Adding or editing rules to discard alerts

Article:HOWTO64045  |  Created: 2011-12-20  |  Updated: 2011-12-20  |  Article URL http://www.symantec.com/docs/HOWTO64045
Article Type
How To


Subject


Adding or editing rules to discard alerts

You may need to delete incoming alerts under certain conditions. Or, you may want to delete duplicate alerts. In the Event Console Alert Rule Settings page, you can create an alert matching rule to discard the alerts that meet your criteria. These alerts are removed as soon as they are received and are not imported into the Configuration Management Database.

To optimize performance of the platform, and Notification Server in particular, you should create discard rules to remove redundant alerts. The Discarding Rules tab lets you configure multiple conditions for the incoming alerts that the system should discard.

See About alerts.

See Creating an alert matching rule.

Filtered alerts are never stored in the alert database and are unavailable when reports are generated. If you want to store alerts but do not want to display them in the Event Console, hide them instead.

See Hiding resolved alerts.

To add or edit a rule to discard an alert

  1. In the Symantec Management Console, on the Settings menu, click All Settings.

  2. In the left pane, click Settings > Monitoring and Alerting > Alert Rule Settings.

  3. On the Alert Rule Settings page, click the Discarding Rules tab, and then click Add to create a new alert matching rule.

  4. Define the matching conditions and the workflow to run when a matching alert is received.

  5. At the upper right of the page, click the colored circle, and then click On to enable the rule.

  6. Click Save.


Legacy ID



v46387139_v66560238


Article URL http://www.symantec.com/docs/HOWTO64045


Terms of use for this information are found in Legal Notices