SYSMON Events

https://www.arubanetworks.com/techdocs/AOS-CX/10.07/HTML/5200-8214/Content/fir-int.htm

https://www.arubanetworks.com/techdocs/AOS-CX/10.07/PDF/5200-8214.pdf

SYSMON Events

Base Rule

General Sysmon Log Information

Information

Device Key in Log Message

LogRhythm Schema

Data Type

Schema Description

Event ID

<vmid>

Number

Event ID 6301, 6302, 6303, 6304 6305, 6306, 6307

Severity

<severity>

Text/String

For All: Information
For 6305: Error
For 6302, 6304, 6306, 6307: Warning

Message

<subject>

Text/String

Event ID 6301:
System resource utilization poll change event

<subject>

Text/String

Event ID 6302:
Warns a user when system memory usage read failed

<subject>

Text/String

Event ID 6303:
Reports current system memory usage in percentage

<subject>

Text/String

Event ID 6304:
Warns a user when the storage utilization has exceeded the warning limit.

<subject>

Text/String

Event ID 6305:
Raises high storage utilization alert when the utilization crosses higher utilization limit.

<subject>

Text/String

Event ID 6306:
Warns user when excessive write to the storage observed

<subject>

Text/String

Event ID 6307:
Warns user when excessive write to the swap observed.