1. Home
  2. Tutorials and How Tos
  3. How to Add a Logging Rule to a Device Template

How to Add a Logging Rule to a Device Template

See, How to Edit a Device Template to see how to open the device template editing page.

Once you’ve navigated to the device template editing page, in the “Logging Rules” section of the “Template Components” panel, click the add rule ( + ) button.

Click the plus button to add a new logging rule to a device template.

On the page that follows:

The logging rule configuration dialog. You can set up your logging rule to scan multiple log types.
  1. In the TITLE field, enter a name for your rule. All logging rule names must be unique across OmniCenter.
  2. If you want performance statistics to be collected for rule matches, switch the POLLER setting to ON. This will add an associated threshold/anomaly check to the template along with this check, which must then be configured (see the entry on threshold checks for information on how to configure threshold/anomaly checks).
  3. If you want to be alerted for any occurrences of a rule match at all, switch the PASSIVE CHECK setting to ON to have OmniCenter automatically add a generic passive service check to the applicable devices. Using this option requires additional configuration of the service check to set alarm sensitivity and action groups (see Service Checks for information on configuring service checks).
  4. To configure how the rule is triggered (any combination of the following may be used):
    1. If you want the rule to be triggered based on a regular expression match, enter the appropriate expressions in the REGULAR EXPRESSION MATCH and/or NOT MATCH REGULAR EXPRESSION fields.
      • These fields can be used independently or together for more complex matching, as they are combined with an AND.
      • MySQL databases (which is how logs are stored in OmniCenter) use a subset of the regular expression ruleset explained here: https://dev.mysql.com/doc/refman/8.0/en/regexp.html
    2. If you want the rule to be triggered based on log message severity, in the SEVERITY fields, select how the severity should be matched and the severity level.
      • Syslogs and Windows event logs have severities, traps don’t.
    3. If you want the rule to be triggered based on a Windows event log code, in the CODE field, enter the appropriate code.
  5. When finished click the Add Log button.

You may add as many logging rules as necessary. When finished, it is not necessary to click the Update button on the main template edit page. This is only required when editing authentication credentials.

If you’ve added logging rules to a device template that is already applied to any devices, navigate back to the Device Templates Administration page using the arrow icon at the top left of the page and reapply your device templates.

Updated on April 9, 2020

Was this article helpful?

Need Support?
Can’t find the answer you’re looking for? Don’t worry we’re here to help!
Contact Support

Leave a Reply