Configuring Rules; Filter Criteria; Adding A Rule - Novell SENTINEL LOG MANAGER 1.0.0.5 - ADMINISTRATION GUIDE 03-31-2010 Administration Manual

Hide thumbs Also See for SENTINEL LOG MANAGER 1.0.0.5 - ADMINISTRATION GUIDE 03-31-2010:

Installation manual (38 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

page of 168

/ 168
Contents
Table of Contents
Bookmarks

Table of Contents

Configuring Rules

You can configure rules to evaluate and filter all incoming events and deliver selected events to

designated output channels. For example, each severity 5 event can be e-mailed to a security analyst

distribution list or to an administrator.

This section describes the event channels and rules that can be used to send events from Novell

Sentinel

Log Manager to another system.

Section 7.1, "Configuring Rules," on page 111

Section 7.2, "Configuring Actions," on page 114

Section 7.3, "Configuring E-Mail Notification of Auto-Created Event Sources without a Time

Zone," on page 125

Section 7.4, "Forwarding the Events to Another Sentinel System," on page 127

7.1 Configuring Rules

Sentinel Log Manager rules can be configured to filter events based on one or more of the

searchable fields. Each rule can be associated with one or more of the configured actions.

The rules are evaluated on a first-match basis in top-down order and the first matched rule is applied

to the events that matches the filter criteria.

Section 7.1.1, "Filter Criteria," on page 111

Section 7.1.2, "Adding a Rule," on page 111

Section 7.1.3, "Editing a Rule," on page 112

Section 7.1.4, "Ordering Rules," on page 112

Section 7.1.5, "Deleting a Rule," on page 113

Section 7.1.6, "Activating or Deactivating a Rule," on page 113

7.1.1 Filter Criteria

Rules can be based on any searchable event field. The available operators depend on the data type of

the event field. For example, match subnet is available for IP addresses, and match regex is available

for text fields.

7.1.2 Adding a Rule

You can add a filter-based rule and then define one or more channels where you want to output the

events that meet the rule criteria.

1 Log in to the Sentinel Log Manager as an administrator.

2 Click rules in the upper left corner of the page.

The Rules tab is displayed on the right pane of the page.

3 Click Add Rule.

Configuring Rules

111

Table of Contents

This manual is also suitable for:

Sentinel log manager 1.0.0.5

Configuring Rules; Filter Criteria; Adding A Rule - Novell SENTINEL LOG MANAGER 1.0.0.5 - ADMINISTRATION GUIDE 03-31-2010 Administration Manual

Configuring Rules

7.1.1 Filter Criteria

7.1.2 Adding a Rule

Related Manuals for Novell SENTINEL LOG MANAGER 1.0.0.5 - ADMINISTRATION GUIDE 03-31-2010

Related Content for Novell SENTINEL LOG MANAGER 1.0.0.5 - ADMINISTRATION GUIDE 03-31-2010

This manual is also suitable for:

Table of Contents