Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
ON THIS PAGE
 

Create and Manage Alert Definitions

Create Alert Definitions

You can create an alert definition to monitor your data in real time. You can identify issues and attacks before they impact your network.

For example, if you are an administrator, you can define a condition such that if the number of firewall denials events crosses a predefined threshold in a given time frame for a specific device, you receive an email alert.

  1. Click Monitor > Alert > Alert Definitions.
  2. Click the plus icon (Blue plus symbol suggesting an action like adding or expanding content.).
  3. Complete the configuration according to the guidelines provided below:
    Table 1: Alert Definitions Settings

    Setting

    Guideline

    General

    Alert Name

    Enter a unique string of alphanumeric characters, colons, periods, dashes, and underscores. No spaces are allowed. The maximum length is 63 characters.

    Alert Description

    Enter a description for the alerts. The maximum length is 1024 characters.

    Alert Type

    Displays the type of alert that is system-based.

    Status

    Click the toggle button to view only the active alerts.

    Severity

    Select the severity level of the alert: Info, minor, major, or critical.

    Trigger

    Displays the data criteria from the list of default and user-created filters that are saved from the Event Viewer.

    Data Criteria

    Specifies the data criteria from the list of default and user-created filters that are saved from the Event Viewer.

    To add saved filters:

    • Click the Use data criteria from filters link. The Add Saved Filters page appears.

    • Select the filters to be added.

    • Click OK.

    Time Span

    Specify the time period for triggering an alert.

    Number of Events

    Enter the event threshold (number of logs for each category). An alert triggers if the number exceeds the specified threshold. Range: between 1-1,000,000,000.

    Recipient(s)

    E-mail address(es)

    Specify the e‐mail addresses for the recipients of the alert notification.

    Custom Message

    Enter a custom string for identifying the type of alert in the alert notification e‐mail.
  4. Click Ok.
    A new alert definition with the configured alert triggering condition is created. You can view the generated alerts from the alert definition to troubleshoot the issues with your system.

Manage Alert Definitions

  • Edit—Select the definition, and then click the pencil icon (Blue pencil icon indicating edit functionality.).

  • Clone—Select the definition, and then click More > Clone.

  • Delete—Select the definition, and then click the trash can icon (Blue trash can icon representing delete or remove function.).