To monitor all the audit logs of OpenManage Enterprise from Syslog servers, you can create an alert policy. All audit logs such as user login attempts, creation of alert policies, and running different jobs can be forwarded to Syslog servers. If a server specifies the OpenManage Enterprise as a Syslog target, traps triggered on the server will be forwarded to the OpenManage Enterprise's destination Syslog server as well.
Steps
Select
Alerts > Alert Policies > Create.
In the
Create Alert Policy dialog box, in the
Name and Description section, enter a name and description of the alert policy.
The
Enable Policy check box is selected by default to indicate that the alert policy will be enabled once it is created. To disable the alert policy, clear the check box. For more information about enabling alert policies at a later time, see
Create an alert policy.
Click
Next.
In the
Category section, expand
Application and select the categories and subcategories of the appliance logs. Alternatively, in the
Message ID section, indicate a list of messages to be sent to the Syslog by either:
Uploading a .csv file listing the messages to be filtered. (Sample available on the UI)
Entering a list of message IDs separated by commas.
Click
Next
In the
Target section, the
Select Devices option is selected by default. Click
Select Devices and select devices from the left pane. Click
Next.
NOTE:Selecting target devices or groups is not applicable while forwarding the audit logs to the Syslog server.
(Optional) By default, the alert policies are always active. To limit activity, in the
Date and Time section, select the 'from' and 'to' dates, and then select the time frame.
Select the check boxes corresponding to the days on which the alert policies must be run.
Click
Next.
In the
Severity section, select the severity level of the alerts for which this policy must be activated.
To select all the severity categories, select the
All check box.
Click
Next.
In the
Actions section, select
Syslog.
If Syslog servers are not configured in OpenManage Enterprise, click
Enable and enter the destination IP address or the hostname of Syslog servers. For more information about configuring Syslog servers, see
Configure SMTP, SNMP, and Syslog.
Click
Next.
In the
Summary section, details of the alert policy you defined are displayed. Carefully read through the information.
Click
Finish.
Results
The alert policy is successfully created and listed in the
Alert Policies section.
Data is not available for the Topic
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please select whether the article was helpful or not.
Comments cannot contain these special characters: <>()\