Notification Filter objects define event criteria and designate which Channel objects should be used to provide event notification.
To define Notification Filters, you must be familiar with event structure. All events have a fixed set of fields. When you define a Notification Filter, you specify a value for a given event field. To narrow the results, you can define values for multiple event fields. Using standard And, Or, Not and End operators, you can define up to 15 event conditions.
When you define the event criteria, you must select a notification channel. Notification channels are simply the Channel objects the logging server uses to provide event notification. For example, if you want to e-mail events to your mailbox, you must select an SMTP Channel object that is configured to relay events to your e-mail address. Similarly, if you want to log events to a MySQL* database, you must select a MySQL Channel object that is configured to write events to the correct database and table. You can define multiple notification channels for any given Notification object.
IMPORTANT: You must restart the logging server to effect any changes in Notification object configuration. For more information on restarting the logging server, refer to the Novell® Audit Administration Guide.
The following provides a description of each Notification Filter object attribute:
Item |
Description | |
Configuration |
| |
Rule |
The Rule defines the filter criteria.
| |
|
Description |
This field allows you to enter a description and any necessary explanation for the Notification Filter. The field limit is 255 characters. If you use the SE event variable, the information from this field is returned. For more information, see Event Variables.
|
|
Event Field |
The event field on which the logging server filters events. For more information on event fields, see Event Structure.
|
|
Condition |
The condition under which the logging server applies the Value to the Event Field. Depending on the Event Field, you can select the following conditions from the drop-down list box:
|
|
Value |
The value for the designated Event Field.
The logging server applies the Value to the designated Event Field under the defined conditions. If an event matches the criteria, it is sent to the designated notification channel.
|
|
Operator |
To narrow the filter results, you can define values for multiple event fields. Using standard And, Or, Not, and End operators, you can define up to 15 event conditions. The conditions are accumulative; that is, the logging server applies the first, then the second, then the third, etc., to progressively narrow the results.
|
Notification Channels |
The Channel objects the logging server uses to provide event notification. You can define multiple notification channels for any given Filter object. Click the Browse button
| |
Status |
By default, all Notification Filters are enabled. This means that the logging server loads the Notification Filter's configuration in memory at startup. IMPORTANT: The Notification Filter must be located in a supported Notification container for the logging server to use it. For more information on the logging server's Notification Container property, see Adding and Removing Notification Containers. If you select the Disabled option, you must restart the Secure Logging Server for the setting to become effective. Thereafter, the logging server cannot load the object's configuration until you select Enabled.
|
A trademark symbol (®, , etc.) denotes a Novell trademark. An asterisk (*) denotes a third-party trademark. For information on trademarks, see Legal Notices.