1. Home
  2. Solutions
  3. How to Add a Logging Rule to a Device Template

How to Add a Logging Rule to a Device Template

See How to Edit a Device Template to see how to open the device template editing page.

Once you’ve navigated to the device template editing page, in the “Logging Rules” section of the “Template Components” panel, click the add rule ( + ) button.

Click the plus button to add a new logging rule to a device template.

On the page that follows:

The logging rule configuration dialog. You can set up your logging rule to scan multiple log types.
  1. In the TITLE field, enter a name for your rule. All logging rule names must be unique across Netreo.
  2. If you want statistics to be collected for rule matches, switch the POLLER setting to ON. Doing this also adds a threshold check to the template allowing you to monitor the frequency of matches.
  3. If you want to be alerted to occurrences of a rule match without collecting statistics, switch the PASSIVE CHECK setting to ON. Netreo adds a generic passive service check to the applicable devices. Using this option requires additional configuration of the service check on each device to set alarm sensitivity and action groups.
  4. To configure how the rule is triggered, any combination of the following may be used:
    1. If you want the rule to be triggered based on a regular expression, enter the appropriate expressions in the REGULAR EXPRESSION MATCH and/or NOT MATCH REGULAR EXPRESSION fields.
      • These fields can be used independently or together for more complex matching, as they are combined with an AND.
      • MySQL databases (which is how logs are stored in Netreo) use a subset of the regular expression ruleset explained here: https://dev.mysql.com/doc/refman/8.0/en/regexp.html
    2. If you want the rule to be triggered based on log message severity, in the SEVERITY fields, select how the severity should be matched and the severity level.
      • Syslogs and Windows event logs have severities, traps don’t.
    3. If you want the rule to be triggered based on a Windows event log code, in the CODE field, enter the appropriate code.
  5. When finished click the Add Log button.

You may add as many logging rules as necessary. When finished, it is not necessary to click the Update button on the main template edit page. This is only required when editing authentication credentials.

If you’ve added logging rules to a device template that is already applied to any devices, navigate back to the Device Templates Administration page using the arrow icon at the top left of the page and reapply your device templates.

Updated on October 14, 2020

Was this article helpful?

Need Support?
Can’t find the answer you’re looking for? Don’t worry we’re here to help!
Contact Support

Leave a Reply