All EventLog users can view alarms, however only users with write privileges can add, edit or delete them.
To set EventLog alarms, go to > Settings > EventLog Settings > Alarms.
To add a new alarm in EventLog:
Set Alarm information
Set Alarm condition
There are two types of alarms:
Syslog alarm - alarm activated with syslog messages
SNMP Trap alarm - alarm activated with SNMP trap messages
Common settings for both types of alarm are name, description and alarm level. For Syslogs, condition is based on source IP, severity, facility and message content. For SNMP traps, condition is based on source IP, SNMP Trap OID and variable bindings.
Both types of alarm have additional settings for triggering condition. You can create alarm condition based on number of messages in unit of time - group alarm (alarm will be triggered and displayed only if all conditions are met more than defined number of times in specified time frame).
Screenshot above shows an example of an Alarm configuration. This Error level alarm will trigger if SNMP Trap message is sent from 10.10.10.10, with Trap OID 22.214.171.124.4.1.8072.
In following example, Critical alarm will trigger if 3 or more Syslog message is sent form exporter 10.10.10.10 in one minute. This messages need to have severity from 0 to 3 and need to have "Authentication failure" in text of message also.
You can also define mail notification. Selected users will receive two mails, one when alarm is activated and second one when alarm is deactivated.