This section describes how to set up alerts on the Search > Content-Based Alerts page.
To set up alerts on the Search > Content-Based Alerts page
Configure a target where you wish to send content-based alerts. For details on how to do this, see Step 1 in Setting up alerts on the search interface.
Optional step: You can also specify the email address from which alerts are sent. Configuring an email address from where you wish to receive emails can be useful for filtering purposes. If you do not specify such an email address, a default one will be used.
For detailed instructions, see the steps describing how to specify a Send e-mails as email address in "Configuring e-mail alerts" in the Administration Guide.
Once you have set up a target or targets, navigate to Search > Content-Based Alerts.
The new tab that opens allows you to specify a content-based alert.
Figure 157: Search > Content-Based Alerts — Setting up content-based alerts on the Search
Enter a name for your alert.
Alert names must be globally unique. Using a prefix before alert names can help avoid specifying a name that is already in use.
In the Search expression field, enter the search expression that you wish to receive alerts about.
Select the appropriate logspace from the Logspace menu.
Select a target or targets from the Alert targets menu. You can select multiple targets if you wish to distribute the alert to multiple email addresses.
You can remove targets you have already added by clicking .
To save your details, click .
If you wish to modify your alert later on, you can make changes by revisiting the relevant steps on the Search > Content-Based Alerts page.
Once content-based alerts have been created, syslog-ng Store Box(SSB) will send alert messages to the configured targets.
The alert email's subject line will follow this format:
Alert messages will be presented in the following format:
Alert: There were at least 10000 matches between Mon 18 Apr 2016 10:45:38 CEST and Mon 18 Apr 2016 10:45:43 CEST on * logspace: "<mylogspace>" * alert: "<myalert>" * search expression: "<mysearchexpression>" To review these matches on your SSB appliance, see: https://<IP_address_of_SSB>:<port_number>/index.php?_backend=SearchLogspace#logspace_name=mylogspace& from=1460976338&to=1460976343&search_expression=mysearchexpression Note: You will not receive a new alert message for a cooldown period of 1 minute for this alert.
Note that the contents of the log messages are not shared in the alert message. A URL is provided to direct users to their SSB appliance.
The syslog-ng Store Box(SSB) application provides additional tools to obtain information about log messages that can come from external sources. They are as follows:
Pattern database: You can use the pattern database of SSB to alert on certain log messages. If you are using the pattern database for such purposes and you wish to check the history of the alerts raised by SSB, then refer to Log message alerts.
Reports: SSB periodically creates reports on processed traffic. If you wish to retrieve information available in such reports, see Reports.
The syslog-ng Store Box(SSB) application allows you to search, filter, and export internal messages. These internal messages contain the logs created by SSB itself (not the messages collected from external sources), including log messages of the SSB appliance, configuration changes, notifications, alerts, and dashboard statistics.
All available log messages are listed in the local logspace in Search > Logspaces.
For detailed instructions on using the log search interface, see Using the search interface.
Recent log messages are also available in Basic settings > Troubleshooting.
For detailed instructions on using the troubleshooting tools, see Troubleshooting SSB.
The configuration-related activity of SSB users and administrators is available at AAA > Accounting. The configuration changes performed on the SSB web interface are all listed here.
For the list of displayed parameters, see Changelogs of SSB.
Peers (client computers) that use syslog-ng Premium Edition 3.0 or newer send a special log message to SSB when their configuration is modified. These changes are listed at Search > Peer configuration change.
For the list of displayed parameters, see Configuration changes of syslog-ng peers.
If you use the pattern database of SSB to alert on certain log messages, then a history of the alerts is available at Search > Alerts.
For the list of displayed parameters, see Log message alerts.
Backup and archive notifications, including errors encountered during backup or archiving, are stored at Search > Archive & Cleanup.
For the list of displayed parameters, see Notifications on archiving and backups.
The statistics of SSB are available at Basic settings > Dashboard.
For detailed information and the list of available options, see Status history and statistics.
PDF reports about the configuration changes, system health parameters, and other activities of SSB are available at Reporting > Reports.
For the list of displayed parameters, see Reports.
© 2020 One Identity LLC. ALL RIGHTS RESERVED. Feedback 使用条款 隐私