Submit a ticketCall us

Webinar: Web Help Desk for HR, Facilities and Accounting Departments
This webinar will focus on use cases for HR, Facilities and Accounting.

Having a unified ticketing and asset management system for all the departments in your company can provide end-users with a seamless experience and make things easier for your IT team. Yet, with different business tasks and objectives, many departments don’t fully understand the capabilities of Web Help Desk and how the software can be customized for effective use in their departments.
Register Now.

Home > Success Center > Log & Event Manager (LEM) > SolarWinds LEM 6.3 User Guide > Additional LEM Configuration and Troubleshooting Information > Creating Rules from Your LEM Console to Take Automated Action

Creating Rules from Your LEM Console to Take Automated Action

Table of contents
No headers

Click the video File:Success_Center/Reusable_content_-_InfoDev/LEMUserGuide_MT/0E0/0M0/Button_videoCamera_18x12.png icon to view a presentation on creating rules in the LEM console.

You can create custom Rules from the Build > Rules view in your LEM console to monitor and respond to traffic from your monitored computers and devices, such as generating email notifications. For more details about using email templates in rules, see Use the send email message action in rule creation.

  1. Open your LEM console and log in to your LEM manager as an administrator.
  2. Click Build > Rules.
  3. Click File:Success_Center/Reusable_content_-_InfoDev/LEMUserGuide_MT/0E0/0M0/Button-Add_15x13.png to open a new rule window.

    In the Rules view, you can also edit a disabled rule or clone a rule from the rule templates.

  4. Enter a name and description.
  5. To save the rule in a folder other than All Rules, select the folder from the list.

    The default value is All Rules.

  6. Drag an element into the Correlations box.
    1. For events, drag an event into the Correlations box to address any instance of the Event you specify. This type of parameter does not require a value.

    2. For event fields, drag an event field into the Correlations box to address any event that contains the value you specify.

      The same principles apply to Event Groups and their fields.

  7. If your correlations require a value, populate the value using one of the following procedures: 
    • Enter a static text value in the Text Constant field, denoted by a pencil icon. Use asterisks (*) as wildcard characters to account for any number of characters before, within, or after your text value.

    • Drag a group from the list pane to replace the Text Constant field. The most commonly used groups include User Defined Groups, Connector Profiles, Directory Service Groups, and Time Of Day Sets.
    • Drag an Event field from an existing event in your Correlations to replace the Text Constant field. This will result in a parameter that states whether values from different Events in your Correlations should match.
  8. If you want to change the operators in your conditions, click the operator until you find the one you want.

    There are two types of operators: Condition and Group.

    Condition operators are found between your events and their values. Examples include Equals, Does Not Equal, Contains, and Does Not Contain. Rule Creation only displays the operators that are available for the values in your Correlations.

    Group operators are found outside of your correlation groups. The two options are And (blue) and Or (orange).

  9. Repeat steps six through eight for any additional correlations you want to configure for your rule.
  10. If you want your rule to file after several instances of the of the event in your correlations, modify the Correlation Time.
  11. Add an action to your rule using the actions list.

    Use the following guidelines: 

    • All rules require at least one action, though they can contain several.
    • Populate your action with constants or event fields as appropriate.
    • When you use Event fields in your actions, follow the procedure above for populating your correlations. Be sure to use the same Event or Event Group as is present in your correlations.

      For example, since the correlations in the rule illustrated above are based on the UserLogon event, the fields used in its actions must come from the UserLogon event.

  12. If the Rule Status contains an error or warning, click the status indicator to view additional details and address the issue.
  13. To enable your rule when it is on your LEM manager, select the Enable check box.

    To disable your rule actions to test its configuration, select the Test check box.

    Rules must also be enabled for them to work in Test mode.

  14. If you want your rule to generate a local notification for any LEM console user, select the user from the Subscribe list.

    This option also tracks the rule's activity in the Subscriptions report in LEM Reports.

  15. Click Save.
  16. Once your rule is in your Custom Rules folder, click Activate Rules to sync your local changes with the rules folders on your LEM manager and allow the new or updated rules to function properly.

    When enabling or disabling rules, no changes will take effect until you click Active Rules.

 

Last modified
16:33, 27 Jan 2017

Tags

Classifications

Public