Creating an alert matching rule
Alert matching rules contain conditions, such as alert type or date received, to identify specific alerts as the Event Console receives them. These rules are used when you discard or forward alerts, execute tasks, or initiate a workflow.
See Adding or editing rules to discard alerts.
See Running a task in response to an alert.
See Forwarding alerts to another management system.
See Adding or editing workflow rules.
You can match alerts by type, severity, affected resource, and many other criteria.
To create an alert matching rule
In Symantec Management Console, on the Settings menu, click .
In the left pane, click .
On the Alert Rule Settings page, click the tab that corresponds to the type of rule you want to create.
The following rule types are available:
In the left pane, click to create a new alert matching rule.
In the alert rule builder on the right, click the generic rule name and create a unique name for the rule.
Under the rule name, click the generic description and update the text to describe the new rule.
Click to define the rule conditions.
Define matching criteria for the conditions.
You can re-order conditions and move them up and down or left and right to create nested evaluations. During evaluation, nested evaluations are performed first.
If you create a new workflow rule, define the workflow to run when a matching alert is received.
At the upper right of the page on the Status bar, click the colored circle, and then click to enable the rule.
The default status is Off.
Click , and then check the rule builder for any error or any warning messages.