EvenLog users can view and EventLog administrator can add, edit or delete alarms.
To configure EventLog alarms, go to Settings > EventLog Settings > Alarms.
To add a new alarm in EventLog:- Click Add
- Set Alarm information (type, name, description and level)
- Set Alarm threshold
For Syslogs, threshold is based on source IP, severity, facility and message content
For SNMP traps, threshold is based on source IP, OID and variable bindings.
It is possible to combine more threshold criteria (AND logical operand is implied).
If you do not define a value to a certain criterion, that criterion will not be included in the Alarm condition.
Screenshot above shows an example of an Alarm confguration. This alarms will trigger if syslog message is sent from 147.91.7.65, with severity level 3 and message containing Authentication failure.