Submit a ticketCall us

AnnouncementsChange Is Inevitable

Get valuable help when it comes to tracking and monitoring changes. SolarWinds® Server Configuration Monitor (SCM) is designed to help you: detect, track, and receive alerts when changes occur, correlate system performance against configuration changes, compare server and application configuration against custom baselines, and verify application and system changes.

Learn more.

Home > Success Center > Network Configuration Manager (NCM) > NCM Documentation > NCM 7.8 Administrator Guide > Syslog messages monitoring > Configure syslog viewer filters and alerts

Configure syslog viewer filters and alerts

Table of contents
No headers
Created by Caroline Juszczak, last modified by Anthony.Rinaldi_ret on Oct 03, 2016

Views: 578 Votes: 1 Revisions: 5

This Orion Platform topic applies to the highlighted products:


You must be able to log in to the computer running your SolarWinds Orion server.

  1. Click Start > All Programs > SolarWinds Orion > Syslog and SNMP Traps > Syslog Viewer.
  2. Click File > Settings.
  3. Click Alerts/Filter Rules.
  4. Click Add New Rule to create a rule, or edit a selected rule.
  5. On the General tab, complete the following steps:
    1. Provide or edit the Rule Name.
    2. Select Enabled.
    3. Select the servers from the Apply this Rule To list.
    4. Enter the IP addresses or subnets to which this rule applies in the Source IP Addresses area.

      Syslog rules may not be applied to nodes in an unmanaged state.

  6. To limit the rule only to messages from specific hosts, domains, or host name patterns, click the DNS Hostname tab, and enter a DNS Hostname Pattern.
  7. To limit the rule only to specific message types or texts within a Syslog message, go to the Message tab, and enter rules for Message Type Pattern and Syslog Message Pattern.

    The DNS Hostname Pattern rule is case-sensitive.

    To use regular expressions, select Use Regular Expressions in this Rule.

  8. To apply specific severity or facility types, go to the Severity / Facility tab, and select the severity and facility types.
    By default, all message severities and facilities are selected.
  9. To apply the rule only during a specific period of time, select the Time of Day tab, select Enable Time of Day Checking, enter the time period, and select the days of the week on which to apply the rule.

    Messages received outside the specified time frame will not trigger alerts.

    Enabling Time of Day checking creates more overhead for the CPU.

  10. To suppress alert actions until a specified number of messages arrive that match the rule, complete the following procedure:
    1. Select the Trigger Threshold tab, and select Define a Trigger Threshold for this Rule.
    2. Enter option values.

      When Suspend Further Alert Actions For is selected, alert actions are not sent until the specified amount of time has expired. When the time period expires, only new alerts are sent. All alerts suppressed during the time period are discarded.

  11. Configure Syslog alert actions on the Alert Actions tab:
    1. To create an action for the rule, click Add New Action.
    2. To edit an action for the rule, select the action, and click Edit Selected Action.
    3. Configure the action.

      Syslog alerts use a unique set of variables.

    4. To delete an action, select the action, and click Delete Action.
    5. Use the arrow buttons to set the order in which actions are performed.
      Actions are processed in the order listed, from top to bottom.
    6. Click OK to save all changes and return to Syslog Viewer Settings.
  12. Use the arrow buttons to arrange the order in which the rules are applied.
    Rules are processed in the order they appear, from top to bottom.


Last modified