Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?


Custom Rules Notifications for JSA Appliances


CRE Failed to Read Rules

38750107 - The last attempt to read in rules (usually due to a rule change) has failed. Please see the message details and error log for information on how to resolve this.


The custom rules engine (CRE) on an event processor is unable to read a rule to correlate an incoming event. The notification might contain one of the following messages:

  • If the CRE was unable to read a single rule, in most cases, a recent rule change is the cause. The payload of the notification message displays the rule or rule of the rule chain that is responsible.

  • In rare circumstances, data corruption can cause a complete failure of the rule set. An application error is displayed and the rule editor interface might become unresponsive or generate more errors.

User Response

For a single rule read error, review the following options:

  • To locate the rule that is causing the notification, temporarily disable the rule.

  • Edit the rule to revert any recent changes.

  • Delete and re-create the rule that is causing the error.

For application errors where the CRE failed to read rules, contact Juniper Customer Support.

Cyclic Custom Rule Dependency Chain Detected

38750131 - Found custom rules cyclic dependency chain.


A single rule referred to itself directly or to itself through a series of other rules or building blocks. The error occurs when you deploy a full configuration. The rule set is not loaded.

User Response

Edit the rules that created the cyclic dependency. The rule chain must be broken to prevent a recurring system notification. After the rule chain is corrected, a save automatically reloads the rules and resolves the issue.

Expensive Custom Properties Found

38750138 - Performance degradation was detected in the event pipeline. Expensive custom properties were found.


During normal processing, custom event and custom flow properties that are marked as optimized are extracted in the pipeline during processing. The values are used in the custom rules engine (CRE) and search indexes.

Regex statements, which are improperly formed regular expressions, can cause events to be incorrectly routed directly to storage.

User Response

Select one of the following options:

  • Disable any custom property that was recently installed.

  • Review the payload of the notification. If possible, improve the regex statements that are associated with the custom property.

    For example, the following payload reports the regex pattern:

  • Modify the custom property definition to narrow the scope of categories that the property tries to match.

  • Specify a single event name in the custom property definition to prevent unnecessary attempts to parse the event.

  • Order your log source parsers from the log sources with the most sent events to the least and disable unused parsers.