Submit a ticketCall us

Get a crash course on Network Monitoring delivered right to your inbox
This free 7-day email course provides a primer to the philosophy, theory, and fundamental concepts involved in IT monitoring. Lessons will explain not only how to perform various monitoring tasks, but why and when you should use them. Sign up now.

Home > Success Center > Log & Event Manager (LEM) > SolarWinds LEM 6.3 User Guide > Advanced LEM configurations > Using the Actions box

Using the Actions box

Created by Caroline Juszczak, last modified by Caroline Juszczak on Aug 22, 2016

Views: 33 Votes: 0 Revisions: 4

In Rule Creation, the Actions box defines which action response the manager executes when the correlation events specified by the rule occurs. You can assign more than one action to a rule. For example, you can shut down an agent and then notify your system administrator of the event through email.

The Actions box fields indicate where the action is performed, what the action does, and who receives the action. For example, if you want a rule to disable a user, you can select Disable Domain User Account. To apply the action, specify which account you want to disable and where you want to disable it (that is, which agent).

Using constants and fields to make actions flexible

When configuring an action, you can assign constants that define fixed parameters for a rule or alert fields from the alerts in the Correlations box. Fields determine the rule parameters when some degree of flexibility is required. Constants and fields are useful, but fields provide actions with a great deal of flexibility.

For example, if you have two network users named Bob and Jane, you can disable Bob???s user account and assign a constant to the rule that explicitly represents Bob???s account. However, this limits the rule to Bob's account.

If you assign a field to the rule, the rule can be interpreted as follows: When user activity meets the conditions in the Correlations box to prompt the Disable Domain User Account action, use the UserDisable.SourceAccount field in the alert to determine which user account to disable.

If Bob triggered the rule, the manager disables Bob???s account. But if Jane also triggers the rule, the manager can disable her account as well.

Configuring actions for a rule

  1. In the list pane, click the Actions list.
  2. Select and drag an action to the Actions box.


    The top left of the Actions box shows the name the action that will execute. In most cases, the Actions form prompts you for specific parameters about the computer, IP address, port, alert, user, and so on that receives the action.

  3. Use the list pane to assign the appropriate alert field or constant to each parameter.
    1. In the Events or Event Groups lists, select and drag an alert field to the appropriate parameter box in the Actions form.
    2. (Optional) Select and drag a constant from the Constants lists to the parameter box in the Actions form. Typically, you will select a text constant.

    3. Double-click the parameter box to edit the constant.
  4. Click Save to save your changes.
Last modified
13:00, 22 Aug 2016