Classification

Rule Name

Rule Type

Common Event

Classification

EVID 4609 : COM+ Event System Bad Return CodeBase RuleGeneral COM+ WarningWarning

Sample Logs

<Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'><System><Provider Name='Microsoft-Windows-EventSystem' Guid='{899daace-4868-4295-afcd-9eb8fb497561}' EventSourceName='EventSystem'/><EventID Qualifiers='32768'>4609</EventID><Version>0</Version><Level>Warning</Level><Task>Event Service</Task><Opcode></Opcode><Keywords>Classic</Keywords><TimeCreated SystemTime='2016-10-21T14:39:07.000000000Z'/><EventRecordID>1919714</EventRecordID><Correlation/><Execution ProcessID='0' ThreadID='_sid'/><Channel>Application</Channel><Computer>_destinationHostname</Computer><Security/></System><EventData><Data Name='param1'>d:\w7rtm\com\complus\src\events\tier2\security.cpp</Data><Data Name='param2'>75</Data><Data Name='param3'>800706e5</Data></EventData></Event>

Mapping with LogRhythm Schema  

Device Key in Log Message

Log Value

LogRhythm Schema

Data Type

Provider nameMicrosoft-Windows-EventSystem<vendorinfo>Text/String
Eventid4609<vmid>Number
LevelWarning<severity>Text/String
Computer_destinationHostname<dname>Text/String
processid0<processid>Number
threadid_sid<session>Number/String
param1d:\w7rtm\com\complus\src\events\tier2\security.cpp<object>Text/String
param275<objectname>Number/string
param3800706e5<subject>Text/String