Users Guide

ManualsBrandsDell ManualsActive System ManagerEMC OpenManage Enterprise

100

Forward audit logs to remote Syslog servers

To monitor all the audit logs of OpenManage Enterprise from Syslog servers, you can create an alert policy. All the audit logs

such as user login attempts, creation of alert policies, and running different jobs can be forwarded to Syslog servers.

To create an alert policy to forward audit logs to Syslog servers:

1. Select Alerts > Alert Policies > Create.

2. In the Create Alert Policy dialog box, in the Name and Description section, enter a name and description of the alert

policy.

a. The Enable Policy check box is selected by default to indicate that the alert policy will be enabled once it is created. To

disable the alert policy, clear the check box. For more information about enabling alert policies at a later time, see Enable

alert policies on page 97.

b. Click Next.

3. In the Category section, expand Application and select the categories and subcategories of the appliance logs. Click Next.

4. In the Target section, the Select Devices option is selected by default. Click Select Devices and select devices from the

left pane. Click Next.

NOTE: Selecting target devices or groups is not applicable while forwarding the audit logs to the Syslog server.

5. (Optional) By default, the alert policies are always active. To limit activity, in the Date and Time section, select the 'from'

and 'to' dates, and then select the time frame.

a. Select the check boxes corresponding to the days on which the alert policies must be run.

b. Click Next.

6. In the Severity section, select the severity level of the alerts for which this policy must be activated.

a. To select all the severity categories, select the All check box.

b. Click Next.

7. In the Actions section, select Syslog.

If Syslog servers are not configured in OpenManage Enterprise, click Enable and enter the destination IP address or the

hostname of Syslog servers. For more information about configuring Syslog servers, see Configure SMTP, SNMP, and Syslog

alerts on page 95.

8. Click Next.

9. In the Summary section, details of the alert policy you defined are displayed. Carefully read through the information.

10. Click Finish.

The alert policy is successfully created and listed in the Alert Policies section.

Related tasks

Delete alert policies on page 98

Disable alert policies on page 97

Enable alert policies on page 97

Edit alert policies on page 97

Create alert policies on page 93

Manage audit logs on page 99

Configure SMTP, SNMP, and Syslog alerts

By clicking OpenManage Enterprise > Application Settings > Alerts, you can configure the email (SMTP) address that

receives system alerts, SNMP alert forwarding destinations, and Syslog forwarding properties. To manage these settings, you

must have the OpenManage Enterprise administrator level credentials.

To configure and authenticate the SMTP server that manages the email communication between the users and OpenManage

Enterprise:

1. Expand Email Configuration.

2. Enter the SMTP server network address that sends email messages.

3. To authenticate the SMTP server, select the Enable Authentication check box, and then enter the username and

password.

4. By default, the SMTP port number to be accessed is 25. Edit if necessary.

Monitoring device alerts