Adding Syslog Rules

 

Syslog is a client/server protocol that sends event notification messages to the syslog receiver. These event notification messages (usually called as syslog messages) help in identifying the authorized and unauthorized activities like installing software, accessing files, illegal logins etc. that take place in the network. In OpManager Syslog rules helps in notifying you if some particular syslog messages such as kernel messages, system daemons, user level messages etc. are sent by the devices.

Apart from the pre-defined syslog rules you can also add any number of syslog rules. Here are the steps to add a syslog rule:
  1. Go to Admin-> Syslog Rules.
  2. Click on the Actions drop down menu and select Add New Rule. Add Syslog Rules window opens.
  3. Enter a unique Rule Name.
  4. Enter a brief Description about the rule.
  5. Select a Facility. Facility refers to the application or the OS that generates the syslog message. By default "Any" is selected.
  6. Select the required Severity.
  7. Enter the text that needs to be verified for matching. Note: Regex is supported for this field.
  8. Select the Alarm Severity.
  9. Enter the Alarm Message.
  10. Click the Advanced button to configure advanced (threshold) rules. This is optional.
    1. Number of Occurrences: Enter the count of the number of consecutive times OpManager can receive syslog message from a device before raising an alert.
    2. Time Interval (seconds): Enter the time interval that should be considered for calculating the number of occurrences.

      To clear or rearm the event:
    3. Select the Facility Name.
    4. Select the Severity.
    5. Enter the Matching Text.
    6. Click Save.
  11. Click Save.
Copyright © 2012, ZOHO Corp. All Rights Reserved.
Network Monitoring Software from ManageEngine