Skip to main content
Skip table of contents

SYSMON Events

Vendor Documentation

https://www.arubanetworks.com/techdocs/AOS-CX/10.07/HTML/5200-8214/Content/fir-int.htm

https://www.arubanetworks.com/techdocs/AOS-CX/10.07/PDF/5200-8214.pdf

Classification

Rule Name

Rule Type

Common Event

Classification

SYSMON Events

Base Rule

General Sysmon Log Information

Information

Mapping with LogRhythm Schema

Device Key in Log Message

LogRhythm Schema

Data Type

Schema Description

Event ID

<vmid>

Number

Event ID 6301, 6302, 6303, 6304 6305, 6306, 6307

Severity

<severity>

Text/String

For All: Information
For 6305: Error
For 6302, 6304, 6306, 6307: Warning

Message

<subject>

Text/String

Event ID 6301:
System resource utilization poll change event

<subject>

Text/String

Event ID 6302:
Warns a user when system memory usage read failed

<subject>

Text/String

Event ID 6303:
Reports current system memory usage in percentage

<subject>

Text/String

Event ID 6304:
Warns a user when the storage utilization has exceeded the warning limit.

<subject>

Text/String

Event ID 6305:
Raises high storage utilization alert when the utilization crosses higher utilization limit.

<subject>

Text/String

Event ID 6306:
Warns user when excessive write to the storage observed

<subject>

Text/String

Event ID 6307:
Warns user when excessive write to the swap observed.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close