Submit a ticketCall us

Have You Auto Renewed? If not, you're missing out.
The SolarWinds Renewal Program comes with a host of benefits including the most recent product updates, 24/7 technical support, virtual instructor-led training and more. Experience all of this with the convenience of Auto Renewal, and never worry about missing any of these great benefits. Learn More.

Home > Success Center > Server & Application Monitor (SAM) > SAM 6.4 Administrator Guide > Monitor your network with SAM > Configure Syslog Viewer filters and alerts in SAM

Configure Syslog Viewer filters and alerts in SAM

Table of contents
No headers

Updated: 3-9-2017

You must be able to log in to the computer running your Orion server.

  1. Click Start > All Programs > SolarWinds Orion > Syslog and SNMP Traps > Syslog Viewer.
  2. Click File > Settings.
  3. Click Alerts/Filter Rules.
  4. Click Add New Rule to create a rule, or edit a selected rule.
  5. On the General tab, complete the following steps:
    1. Provide or edit the Rule Name.
    2. Select Enabled.
    3. Select the servers from the Apply this Rule To list.
    4. Enter the IP addresses or subnets to which this rule applies in the Source IP Addresses area.

      Syslog rules may not be applied to nodes in an unmanaged state. For more information about designating nodes as unmanaged, see Suspend collecting data for monitored nodes.

  6. To limit the rule only to messages from specific hosts, domains, or host name patterns, click the DNS Hostname tab, and enter a DNS Hostname Pattern.

    The DNS Hostname Pattern rule is case sensitive.

    To use regular expressions, select Use Regular Expressions in this Rule.

  7. To limit the rule only to specific message types or texts within a Syslog message, go to the Message tab, and enter rules for Message Type Pattern and Syslog Message Pattern.
  8. To apply specific severity or facility types, go to the Severity / Facility tab, and select the severity and facility types.
    By default, all message severities and facilities are selected.
  9. To apply the rule only during a specific period of time, select the Time of Day tab, select Enable Time of Day Checking, enter the time period, and select the days of the week on which to apply the rule.

    Messages received outside the specified time frame will not trigger alerts.

    Enabling Time of Day checking creates more overhead for the CPU.

  10. To suppress alert actions until a specified number of messages arrive that match the rule, complete the following procedure:
    1. Select the Trigger Threshold tab, and select Define a Trigger Threshold for this Rule.
    2. Enter option values.

      When Suspend Further Alert Actions For is selected, alert actions are not sent until the specified amount of time has expired. When the time period expires, only new alerts are sent. All alerts suppressed during the time period are discarded.

  11. Configure Syslog alert actions on the Alert Actions tab:
    1. To create an action for the rule, click Add New Action.
    2. To edit an action for the rule, select the action, and click Edit Selected Action.
    3. Configure the action.

      Syslog alerts use a unique set of variables.

    4. To delete an action, select the action, and click Delete Action.
    5. Use the arrow buttons to set the order in which actions are performed.
      Actions are processed in the order listed, from top to bottom.
    6. Click OK to save all changes and return to Syslog Viewer Settings.
  12. Use the arrow buttons to arrange the order in which the rules are applied.
    Rules are processed in the order they appear, from top to bottom.
 
Last modified

Tags

Classifications

Public