To add a new alarm in EventLog:- Click Add
- Set Alarm information
- Set Alarm condition
There are two types of alarms:
- Syslog alarm - alarm activated with syslog messages
- SNMP Trap alarm - alarm activated with SNMP trap messages
Common settings for both types of alarm are name, description and alarm level. For Syslogs, condition is based on source IP, severity, facility and message content. For SNMP traps, condition is based on source IP, SNMP Trap OID and variable bindings.
Both types of alarm have additional settings for triggering condition. You can create alarm condition based on number of messages in unit of time - group alarm (alarm will be triggered and displayed only if all conditions are met more defined number of times in specified time frame).
Screenshot above shows an example of an Alarm configuration. This Error level alarm will trigger if SNMP Trap message is sent from 10.10.10.10, with Trap OID 1.3.6.1.4.1.8072.
In following example, Critical alarm will trigger if 3 or more Syslog message is sent form exporter 10.10.10.10 in one minute. This messages need to have severity from 0 to 3 and need to have "Authentication failure" in text of message also.
You can also define mail notification. Selected users will receive two mails, one when alarm is activated and second one when alarm is deactivated.