Creating an Alert Profile


 

An alert is triggered whenever an event matching a specific criteria is generated. An alert profile lets you define such specific criteria, and also notify you by email, when the corresponding alert is triggered.

Creating a New Alert Profile

Click the New Alert Profile link to create a new alert profile. You can find this link on the sub tab below the main tabs, or in the Alerts box present on the left side navigation in the Alerts tab.

  1. Provide an Alert Profile Name
  2. Choose the Criticality. Criticality can be High, Medium, or Low. This is a value that you set for the alert, for your reference.
  3. In the Select Host/Group section, you can select multiple hosts or groups of hosts from the list, if you want to create an alert profile for multiple hosts or a groups of hosts. This includes both default, and user-created host groups.

  4. attention

    Alerts will not work for those listed hosts from which logs have been imported. You need to Add the host to EventLog Analyzer for alerts to work.


  5. In the Define Criteria section you will find three tabs with radio buttons to choose the type of alert.
  6. Choose Predefined Alert tab, if you want to set alert criteria based on predefined alerts.
Field Description
Predefined Alert Select the event description for which the alert has to be triggered. It is easier to identify an event by its description, which indicates what could be the reason the event was generated.
Severity / Event ID Depending on the type of predefined alert selected, this field displays either the event severity or the event ID.
Log Type The log type for the selected pre-defined alert is displayed.

Message

If you want the alert to be triggered when an event with a specific event log message is generated, type the log message here.

Number of occurrences Enter the number of times the event has to be generated before triggering this alert.
Occurring within Enter the time interval between events, in minutes, after which this alert should be triggered.
  1. Choose Compliance Alert tab, if you want to set alert criteria based on compliance violation. Compliance alerts are available only for logs received from Windows hosts.You can choose to be notified of PCI, FISMA, HIPAA, GLBA, and SOX compliance violation by selecting the corresponding checkbox. Alerts will be triggered, for each of these compliance violations like Failed Logon Attempts, Policy Changes, Account Changes, and Audit Logs Cleared, based on the below mentioned criteria.
Field Description
Log Type Edit the log type for which the alert has to be triggered from the types listed in the combo box.
Severity / Event ID Depending on the type of Compliance alert selected, this field displays the appropriate event IDs.

Log message contains

If you want the alert to be triggered when an event with a specific event log message is generated, type the log message here.

Except If you want that the alert should not be triggered when an event with a specific event log message is generated, type the log message here.
Number of occurrences Edit the number of times the event has to be generated before triggering this alert.
Occurring within Edit the time interval between events, in minutes, after which this alert should be triggered.

 

 

  1. Choose Custom Alert tab, if you want to set alert criteria based on syslog log type.
Field Description
Log Type Select the log type of the event for which the alert has to be triggered. The log types that are listed depend on the platform of the host or host group selected. Click on More to add additional log type, you can add a maximum of 5 Log Type. Click on Remove to remove the log type.
Severity Select the severity of the event for which the alert has to be triggered. Click on More to add additional severity, you can add a maximum of 5 severities. Click on Remove to remove the severity.

Log Message Contains

If you want the alert to be triggered when an event with a specific event log message is generated, type the log message here. Use comma ',' to separate multiple log message texts.

Except

If you do not want the alert to be triggered when an event with a specific event log message is generated, type the log message here. Use comma ',' to separate multiple log message texts.

Event Source If you want that alert should be generated for events received from specific host sources, mention the same in this text box. The alert will be generated for events received from the host(s) you have entered.
User If you want that alert should be generated for events received for a specific user, enter the user names in this text box. The alert will be generated for events received for the user(s) you have entered. This field is effective only for Security (Important) events.
Number of occurrences Enter the number of times the event has to be generated before triggering this alert.
Occurring within Enter the time interval between events, in minutes, after which this alert should be triggered.

Field Description
Log Type Select the log type of the event for which the alert has to be triggered. The log types that are listed depend on the platform of the hosts or host groups selected.
Event ID If you want the alert to be triggered for a particular Event ID, mention the Event ID here. Use comma ' , ' to separate multiple event id's. You can also specify range of event id's.

Log Message Contains

If you want the alert to be triggered when an event with a specific event log message is generated, type the log message here. Use comma ',' to separate multiple log message texts.

Except

If you do not want the alert to be triggered when an event with a specific event log message is generated, type the log message here. Use comma ',' to separate multiple log message texts.

Event Source If you want that alert should be generated for events received from specific host sources, mention the same in this text box. The alert will be generated for events received from the host(s) you have entered.
User If you want that alert should be generated for events received for a specific user, enter the user names in this text box. The alert will be generated for events received for the user(s) you have entered. This field is effective only for Security (Important) events.
Number of occurrences Enter the number of times the event has to be generated before triggering this alert.
Occurring within Enter the time interval between events, in minutes, after which this alert should be triggered.

 

  1. In the Notify by: section, you will find three tabs to choose the notification mechanism.
  2. Choose the E-mail tab to receive an e-mail every time an alert matching this alert profile is triggered. Fill in the recipient e-mail address in the To box. Emails can be sent to more than one email address by separating the email addresses using a comma ' , '. Enter the subject of alert in the Subject text box. You can select the following arguments from the Select Arguments combo box.

You can concatenate the arguments with your own text as subject of alert notification. Enter the text of alert notification in the Add Notes text box. You can enter up to 250 characters.

 

note

You will have to configure the Mail Server Settings in EventLog Analyzer before sending e-mails from the server.

  1. Choose the Run Program tab to execute custom scripts when an alert is generated. Specify the location of the script in the Location field or click the Browse button to get the location of the script/program. Select the parameters to be passed as arguments to the script in the Arguments field. The following details from the log can be passed as arguments to the script by clicking the appropriate option under Select Arguments. Apart from this, you can also specify other arguments as required.

Notify Alerts using SNMP

 

You can notify the alerts by SNMP Traps by running a program sendtrap.bat available in <EventLog Analyzer Home>/tools directory. You have to configure the SNMP host and if required SNMP trap port in the batch file.

  1. Choose the SMS tab to receive an SMS in your mobile phone, every time an alert matching this alert profile is triggered. Fill in the recipient mobile phone number in the Mobile Number text box. Enter the SMS message of alert in the Message text box. You can select the following arguments from the Select Arguments combo box.

You can concatenate the arguments with your own text as SMS message of alert notification. You can enter up to 250 characters.

  1. Finally click Add Alert Profile to save and activate this alert profile. Click Cancel to return to the previous page.
Copyright © 2012, ZOHO Corp. All Rights Reserved.
ManageEngine