Creating an alert matching rule

Article:HOWTO64010  |  Created: 2011-12-20  |  Updated: 2011-12-20  |  Article URL http://www.symantec.com/docs/HOWTO64010
Article Type
How To


Subject


Creating an alert matching rule

Alert matching rules contain conditions, such as alert type or date received, to identify specific alerts as the Event Console receives them. These rules are used when you discard or forward alerts, execute tasks, or initiate a workflow.

See Adding or editing rules to discard alerts.

See Running a task in response to an alert.

See Forwarding alerts to another management system.

See Adding or editing workflow rules.

You can match alerts by type, severity, affected resource, and many other criteria.

To create an alert matching rule

  1. In Symantec Management Console, on the Settings menu, click All Settings.

  2. In the left pane, click Settings > Monitoring and Alerting > Alert Rule Settings.

  3. On the Alert Rule Settings page, click the tab that corresponds to the type of rule you want to create.

    The following rule types are available:

    • Discarding Rules

    • Forwarding Rules

    • Task Rules

    • Workflow Rules

  4. In the left pane, click Add to create a new alert matching rule.

  5. In the alert rule builder on the right, click the generic rule name and create a unique name for the rule.

  6. Under the rule name, click the generic description and update the text to describe the new rule.

  7. Click Add to define the rule conditions.

  8. Define matching criteria for the conditions.

    You can re-order conditions and move them up and down or left and right to create nested evaluations. During evaluation, nested evaluations are performed first.

  9. If you create a new workflow rule, define the workflow to run when a matching alert is received.

  10. At the upper right of the page on the Status bar, click the colored circle, and then click On to enable the rule.

    The default status is Off.

  11. Click Save, and then check the rule builder for any error or any warning messages.


Legacy ID



v16116487_v66560238


Article URL http://www.symantec.com/docs/HOWTO64010


Terms of use for this information are found in Legal Notices