Submit a ticketCall us

Announcing NCM 7.7
With NCM 7.7, you can examine the rules that make up an access control list for a Cisco ASA device. Then you can apply filters to display only rules that meet the specified criteria, order the rules by line number or by the hit count, and much more.
See new features and improvements.

Home > Success Center > Network Performance Monitor (NPM) > Configure Syslog Viewer rules

Configure Syslog Viewer rules

Table of contents
Created by Erica Gill, last modified by MindTouch on Jun 23, 2016

Views: 604 Votes: 7 Revisions: 4

Overview

This article describes how to create alerts for Syslogs received by an Orion server. 

Alerts allow multiple action types to be configured on receipt of all or certain Syslogs.

Environment

All NPM versions

Steps

  1. Go to Start > All Programs > SolarWinds Orion > Syslog and SNMP Traps > Syslog Viewer
  2. Click File > Settings, and then click the Alerts / Filter Rules tab. 
  3. If you are creating a new rule, click Add Rule. 
  4. If you are editing an existing rule, click Edit Rule. 
  5. Click the General tab. 
  6. Enter a Rule Name, and then select Enabled to enable the rule. 
  7. Select the appropriate servers from the Apply this Rule to list, and then enter the IP addresses or subnets to which this rule applies.
    Note: Use the examples listed on this tab to format the list properly. 
  8. If you want the rule limited to messages from specific hosts, domains, or hostname patterns, click DNS Hostname. Then enter a DNS Hostname Pattern.
    Note: When the Use Regular Expressions in this Rule option is selected, regular expressions can be used in place of “like” statements. 
  9. If you want the rule to be limited to specific strings of text within a syslog message, click Message. Then enter the Message Pattern.
    Note: When the Use Regular Expressions in this Rule option is selected, regular expressions can be used in place of “like” statements.
  10. Generate trigger conditions for rule application in the text field as follows: 
    1. Select appropriate object identifiers and comparison functions from the linked context menus. 
    2. Click Browse (…) to Insert an “OR” condition, to Insert an “AND” condition, or to Delete a condition as necessary. 
  11. If you want to limit rule application to within a specific period of time, click Time of Day, check Enable Time of Day checking, enter the time period, and then select days of the week on which to apply the rule. 
    1. Enabling Time of Day checking creates more overhead for the CPU. 
    2. Messages received outside the specified timeframe will not trigger alerts. 
  12. If you want to suppress alert actions until a specified number of syslogs arrive that match the rule, click Trigger Threshold, check Define a Trigger Threshold for this Rule, and then enter option values as appropriate.
    Note: When the Suspend further Alert Actions option is selected, alert actions are not sent until the specified amount of time has expired. Once the time period has expired, only new alerts are sent. All alerts that are suppressed during the time period will never be sent. 
  13. Click Alert Actions. 
  14. If you are associating a new action to the rule, click Add New Action, and then select an action from the list to configure. If you are looking to reduce the amount of traps or syslogs being stored a "Discard" is a good option.
  15. If you are editing an existing action for the rule, select an action from the list, click Edit Action, and then configure the action. 
  16. Use the arrow buttons to set the order in which actions are performed.
    Note: Actions are processed in the order they appear, from top to bottom. 
  17. If you need to delete an action, select the action, and then click Delete Action. 
  18. Click OK to save all changes and return to Syslog Viewer Settings. 
  19. Use the arrow buttons to arrange the order in which the rules are applied.
    Note: Rules are processed in the order they appear, from top to bottom. 

 

Last modified
21:57, 22 Jun 2016

Tags

Classifications

Public