Home » Event Alerts » Add Alert Profile

How to Create Alert Profile


To create an alert profile, use any one of the following menu options:

  • Alerts> Alerts Profiles > +
  • Settings tab > Alerts > Add
  • +Add > Alert

Follow the given procedure to create an alert profile.

Create alert profile

 

  1. Enter a unique name for the alert profile

  2. Assign criticality for the alerts generated using this profile. The options available are High, Medium, and Low

  3. To generate the alert, select the specific host(s) and/or host groups(s)

  4. Defining Alert Critieria

    An alert criteria can be defined with a set of

    Predefined Alerts - sets up the alerts quickly based on already defined criteria

    Compliance Alerts - provides you with pre-defined compliance specific alert conditions that can be used to generate alerts.

    Custom Alerts - allows you to customize your own alert conditions based on log message, type and more. This also allows you to generate alerts for imported logs

Pre-defined Alerts

Predefined alert criteria

    1. Select 'Predefined Alert' to define alert criteria

    2. Select an alert criteria from the set of predefined alert conditions.

    3. When a 'Predefined Alert' item is selected, the 'Severity'/ 'Event ID', 'Log Type', and 'Message' of the log are automatically populated and the fields are non-editable. Thus it helps in creating alert profiles in a jiffy.

    4. To qualify the alerts and to reduce event noise, specify the 'Number of Occurrences' and 'Occurring within' (a time range) fields.

      You can then specify the notification type for the alert profile

Compliance Alerts

Compliance alert criteria

    1. Select 'Compliance Alert' criteria to generate compliance specific alerts.

    2. This alert criteria allows you to trigger alerts for FISMA,PCI,HIPAA,SOX and GLBA Compliance types and can generate alerts for the events like Failed Logon Attempts, Policy changes, Account Changes and Audit Logs Cleared

    3. Specify the 'Number of Occurrences' and 'Occurring within' (time period) to reduce the event noise

You can then specify the notification type for the alert profile created.

Custom Alerts

For defining the alert criteria in Custom Alerts profile, you will have two options -  'Basic' and 'Advanced'

By default, Advanced options will be active. If you need to switch to the Basic options click on 'Back to Basic Options' link

'Advanced options' for defining alert criteria

Advanced option for alert

 

  • With 'Advanced options', you can define 'n' number of criteria and group them with  And/Or operations

  • To define the alert criteria,choose the attributes from the predefined list.

  • Specify the value for the attribute.Select the comparator and then provide the value for the attribute.

  • With simple drag and drop, you can group and ungroup the alert criteria

Generating Alerts for Imported Logs

With EventLog Analyzer's Advanced Custom Alert option, you can generate alerts for custom extracted fields for Oracle, MS SQL, Print Server, IIS and other imported application logs.

To generate alert for specific custom extracted field of imported log follow the below procedure,

Imported logs Alert

  1. Choose the 'LogType' and select the imported log for which you need to trigger alerts

  2. Add another field and specify the custom field and its value, upon occurrence of which the alert has to be triggered. EventLog Analyzer will automatically populate all the custom extracted fields for the selected log type and you choose the field of your choice from the list and then specify the value for the selected custom field.

    Note: To add multiple custom extracted fields, make use of '+' option

  1. Specify the value for 'Number of Occurrences' and 'Occuring within' fields to reduce the event alert noise

You can then specify the notification type for the alert profile created.

'Basic options' for defining alert criteria

Basic option for Cusomt alerts

  1. Specify the type of the log in the 'Log Type' field for which the alert is to be triggered. You can specify multiple log types using + option. In this case, alert will be triggered if the criteria matches for atleast any one of the log types.

    You can also specify the alert criteria based on severity and event ID. If you choose to trigger an alert for a particular type of severity, specify it in the 'Severity' field. As in the case of 'Log type', you can specify multiple severity using the + option.

Alternatively if you want to trigger an alert for particular Event IDs, then specify them in 'EventID' field. You can also use the EventID link, to choose the predefined messages and for which the event IDs will be automatically populated.

  1. Use the event filter criteria, to narrow down the alert conditions.

If you want to trigger an alert for the logs with particular message, then specify the message in the 'Log Message Contains' field. You can also exclude a part of this message,using the 'Except' field. Alerts will not be triggered for the logs containing the message specified in the 'Except' field.

If you want the alert to be triggered for a particular event source and user, then specify them in 'Event Source' and 'User' fields.

In the 'Exclude Event ID' field, specify the event IDs, which you want to exclude from alerting.

Alert Qualifiers

  • To further qualify the alert generation, you have 'Number of occurrences' and 'Occurring within' field.

  • Specify the alert qualifying fields

    • 'Number of occurrences' - number of times the defined alert criteria/events should occur, to trigger the alert

    • 'Occurring within' - time range within which the specified number of times the criteria/events should occur for triggering the alert.

You can then specify the notification type for your alert profile.

Alert Notification & Remediation

EventLog Analyzer provides you with two alert notification mechanisms

Further, you can also remediate the alert condition by running a script

Settings to notify alert by Email

Enter the details required for sending alert notification using email.

Email alert notification

  1. Enter the email address(es). Enter multiple email addresses separated by comma (,)

  2. Enter the subject line of the email notification. You can also append the alert argument(s) to the subject line. Select the arguments from the list

  3. You can add notes to the email notification. The maximum limit of notes is 250 characters. This will be appended to email notification content

Mail server configuration prompt

If mail server is not configured in EventLog Analyzer, you will be prompted to set it when Notify by Email option is selected

Settings to notify alert by SMS

Enter the details required for sending alert notification using SMS.

SMS alert notification

  1. Enter the mobile number to which the SMS notification to be sent

  2. Enter the message of the SMS notification. You can also append the alert argument(s) to the message. Select the arguments from the list

SMS server configuration prompt

If SMS setting is not configured in EventLog Analyzer, you will be prompted to set it when Notify by SMS option is selected

Settings to notify alert by Run Program

Enter the details required for running a script or program when the alert notification is triggered.

Run program on alert generation

  1. Enter the name of the script file with location in the EventLog Analyzer client machine. Alternatively, use the Browse button to select the script file

  2. Specify the alert argument(s) to be passed to the script. Select the arguments from the list. The listed arguments are, source of the log, host generating the log, and the criticality of the alert

After Defining Alert Criteria, specifying the notification method, click on the Add Alert Profile button to complete the alert profile creation. The created alert profile will be listed in the Alert Profile Details screen. Created profiles can be enabled, disabled, modified, or deleted from the list

 
Copyright © 2013, ZOHO Corp. All Rights Reserved.
ManageEngine