Skip to main content
Skip table of contents

Status [7.2]

The vendor's perspective on the state of a system, process, or entity. Status should not be used as the result of an action. 

This field is not available in LogRhythm versions earlier than 7.2.1.

Data Type




Client Console Full Name


Client Console Short Name


Web Console Tab/Name


Elasticsearch Field Name


Rule Builder Column Name


Regex Pattern


NetMon Name

Not applicable

Field Relationships

  • ResponseCode
  • Action
  • Command
  • Process
  • Result
  • Policy

Common Applications

  • Inventory trackers
  • SNMP analysis
  • Heartbeat detection

Use Case

  • IT operations
  • Deployment monitors

MPE/Data Masking Manipulations

Not applicable.

Usage Standards

Status should refer to the state, not the result of an action. 


Correct Examples

  • Elastic search – red/yellow/green
  • Raid array – drive up/down
  • Service monitoring – email server up/down

Incorrect Examples

  • Cisco Secure ACS

06 06 2013 09:12:45 <LOC6:NOTE> Jun  6 09:12:45 USABLDRRECFLOW01 CSCOacs_TACACS_Accounting 0000817989 2 1  AuditSessionId=firemon:, Response={Type=Accounting; AcctReply-Status=Success; }

Accounting Status was Success, but this is a Result, not a Status.

  • Tectia SSH Server

84479804 | 8/7/2013 4:00:23 AM | None | N/A | USABLDRRECFLOW01 | Information | 0 | SSH Tectia Server | 709 Publickey_auth_warning, Username: MET_INTNET\SSHVRZCOMM, Algorithm: publickey, "Unknown key type for `d:\transops\crit\sshusers\SSHBBQCOM\.ssh2\id_rsa_pub' (status: Key type given not recognized).", Session-Id: 28172

Key value pair showing the status of the public key, but this should be a Reason not a Status.

  • Windows Event Log

<Event xmlns='http://Host1/win/2004/08/events/event'><System><Provider Name='SQLSERVERAGENT'/><EventID Qualifiers='16384'>208</EventID><Level>Warning</Level><Task>Job Engine</Task><Keywords>Classic</Keywords><TimeCreated SystemTime='2015-07-23T18:20:39.000000000Z'/><EventRecordID>2042567</EventRecordID><Channel>Application</Channel><Computer> USABLDRRECFLOW01</Computer><Security/></System><EventData>SQL Server Scheduled Job 'LogRhythm Sunday Maintenance' (0x7A222222222E72222F538A9DE038D2F3) - Status: Failed - Invoked on: 2015-07-23 12:20:38 - Message: The job failed.  The Job was invoked by User sa.  The last step to run was step 29 (LogRhythm Job Step Validation).  The job was requested to start at step 29 (LogRhythm Job Step Validation).</EventData></Event>

Showing a failed status for maintenance job. That is a Result, not a Status.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.