Basically, the Pattern being used for logfile parsing isn't quite right.  It gets fooled if the logEntry detail (i.e. the actual message) contains a severity match.

For example, if 'ERROR' is present in the detail the event system will ignore the actual severity and assign severity ERROR.  This can both upgrade or downgrade the severity. For example, if event source severity is set to FATAL an actual FATAL could get suppressed. If event source severity is set to ERROR it may expose an INFO.

In short, the problem is that we use a greedy match on the date portion. This needs to be reluctant such that the first severity in the logEntry is correctly matched.

This is a one character fix.

Easily reproducible:
1. Activate event source on RHQ server log
2. Set to ERROR level
3. On server go to the log directory and append a message to the log like:

echo `date "+%Y-%m-%d %H:%M:%S,000"` INFO Some detail with ERROR embedded in it.

This will generate an ERROR event but it's actually an INFO message.