Editing an Alert Profile


 

From Alert Profile Details page click the edit alert icon to edit an already existing alert profile. Edit Alert Profile page lets you edit an already created alert profile.

Editing an Alert Profile

  1. Edit the Criticality. Criticality can be High, Medium, or Low. This is a value that you set for the alert, for your reference.
  2. In the Select Host/Group section, you can select multiple hosts or groups of hosts from the list, if you want to edit an alert profile for multiple hosts or a groups of hosts. This includes both default, and user-created host groups.

  3. attention

    Alerts will not work for those listed hosts from which logs have been imported. You need to Add the host to EventLog Analyzer for alerts to work.


  4. In the Modify Criteria section you will find the details to edit, depending upon the type of alert.
  5. If it is a Predefined Alert profile, edit alert criteria of predefined alerts.
Field Description
Log Type The log type for the selected pre-defined alert is displayed.
Severity / Event ID Depending on the type of predefined alert selected, this field displays either the event severity or the event ID.

Log message contains

If you want the alert to be triggered when an event with a specific event log message is generated, type the log message here.

Except If you want that the alert should not be triggered when an event with a specific event log message is generated, type the log message here.
Number of occurrences Edit the number of times the event has to be generated before triggering this alert.
Occurring within Edit the time interval between events, in minutes, after which this alert should be triggered.
  1. If it is Compliance Alert profile,editalert criteria of compliance violation. Compliance alerts are available for logs received from Windows host only. You can choose to be notified of HIPAA, GLBA, SOX, and PCI compliance violation by selecting the corresponding checkbox. Alerts will be triggered, for each of these compliance violations like Failed Logon Attempts, Policy Changes, Account Changes, and Audit Logs Cleared, based on the below mentioned criteria.
Field Description
Log Type Edit the log type for which the alert has to be triggered from the types listed in the combo box.
Severity / Event ID Depending on the type of Compliance alert selected, this field displays the appropriate event IDs.

Log message contains

If you want the alert to be triggered when an event with a specific event log message is generated, type the log message here.

Except If you want that the alert should not be triggered when an event with a specific event log message is generated, type the log message here.
Number of occurrences Edit the number of times the event has to be generated before triggering this alert.
Occurring within Edit the time interval between events, in minutes, after which this alert should be triggered.

 

  1. If it is a Custom Alert profile,editalert criteria of syslog log type.
Field Description
Log Type Edit the log type of the event for which the alert has to be triggered. The log types that are listed depend on the platform of the host or host group selected. Click on More to add additional log type, you can add a maximum of 5 Log Type. Click on Remove to remove the log type.
Severity Edit the severity of the event for which the alert has to be triggered. Click on More to add additional severity, you can add a maximum of 5 severities. Click on Remove to remove the severity.

Log Message Contains

If you want the alert to be triggered when an event with a specific event log message is generated, type the log message here. Use comma ',' to separate multiple log message texts.

Except

If you do not want the alert to be triggered when an event with a specific event log message is generated, type the log message here. Use comma ',' to separate multiple log message texts.

Number of occurrences Edit the number of times the event has to be generated before triggering this alert.
Occurring within Edit the time interval between events, in minutes, after which this alert should be triggered.

Field Description
Log Type Edit the log type of the event for which the alert has to be triggered. The log types that are listed depend on the platform of the hosts or host groups selected.
Event ID If you want the alert to be triggered for a particular Event ID, mention the Event ID here. Use comma ' , ' to separate multiple event id's. You can also specify range of event id's.

Log Message Contains

If you want the alert to be triggered when an event with a specific event log message is generated, type the log message here. Use comma ',' to separate multiple log message texts.

Except

If you do not want the alert to be triggered when an event with a specific event log message is generated, type the log message here. Use comma ',' to separate multiple log message texts.

Number of occurrences Edit the number of times the event has to be generated before triggering this alert.
Occurring within Edit the time interval between events, in minutes, after which this alert should be triggered.

 

  1. In the Notify by: section, you will find three tabs to choose the notification mechanism.
  2. Select the E-mail tab to edit it is selected to receive an e-mail every time an alert matching this alert profile is triggered. Editthe recipient e-mail address in the To box. Emails can be sent to more than one email address by separating the email addresses using a comma ' , '. Editthe subject of alert in the Subject text box. You can select the following arguments from the Select Arguments combo box.

You can concatenate the arguments with your own text as subject of alert notification. Editthe text of alert notification in the Add Notes text box. You can enter up to 250 characters.

 

note

You will have to configure the Mail Server Settings in EventLog Analyzer before sending e-mails from the server.

  1. Select the Run Program tab to edit if it is selected to execute custom scripts when an alert is generated.Editthe location of the script in the Location field or click the Browse button to get the location of the script/program.Editthe parameters to be passed as arguments to the script in the Arguments field. The following details from the log can be passed as arguments to the script by clicking the appropriate option under Select Arguments. Apart from this, you can also specify other arguments as required.
  2. Select the SMS tab to edit if it is selected to receive an SMS in your mobile phone, every time an alert matching this alert profile is triggered.Editin the recipient mobile phone number in the Mobile Number text box. Enter the SMS message of alert in the Message text box. You can select the following arguments from the Select Arguments combo box.

You can concatenate the arguments with your own text as SMS message of alert notification. You can enter up to 250 characters.

  1. Finally click Save Alert Profile to save the edited alert profile. Click Cancel to return to the previous page.
Copyright © 2012, ZOHO Corp. All Rights Reserved.
ManageEngine