> Documentation > CommCell Management > Operating and Monitoring the Backup Environment > Log Monitoring > Monitoring Logs with the Log Monitoring Application > Searching Log Data in the Log Monitoring Application

Setting Up Alerts for Log Data in the Log Monitoring Application

You can set up alerts on a search to receive emails whenever there are occurrences of the search results in the log events.

For example, if you have a saved search for failed logins, you can set up an alert to receive an email if the failed login event occurs three times within the next five minutes.

Note: You can set up an alert to monitor logs only from the Log Monitoring application on the Web Console. Setting up alerts (to monitor logs) from a monitoring policy is not supported.

Before You Begin

  1. Save a search.

  2. Open the saved search:

    1. At the upper left of the page, click Search.

    2. On the Search page, select the search that you want to use.

      Tip: If you do not see a list of searches, on the right side of the page, click Show History.

Procedure

To create the first alert for the search, at the upper right of the Search page, click Actions > Create Alert. If an alert already exists for the search, click Actions > Add/Edit Alert.

  1. In the Save alert criteria dialog box, specify the following details:

    1. In the Search box, enter the keywords of the search.

    2. In the Name box, enter a name for the alert.

    3. In the Type box, indicate when you want to receive alert emails:

      Type

      Description

      Setup

      Every occurrence

      Receive an alert every time there is an occurrence of the search criteria.

      None

      Match multiple occurrences

      Receive an alert based on the number of times the log event takes place within a period of time.

      For example, to receive an email whenever a log event occurs three times within five minutes, type 3 in the times box and 5 in the minutes box.

      Matches

      n times, within n minutes

      Compare

      Receive an alert based on a trend in the data.

      Criteria

      Define the alert criteria by selecting the measurement option and the trend option:

      • Measurement Options

      • Count

      • Avg field name

      • Min field name

      • Max field name

      • Group by field name

      • Trend Options

      • Increase by value percentage|absolute

      • Decrease by value percentage|absolute

      • Increase/Decrease by value percentage|absolute

        Notification Criteria

        Select from these options to configure when the alert email is sent:

      • Notify only if the condition persists for n hr(s) n min(s)

        Sends the alert email only if the alert condition lasts for the defined period of time. In the hr(s) and min(s) boxes, enter how long the condition should last before the alert email is sent.

      • Repeat notification every n hr(s) n min(s)

        Sends the alert email multiple times. In the hr(s) and min(s) boxes, enter how often the alert email is sent.

      • Notify when the condition clears

        Sends the alert email when the alert condition clears.

      Match the below criteria

      Receive an alert when the field you select is great than, less than, or equal to the value you define.

      Criteria

      field name, operator, value

      Alert when the value of specified field changes

      Receive an alert when the value for the field specified changes

      Criteria

      field name, group by field name

      Compare matched events with total number of events

      Receive an alert when the field you select is great than, less than, or equal to the value you define for the number of events that is great than, less than, or equal to the value you define for the percentage of total events.

      Criteria

      field name, operator, value, group by field name, alert if above criteria is

    4. Optional: If Match the below criteria is selected as the alert type, you can set additional options under Notification Criteria:

      • Notify only if condition persists for n hr(s) n min(s)

        Select this option to send the notification after the configured alert criteria occur for the defined time.

      • Repeat notification every n hr(s) n min(s)

        Select this option to send the alert notification to its intended recipients more than one time.

      • Notify when the condition clears

        Select this option to send the notification only when the alert condition clears.

    5. In the Email Recipients box, enter the email addresses of the alert recipients.

    6. In the Lines above and Lines below boxes, specify the number of lines above and below the log event that you want to see in the email.

    7. Select the Display selected columns of table view in email checkbox to include the selected columns of table view in the email.

    8. Select the Select workflow for notification checkbox to execute a workflow along with the email, and then select the workflow from the list.

    9. Click Save.

      The Alerts page appears. You can view or edit the alerts that you created.

  2. To view the alerts that you created, at the top of the page, click Manage, and then click Alerts.

    The Alerts Search page displays the alert details, such as the name and email recipients.

  3. To manage alerts on the Alerts Search page, right-click an alert to perform the following tasks:

    • Enable or disable an alert

    • Edit an alert

    • Delete an alert

    Tip: To perform a task on multiple alerts, select the alerts, and at the upper left of the page, click Enable, Disable, or Delete.

Loading...