Users Guide
Automation and Event Processing Rules | Alarms, Events, and Automation
306 OMNM 6.5.3 User Guide
Syslog Escalation Criteria
This tab of Syslog Event Rules lets you manage events based on matching text, and configure
messages in response to such matches.
The following sections describe syslog escalation criteria:
•
Criteria: Syslog Match Text
•
Criteria: Syslog Event Setup
•
Template Fields
•
Message Test
•
Explicit Members
Criteria: Syslog Match Text
In this tab, enter the Syslog Match Text. Click the plus to add matching text to the list below the
empty field. There are two options for
How to Apply the Match Text to Syslog Messages
, which is
controlled by whether or not this box is checked. Check to match any single entry (only one
message match text must be present in the message) or uncheck to match all entries (all message
match texts must be present). For example, consider that the Message Match Text list contains the
following entries: "LOGIN" and "FAILED" and consider a Syslog message that says "USER LOGIN
SUCCESS". This message would be a match if the box was checked but it would not be a match if
the box was unchecked. If the list contains the same entries but the Syslog message was "USER
LOGIN FAILED" then this would be a match regardless of whether the box was checked.
Criteria: Syslog Event Setup
This portion of the Criteria screen sets up the
syslogNotification
event emitted when
matching occurs. Here are the fields:
Event Severity
— Select the alarm severity of the event emitted when a match occurs. You can
choose to assign a specific severity to the syslogNotification events that would be created
from this escalation, such as Major, Minor, etc., or you can instead select Indeterminate,
which will use the severity within the original Syslog message to determine the severity of the
resulting event. For example, if you select Indeterminate and the Syslog message has a