Adding new alarm

All EventLog users can view alarms, however only users with write privileges can add, edit or delete them.

To set EventLog alarms, go to  Settings > EventLog Settings > Alarms.


To add a new alarm in EventLog:

  1. Click Add
  2. Set Alarm information
  3. Set Alarm condition

There are two types of alarms:

  1. Syslog alarm - alarm activated with syslog messages
  2. SNMP Trap alarm - alarm activated with SNMP trap messages

Common settings for both types of alarm are name, description and alarm level. For Syslogs, condition is based on source IP, severity, facility and message content. For SNMP traps, condition is based on source IP, SNMP Trap OID and variable bindings.

Both types of alarm have additional settings for triggering condition. You can create alarm condition based on number of messages in unit of time - group alarm (alarm will be triggered and displayed only if all conditions are met more than defined number of times in specified time frame).


Screenshot above shows an example of an Alarm configuration. This Error level alarm will trigger if SNMP Trap message is sent from 10.10.10.10, with Trap OID 1.3.6.1.4.1.8072.

In following example, Critical alarm will trigger if 3 or more Syslog message is sent form exporter 10.10.10.10 in one minute. This messages need to have severity from 0 to 3 and need to have "Authentication failure" in text of message also.


You can also define mail notification. Selected users will receive two mails, one when alarm is activated and second one when alarm is deactivated.

Alarm Examples

TypeAlarm nameDescription
NetworkingLink is downInterface changed state to down



See these alarms in action at our Live Demo.

NetworkingBGP peer dropBGP peer has reset the connections
SystemFailed passwordFailed password
System/SecurityAuth failureUnauthorized access attempt on a vital server
SecuritySeverity = AlertReceived syslog with Severity 1


Read more about Event Alarms.


On this page:









It is possible to combine more condition criteria. If you do not define a value to a certain criterion, that criterion will not be included in the Alarm condition.

  • No labels