Notification Filter objects define event criteria and designate which Channel objects should be used to provide event notification.
To define Notification Filters, you must be familiar with event structure. All events have a fixed set of fields. They include:
Event ID |
Value1 |
Severity |
Value2 |
Component |
Data |
Text1 |
Group ID |
Text2 |
Source IP |
When you define a Notification Filter, you specify a value for a given event field. To narrow the results, you can define values for multiple event fields. Using standard and, or, and not operators, you can define up to 15 event conditions.
Once you define the event criteria, you must select a notification channel. Notification channels are simply the Channel objects the logging server uses to provide event notification. For example, if you want to e-mail events to your mailbox, you must select an SMTP Channel object that is configured to relay events to your e-mail address. Similarly, if you want to log events to a MySQL database, you must select a MySQL Channel object that is configured to write events to the correct database and table. You can define multiple notification channels for any given Notification object.
IMPORTANT: You must restart the logging server to effect any changes in Notification object configuration. For more information on restarting the logging server, refer to the Novell Nsure Audit Administration Guide.
The following provides a description of each Notification Filter object attribute:
Configuration |
||
Rule |
The Rule defines the filter criteria.
|
|
Description |
This field allows you to enter a description and any necessary explanation for the Notification Filter. The field limit is 255 characters. NOTE: The information from this field is returned if one uses the SE event variable. For more information, see Event Variables.
|
|
Event Field |
The event field on which the logging server filters events. For more information on event fields, see Event Structure.
|
|
Condition |
The condition under which the logging server applies the Value to the Event Field. Depending on the Event Field, you may select the following conditions from the drop-down list box:
|
|
Value |
The value for the designated Event Field. The logging server applies the Value to the designated Event Field under the defined conditions. If an event matches the criteria, it is sent to the designated notification channel.
|
|
Operator |
To narrow the filter results, you can define values for multiple event fields. Using standard and, or, and not operators, you can define up to 15 event conditions. The conditions are accumulative; that is, the logging server applies the first, then the second, then the third, etc., to progressively narrow the results.
|
|
Notification Channels |
The Channel objects the logging server uses to provide event notification. You can define multiple notification channels for any given Filter object.
Click the Browse button
|
|
Status |
By default, all Notification Filters are enabled. This means that the logging server loads the Notification Filters configuration in memory at startup. If the Notification Filter is disabled, the logging server does not load the objects configuration in memory at startup. IMPORTANT: The Notification Filter must be located in a supported Notification container for the logging server to find it. For more information on the logging servers Notification Container property, see Adding and Removing Notification Containers.
|
For general information on Notification objects, see Creating and Configuring Notification Objects.
For more information on using Nsure Audit, see Nsure Audit Help.
A trademark symbol (®, TM, etc.) denotes a Novell trademark. An asterisk (*) denotes a third-party trademark. For information on trademarks, see Legal Notices.