Event 3002	Sub Rule	LogRhythm ARM NfnEng Shutdown Successfully	Information
LogRhythm ARM Event 2003	Sub Rule	LogRhythm ARM Notification Process Resume	Information
LogRhythm ARM Event 1001	Sub Rule	LogRhythm ARM Started Successfully	Information

Mapping with LogRhythm Schema

Device Key in Log Message	LogRhythm Schema	Data Type
N/A	<sip>	Number/IPAddress
EventID Qualifiers	<vmid>	Number
N/A	<sport>	Number
N/A	<object>	Text/String
Computer	<dname>	Text/String
N/A	<objectname>	Number/Text/String
N/A	<rate>	Number
N/A	<tag1>	Text/String
N/A	<tag2>	Text/String
N/A	<tag3>	Text/String