Prerequisites
The gateway server must be installed in the managed environment.
Tip
If you are unfamiliar with regex, free websites provide regex reference materials, tutorials, and development tools to fine-tune the regex expressions you might need to define rules.Add a syslog configuration profile
The Syslog Monitor Configuration functionality is used to filter messages and generate alerts from the messages. For example, to stop receiving alerts for mail system messages, the system can be “trained” to not monitor those messages.
Select Setup > Monitoring > Syslog Monitoring Configuration.
Click the Configuration Profiles tab.
Click Create New.
Enter the following information:
Property Description Partner (required) The partner scope is prepopulated. Client (required) Client scope. Prepopulated if already selected. Management profiles List of management profiles configured in Resources > Management Profiles Configuration Name (required) Name of this configuration profile. Description Description of this profile. Click Next.
Enter the following configuration profile properties:
Property Description Severity (required) Message severity level drop-down list from RFC 5424. Facility (required) Type of message to monitor drop-down list from RFC 5424. Resource Filter 1 IP Filter Range : (required) IP address range of servers to monitor for syslog messages. Enter an asterisk ( *
) to receive messages from all devices, although, this is not recommended because of the heavy traffic load imposed on the gateway.Rule Name : Previously defined rule dropdown list selection. The Action and Tag columns are populated from the rule properties.
Click the + symbol to add another previously defined rule to the profile. Rules are executed in the order in which they occur in the profile.
Click the delete icon to delete a rule.(optional) To define a new rule and add it to the resource filter, click the + New Rule button, enter the rule properties as described in Add a syslog monitoring rule, and click Save.
Click Save to apply the profile configuration and list the defined configurations:
Click + Add to define another profile.
Add a syslog monitoring rule
Select Setup > Monitoring > Syslog Monitoring Configuration.
Click the Rules tab.
Click Create New.
Enter the following information:
Property Description Scope (required) Scope to which the rule is applied: - Partner Rule: Applies to partner.
- Client-specific Rule: Applies to specified client, only.
Client (required) If Client-specific Rule scope is selected, select from drop-down client list. Name (required) Rule name. Action (required) Action to apply to messages that match this rule: - INCLUDE: Send matching data in generated alert message.
- EXCLUDE: Send all but matching data in generated alert message.
RegEx Pattern (required) Regex pattern to apply for matching messages. Matching groups can be used as parameters, such as ${1}
, in generating alert messages.Metric Name (required) User-defined metric name, which can be specified using regex. Component (required) User-defined component name. Alert Subject (required) User-defined alert subject. Alert Decsription Alert description. Alert Severity (required) Alert severity level: - Critical
- Warning
- Info
- Ok
Tags User-defined tag name. Click Submit.
View and edit configuration profile
View the defined configuration profiles in the Setup > Monitoring > Syslog Monitoring Configuration > Configuration Profiles tab:
Click the configuration profile name to see the detailed profile information.
(optional) You can change profile properties as needed. When complete, click Next.
(optional) Change existing rule properties or add new rules as described in Add a syslog monitoring rule.
Click Save.
View rules
View rule details in the Setup > Monitoring > Syslog Monitoring Configuration > Rules tab.
Change existing rule properties or add new rules as described in Add a syslog monitoring rule.
Click Save.
Search profiles and rules
The following Syslog Monitoring Configuration search options are available.
Search profiles and rules
Use the configuration name and rule name to find a configuration profile and rules using.
Advanced search
To search for specific criteria, use the Advanced search option.
Advanced configuration profile search
To search profiles using specific criteria:
Click Advanced.
In ADVANCED SEARCH, enter :
- Client
- Configuration Name
Click Search.
The Configuration Profile screen displays search results.
Advanced rules search
To search rules using specific criteria:
Click Advanced.
In ADVANCED SEARCH, enter the following information:
- Client
- Action
- Tags
Click Search.
The Rules screen displays search results.
Delete profiles and rules
Use the Remove option to delete existing configuration profiles and rules.
To delete a Syslog configuration from a single gateway management profile, remove the managed profile from the respective Syslog configuration.