Syslog Management Help >> Opeartion Guide >> Syslog-to-Alarm Rule >> Add/Modify/Copy a Rule

Add/Modify/Copy a Rule

This function allows you to add, modify, or copy a Syslog-to-alarm rule.

For how the Syslogs are promoted to alarms, see Syslog-to-Alarm Rule.

Operation Procedure

1. Click the Alarm tab on the top navigation bar, and select Syslog Management > Syslog to Alarm from the navigation tree.
2. Click the Add button, the icon of a rule, or the icon of a rule to enter the page for adding/modifying/copying a rule.
3. In the Basic Information area, specify the required options for the rule.
4. In the Alarm Generation Rule area, set parameters such as the Syslog type, Syslog level, statistic, repeat interval, repeat times, alarm level, and Syslog template.
5. Optionally, you can perform configuration in the Alarm Recovery Rule area, where you can set parameters such as the Syslog type, Syslog level, Syslog template, and recovery alarm key parameters.
6. Click OK.

Parameters

1. Alarm Generation Rule
   • Syslog Type: Specifies the type of Syslog packets that match the rule.
   • Syslog Level: Specifies the levels of Syslog packets that match the rule.
   • Statistic: Specifies whether the network-wide Syslogs are counted together or based on separate devices.
   • Repeat Interval/Repeat Times: Specifies how many Syslogs received in how long an interval will trigger the system to generate an alarm.
   • Alarm Level: Level of the alarms generated.
   • Alarm Description: Description of the alarm generated. By default, the alarm description is "%Syslog%", which represents the contents of the whole Syslog. You can use some of the parameters in the Syslog template as the alarm description. Different syslog templates define different parameters. You can select a syslog template as needed, and use parameters in the template to customize the alarm description.
   • Syslog Template: Specifies the text contents as the match criteria of the Syslog-to-alarm rule. To match the rule, a Syslog must have contents that completely match the Syslog template.
     • You can modify the content of the selected parsing template. When the template uses the regular expression, the method for modifying the template content is the same as the method for adding the template content. For more information about modifying the parsing template, see: Add/Modify/Copy Syslog Template
   • Param Setting
     
     1) Count Type: Two options are available. The Summing Count option specifies collecting the total number of matching Syslogs. The Classifying Count option specifies collecting the number of matching Syslogs per count parameter values. For example, when you specify the Classifying Count option, if two Syslogs contain the count parameter A, and one Syslog contains the count parameter B, the count of Syslogs matching count parameter A is 2, and the count of Syslogs matching count parameter B is 1.
     2) Count Parameter, Param Name, and Param Value: The count parameter is used for classifying and counting Syslogs. You can select or unselect a count parameter by selecting or unselecting an option. The Param Value option specifies the count parameter value used as the match criterion of the rule. The value of the count parameter of a matching Syslog must be the same as the specified value. If you set the Param Value to N/A, a Syslog matches the rule regardless of the value of the count parameter.
2. Alarm Recovery Rule: An alarm recovery rule is opposite to an alarm generation rule. For example, an alarm generation rule can contain an interface down event, whereas an alarm recovery rule can contain an interface up event. Alarm recovery rules recover the generated alarms.
   • Syslog Type: Specifies the type of Syslog packets that matches the rule.
   • Syslog Level: Specifies the levels of Syslog packets that match the rule.
   • Description: Specifies description information for the alarm recovery rule.
   • Syslog Template: Specifies the text contents as the match criteria of the alarm recovery rule. To match the rule, a Syslog must have contents that completely match the Syslog template.
   • Alarm Recovery Key Parameters: After an alarm recovery rule is generated, the system matches the alarm recovery key parameters against the generated alarms. When a match is found, the corresponding alarm will be recovered. If you do not set the alarm recovery key parameters, the system will not recover any generated alarms. It is recommended that you configure the alarm recovery key parameters.

Precautions

• You cannot change the name of a rule once the rule is created.
• When copying a rule, you must change its name.
• In the Alarm recovery rule, values of the Recovery Alarm Key Parameters are taken from the count parameter settings in the previous alarm generation rule.

Related Topics

• Syslog-to-Alarm Rule
• Rule List
• Simple Query