Submit a ticketCall us

Solarwinds & Cisco Live! Barcelona
Join us from the 29th of January to the 2nd of February at Cisco Live 2018 in Barcelona, where we will continue to show how monitoring the network with SolarWinds will keep you ahead of the game. At our booth (WEP 1A), we will demonstrate how SolarWinds network solutions can help. As a bonus, we are also hosting a pre-event webinar - Blame the Network, Hybrid IT Edition with our SolarWinds Head Geek™, Patrick Hubbard on January 24th - GMT (UTC+0): 10:00 a.m. to 11:00 a.m. There's still time to RSVP.

Home > Success Center > Orion Platform > Orion Documentation > Orion Platform Administrator Guide > Monitor Syslog messages > Trigger alerts when receiving specific Syslog messages

Trigger alerts when receiving specific Syslog messages

Table of contents
No headers
Created by Caroline Juszczak, last modified by Magdalena.Markova on Nov 30, 2016

Views: 603 Votes: 1 Revisions: 5

You must be able to log in to the computer running your SolarWinds Orion server.

  1. Click Start > All Programs > SolarWinds Orion > Syslog and SNMP Traps > Syslog Viewer.
  2. Click File > Settings.
  3. Click Alerts/Filter Rules.
  4. Click Add New Rule to create a rule, or edit a selected rule.
  5. On the General tab, complete the following steps:
    1. Provide or edit the Rule Name.
    2. Select Enabled.
    3. Select the servers from the Apply this Rule To list.
    4. Enter the IP addresses or subnets to which this rule applies in the Source IP Addresses area.

      Syslog rules may not be applied to nodes in an unmanaged state.

  6. To limit the rule only to messages from specific hosts, domains, or host name patterns, click the DNS Hostname tab, and enter a DNS Hostname Pattern.
  7. To limit the rule only to specific message types or texts within a Syslog message, go to the Message tab, and enter rules for Message Type Pattern and Syslog Message Pattern.

    The DNS Hostname Pattern rule is case-sensitive.

    To use regular expressions, select Use Regular Expressions in this Rule.

  8. To apply specific severity or facility types, go to the Severity / Facility tab, and select the severity and facility types.
    By default, all message severities and facilities are selected.
  9. To apply the rule only during a specific period of time, select the Time of Day tab, select Enable Time of Day Checking, enter the time period, and select the days of the week on which to apply the rule.

    Messages received outside the specified time frame will not trigger alerts.

    Enabling Time of Day checking creates more overhead for the CPU.

  10. To suppress alert actions until a specified number of messages arrive that match the rule, complete the following procedure:
    1. Select the Trigger Threshold tab, and select Define a Trigger Threshold for this Rule.
    2. Enter option values.

      When Suspend Further Alert Actions For is selected, alert actions are not sent until the specified amount of time has expired. When the time period expires, only new alerts are sent. All alerts suppressed during the time period are discarded.

  11. Configure Syslog alert actions on the Alert Actions tab:
    1. To create an action for the rule, click Add New Action.
    2. To edit an action for the rule, select the action, and click Edit Selected Action.
    3. Configure the action.

      Syslog alerts use a unique set of variables.

    4. To delete an action, select the action, and click Delete Action.
    5. Use the arrow buttons to set the order in which actions are performed.
      Actions are processed in the order listed, from top to bottom.
    6. Click OK to save all changes and return to Syslog Viewer Settings.
  12. Use the arrow buttons to arrange the order in which the rules are applied.
    Rules are processed in the order they appear, from top to bottom.
Last modified