This section details the log fields available in this log message type, along with values parsed for both LogRhythm Default and LogRhythm Default v2.0 policies. A value of "N/A" (not applicable) means that there is no value parsed for a specified log field.
| Log Field | LogRhythm Default | LogRhythm Default v2.0 |
|---|
| N/A | <severity> | <dname> |
| N/A | <tag1> | <subject> |
| N/A | <object> | <object> |
| N/A | <objectname> | <tag1> |
| N/A | <amount> | N/A |
| N/A | <process> | N/A |
This section details log processing changes made from the LogRhythm Default policy to LogRhythm Default v2.0. In some cases, base rules are broken down into sub-rules to appropriately parse log message types by their event types.
| Regex ID | Rule Name | Rule Type | Common Events | Classifications |
|---|
1001596
| Miscellaneous Messages | Base Rule | General Information | Information |
| Auto-Protect Failed To Load | Sub Rule | Access Object Failure | Access Failure |
| Process Cannot Lock Process Status Table | Sub Rule | Lock Notice | Information |
| Computer Has Been Moved | Sub Rule | Device Might Have Been Removed | Information |
| LiveUpdate Succeeded | Sub Rule | Update Complete | Information |
| LiveUpdate Started | Sub Rule | Update Running | Information |
| Update Successful | Sub Rule | Update Complete | Information |
| Organization Importing Finished Successfully | Sub Rule | Import Process Complete | Information |
| Organization Importing Started | Sub Rule | Process/Service Started | Startup and Shutdown |
| Database Maintenance Started | Sub Rule | Process/Service Started | Startup and Shutdown |
| Database Maintenance Finished | Sub Rule | Database Maintenance | Information |
| One Or More Problems With Entries In LDAP | Sub Rule | LDAP Error | Error |
| Object Is Up-To-Date | Sub Rule | Updater Message | Information |
| Risk Events Compressed | Sub Rule | General Event Log Information | Information |
| Regex ID | Rule Name | Rule Type | Common Events | Classifications |
|---|
| 1011182 | V 2.0 : SEP Update Information | Base Rule | Update Server Information | Information |
| V 2.0 : SEPM Component No Updates Found | Sub Rule | Update Not Needed | Information |
| V 2.0 : SEPM Component Unable To Update | Sub Rule | Update Failed | Error |
| V 2.0 : SEPM Component Update Successful | Sub Rule | Update Successful | Information |
| V 2.0 : SEPM Component Up To Date | Sub Rule | Update Not Needed | Information |
| V 2.0 : SEPM Component Update Failed | Sub Rule | Update Failed | Error |
