Storage Adapter Messages (Part 1)
Vendor Documentation
Log Fields and Parsing
This section details the log fields available in this log message type, along with values parsed for both LogRhythm Default and LogRhythm Default v2.0 policies. A value of "N/A" (not applicable) means that there is no value parsed for a specified log field.
Log Field | LogRhythm Default | LogRhythm Default v2.0 |
|---|---|---|
| Provider | <process> | <tag2> |
| EventID Qualifiers | <vmid> | <vmid> |
| Version | N/A | N/A |
| Level | <severity> | <severity> |
| Task | N/A | <vendorinfo> |
| Opcode | N/A | N/A |
| Keywords | N/A | <result> |
| TimeCreated | N/A | N/A |
| EventRecordID | N/A | N/A |
| Correlation | N/A | N/A |
| Execution | N/A | N/A |
| Channel | N/A | N/A |
| Computer | <dname> | <dname> |
| Security | N/A | N/A |
| Data | N/A | <domainimpacted>, <account> |
| Data | N/A | N/A |
| MiniportNameLen | N/A | <size> |
| MiniportName | N/A | <object> |
| Data | <object> | N/A |
| Data | N/A | <object> |
| Binary | N/A | N/A |
| RenderingInfo | N/A | N/A |
| Message | N/A | <subject> |
Log Processing Settings
This section details log processing changes made from the LogRhythm Default policy to LogRhythm Default v2.0. In some cases, base rules are broken down into sub-rules to appropriately parse log message types by their event types.
LogRhythm Default
Regex ID | Rule Name | Rule Type | Common Event | Classification |
|---|---|---|---|---|
| 1008167 | Storage Adapter Messages | Base Rule | ISCSI Information | Information |
| EVID 1: iSCSI Initator Failed To Connect | Sub Rule | General iSCSI Error | Error | |
| EVID 5: iSCSI Portal Initiation Failed | Sub Rule | General iSCSI Error | Error | |
| EVID 70: iSCSI Logon Request Error | Sub Rule | General iSCSI Error | Error | |
| EVID 20: iSCSI Connection To Target Lost | Sub Rule | General iSCSI Error | Error | |
| EVID 34: iSCSI Successfully Reconnected | Sub Rule | ISCSI Information | Information | |
| EVID 39: iSCSI Target Reset Request Sent | Sub Rule | General iSCSI Error | Error | |
| EVID 49: iSCSI Target Failed To Respond To Task | Sub Rule | General iSCSI Error | Error | |
| EVID 67: iSCSI Digest Support Possible | Sub Rule | ISCSI Information | Information | |
| EVID 7: Initiator Could Not Send iSCSI PDU | Sub Rule | General iSCSI Error | Error | |
| EVID 71: iSCSI Session Recovery Not Started | Sub Rule | ISCSI Information | Information | |
| EVID 129: iSCSI Device Reset Issued | Sub Rule | ISCSI Information | Information | |
| EVID 10: iSCSI Login Request Failed | Sub Rule | General iSCSI Error | Error | |
| EVID 129: LSI_SAS Device Reset Issued | Sub Rule | General Disk Information | Information | |
| EVID 113: iSCSI Discovery Failed | Sub Rule | General Disk Warning | Warning |
LogRhythm Default v2.0
Regex ID | Rule Name | Rule Type | Common Event | Classification |
|---|---|---|---|---|
| 1012692 | V 2.0 : EVID 10: General Log Message | Base Rule | General Information Log Message | Information |
| V 2.0 : EVID 10: Bnistack Loaded | Sub Rule | General Information Log Message | Information | |
| V 2.0 : EVID 10: IscsiPrt:Login Request Failed | Sub Rule | Other Audit Failure Message | Error | |
| V 2.0 : EVID 10: Hyper-V-Netvsc:Miniport NIC Pause | Sub Rule | General Information Log Message | Information | |
| V 2.0 : EVID 10: Rpm:Connection Suspended | Sub Rule | Session Closed | Other Audit Success |