8.3 Notification Filters
Notification Filter objects define event criteria and designate which Channel objects should be used to provide event notification.
To define Notification Filters, you must be familiar with event structure. For more information on each event field, see Section A.1, Event Structure.
When you define a Notification Filter, you specify a value for a given event field. To narrow the results, you can define values for multiple event fields. Using standard And, Or, and Not operators, you can define up to 15 event conditions.
After you define the event criteria, you must select a notification channel. Notification channels are simply the Channel objects the logging server uses to provide event notification. For example, if you want to e-mail events to your mailbox, you must select an SMTP Channel object that is configured to relay events to your e-mail address. Similarly, if you want to log events to a MySQL database, you must select a MySQL Channel object that is configured to write events to the correct database and table. You can define multiple notification channels for any given Notification object.
The following table provides a description of each Notification Filter attribute.
IMPORTANT:You must restart the logging server to effect any changes in Filter object configuration. For more information, see Section G.3, Secure Logging Server Startup Commands.
|
Attribute |
Description |
|---|---|
|
Description |
This field allows you to enter a description and any necessary explanation for the Notification Filter. The field limit is 255 characters. The information from this field is returned if one uses the SE event variable. For more information, see Section A.3, Managing Event Data. |
|
Rule |
The Rule defines the filter criteria. |
|
Event Field |
The event field on which the logging server filters events. For more information on the event fields, see Section A.1, Event Structure. |
|
Condition |
The condition under which the logging server applies the Value to the Event Field. Depending on the Event Field, you can select one of the following conditions from the drop-down list box:
|
|
Value |
The value for the designated Event Field. The logging server applies the Value to the designated Event Field under the defined conditions. If an event matches the criteria, it is sent to the designated notification channel. |
|
Operator |
To narrow the filter results, you can define values for multiple event fields. Using standard And, or, and Not operators, you can define up to 15 event conditions. The conditions are accumulative; that is, the logging server applies the first condition, then the second, then the third, etc., to progressively narrow the results. |
|
Notification Channels |
The Channel objects the logging server uses to provide event notification. You can select multiple notification channels for any given Filter object. Click the Object Selector button |
|
Status |
This option allows you to enable or disable the Notification Filter. By default, all Notification Filters are enabled. This means that the logging server loads the filter's configuration in memory at startup. IMPORTANT:The Notification Filter object must be located in a supported Notification container for the logging server to use it. For more information on the logging server's Notification Container property, see Logging Server Objects . If you mark the Disabled option, you must restart the Secure Logging Server for the setting to become effective. Thereafter, the logging server cannot load the object's configuration until you mark Enabled. For information on unloading the logging server, see Section G.3, Secure Logging Server Startup Commands. |
to
select Channel objects in the tree.