Adding Syslog Rules
Syslog is a client/server protocol that sends event notification
messages to the syslog receiver. These event notification messages
(usually called as syslog messages) help in identifying the authorized
and unauthorized activities like installing software, accessing files,
illegal logins etc. that take place in the network. In OpManager
Syslog rules helps in notifying you if some particular syslog messages
such as kernel messages, system daemons, user level messages etc. are
sent by the devices.
Apart from the pre-defined syslog rules you can also add any number of
syslog rules. Here are the
steps to add a syslog rule:
- Go to Admin-> Syslog Rules.
- Click on the Actions drop
down menu and select Add New Rule.
Add
Syslog Rules window opens.
- Enter a unique Rule Name.
- Enter a brief Description about
the rule.
- Select a Facility.
Facility refers to the application or the OS that generates the syslog
message. By default "Any" is selected.
- Select the required Severity.
- Enter the text that needs to be verified for matching. Note:
Regex is supported for this field.
- Select the Alarm Severity.
- Enter the Alarm Message.
- Click the Advanced
button to configure advanced (threshold)
rules. This is optional.
- Number of Occurrences:
Enter the count of the number of
consecutive times OpManager can receive syslog message from a device
before raising an alert.
- Time Interval (seconds):
Enter the time interval that should be
considered for calculating the number of occurrences.
To clear or rearm the event:
- Select the Facility Name.
- Select the Severity.
- Enter the Matching Text.
- Click Save.
- Click Save.
Copyright © 2012,
ZOHO Corp. All Rights Reserved.