The Syslog Viewer can be configured to signal Orion alert actions when Syslog messages that are received from network devices match defined rules. The steps in the following procedure establish rules that filter syslog messages and initiate alert actions as you determine.
Syslog rules may not be applied to nodes in an unmanaged state. For more information about designating nodes as unmanaged, see Set device management states.
On the General tab, complete the following steps:
Enter the IP addresses or subnets to which this rule applies in the Source IP Addresses area.
Use the examples provided on this tab to ensure that the list of source IP addresses is properly formatted.
If you want to limit the rule to only messages from specific hosts, domains, or host name patterns, on the DNS host name tab enter a DNS host name Pattern.
If you want to limit the rule to only specific message types or text within a syslog message, on the Message tab enter rules as appropriate for Message Type Pattern and Syslog Message Pattern.
Use the examples listed on this tab to format the list properly.
If you want to apply specific severity or facility types, on the Severity / Facility tab check the severity and facility types you want to apply.
By default, all message severities and facilities are selected.
If you want to limit rule application to within a specific period of time, select the Time of Day tab, check Enable Time of Day checking, enter the time period, and then check the days of the week on which to apply the rule.
Enter option values as appropriate.
When Suspend further Alert Actions for is checked, alert actions are not sent until the specified amount of time has expired. Once the time period has expired, only new alerts are sent. All alerts suppressed during the time period are discarded.
Configure the action as appropriate.
Syslog alerts use a unique set of variables.
Use the arrow buttons to set the order in which actions are performed.
Actions are processed in the order listed, from top to bottom.
Use the arrow buttons to arrange the order in which the rules are applied.
Rules are processed in the order they appear, from top to bottom.