Skip to main content
Skip table of contents

Status [7.2]

The vendor's perspective on the state of a system, process, or entity. Status should not be used as the result of an action. 

This field is not available in LogRhythm versions earlier than 7.2.1.

Data Type

String

Aliases

UseAlias

Client Console Full Name

Status

Client Console Short Name

Status

Web Console Tab/Name

Status

Elasticsearch Field Name

status

Rule Builder Column Name

Status

Regex Pattern

<status>

NetMon Name

Not applicable

Field Relationships

  • ResponseCode
  • Action
  • Command
  • Process
  • Result
  • Policy

Common Applications

  • Inventory trackers
  • SNMP analysis
  • Heartbeat detection

Use Case

  • IT operations
  • Deployment monitors

MPE/Data Masking Manipulations

Not applicable.

Usage Standards

Status should refer to the state, not the result of an action. 

Examples

Correct Examples

  • Elastic search – red/yellow/green
  • Raid array – drive up/down
  • Service monitoring – email server up/down

Incorrect Examples

  • Cisco Secure ACS

06 06 2013 09:12:45 1.1.1.1 <LOC6:NOTE> Jun  6 09:12:45 USABLDRRECFLOW01 CSCOacs_TACACS_Accounting 0000817989 2 1  AuditSessionId=firemon:1.1.1.1:tty1:1.1.1.1, Response={Type=Accounting; AcctReply-Status=Success; }

Accounting Status was Success, but this is a Result, not a Status.

  • Tectia SSH Server

84479804 | 8/7/2013 4:00:23 AM | None | N/A | USABLDRRECFLOW01 | Information | 0 | SSH Tectia Server | 709 Publickey_auth_warning, Username: MET_INTNET\SSHVRZCOMM, Algorithm: publickey, "Unknown key type for `d:\transops\crit\sshusers\SSHBBQCOM\.ssh2\id_rsa_pub' (status: Key type given not recognized).", Session-Id: 28172

Key value pair showing the status of the public key, but this should be a Reason not a Status.

  • Windows Event Log

<Event xmlns='http://Host1/win/2004/08/events/event'><System><Provider Name='SQLSERVERAGENT'/><EventID Qualifiers='16384'>208</EventID><Level>Warning</Level><Task>Job Engine</Task><Keywords>Classic</Keywords><TimeCreated SystemTime='2015-07-23T18:20:39.000000000Z'/><EventRecordID>2042567</EventRecordID><Channel>Application</Channel><Computer> USABLDRRECFLOW01</Computer><Security/></System><EventData>SQL Server Scheduled Job 'LogRhythm Sunday Maintenance' (0x7A222222222E72222F538A9DE038D2F3) - Status: Failed - Invoked on: 2015-07-23 12:20:38 - Message: The job failed.  The Job was invoked by User sa.  The last step to run was step 29 (LogRhythm Job Step Validation).  The job was requested to start at step 29 (LogRhythm Job Step Validation).</EventData></Event>

Showing a failed status for maintenance job. That is a Result, not a Status.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close