Operations Classifications | LogRhythm Documentation

The following tables provide Operations classification information. This table lists descriptions and examples.

Classification	Description	Examples Of
Critical	Logs reporting critical conditions.	Power supply failure Unrecoverable error CPU overheating
Error	Logs reporting error conditions.	Socket Initialization Failure Certificate validation packet received with error HTTP – 64 Server Error Failed Connection Attempt
Warning	Logs reporting warnings.	Notification Limit Exceeded Wireless Device Decreasing RX/TX Power
Information	Logs reporting general information.	Configuration File Loaded Interface status OK HTTP – 200 Success Response
Network Allow	Logs reporting on network activity that was allowed per a device policy.	Allowed Connection Allowed Protocol Allowed Packet
Network Deny	Logs reporting on network activity that was not allowed per a device policy.	Denied Connection Denied/ Protocol Denied/dropped Packet
Network Traffic	Logs reporting on network traffic activity such as flows, connections, and usage statistics	Network Flow Logs Network Accounting Logs Packet Logs
Other Operations	Logs reporting on operations activity not otherwise classifiable

Operation Classification Defaults

This table gives defaults for Risk Rating (RR), Event Forwarding, and LogMart Forwarding.

Classification	Default Risk Rating *	Default Event Forwarding **	Default LogMart Forwarding
Critical	9	Yes	Yes
Error	7	Yes	Yes
Warning	5	Yes	Yes
Information	0	No	No
Network Allow	0	No	No
Network Deny	1	No	No
Network Traffic	0	No	No
Other Operations	0	No	No

*This is the usual Risk Rating assigned to a Common Event associated with this classification. However, Risk Ratings varies by Common Event within the same classification. This value is a general default, not strictly enforced.

**This is the default setting for forwarding the log to the Platform Manager assigned to a Common Event associated with this classification.