Adding or editing workflow rules

Article:HOWTO64044  |  Created: 2011-12-20  |  Updated: 2011-12-20  |  Article URL http://www.symantec.com/docs/HOWTO64044
Article Type
How To


Subject


Adding or editing workflow rules

You can add, edit, or delete workflow rules. You add or edit workflow rules to forward all information about received alerts and their variables into a deployed workflow.

The Workflow Rules tab on the Alert Rule Settings page in the Event Console lists existing workflow rules. You can use the existing rules, or you can add, edit, and delete rules.

See About the Event Console workflow rule.

The Event Console Workflow Rules tab offers 14 rule condition types to filter the events that trigger the rule. These conditions are the same across all Event Console rule types (including discarding, forwarding, task, and workflow). No new functionality is provided to the conditions.

You can add or edit a rule to evaluate the following conditions:

  • Category. The event category

  • Count. The number of deduplicated alerts received (within a period of time)

  • Date. The date on which the event occurred

  • Day of week. The day of the week on which the event occurred

  • Definition. The specific event type name

  • Host name. The name or IP address of the resource

  • Message. The event description text

  • Product. The event-reporting product source

  • Protocol. The protocol that is used to report the event

  • Resource. The managed or unmanaged resource

  • Resource target. The resource belonging to a specified group

  • Severity. The severity level of the event

  • Time of day. The time of day at which the event occurred

  • Variable. All name data pairs or value data pairs that are provided in the event details

Adding or editing workflow rules

  1. In the Symantec Management Console, on the Settings menu, click All Settings.

  2. In the left pane, click Settings > Monitoring and Alerting > Alert Rule Settings.

  3. On the Alert Rule Settings page, click the Workflow Rules tab, and then click Add to create a new alert matching rule.

    See Creating an alert matching rule.

  4. In the rule builder on the right, click Add to create a new rule or click a rule that you want to edit.

  5. Define the matching conditions for a new rule, or edit the conditions for an existing rule. Define the workflow to run when a matching alert is received.

  6. At the upper right of the page, click the colored circle, and then click On to enable the rule.

  7. Click Save.


Legacy ID



v46387138_v66560238


Article URL http://www.symantec.com/docs/HOWTO64044


Terms of use for this information are found in Legal Notices