Documentation forKiwi Syslog Server NG

Send an email alert for critical messages

Rules define what action Kiwi Syslog Server takes when it receives a message. The rule in this example sends an email message to the NOC group when Kiwi Syslog Server receives a message with a priority level of Critical or higher from a device within an IP address range.

For more information, you can check out the SolarWinds Academy and watch our video for Setting Up Email Alerts.

To configure this rule, complete the following tasks:

  1. Add a rule.
  2. Add a filter that includes only messages from specific devices.
  3. Add a filter that includes only messages with a priority level of Critical or higher.
  4. Add an action that sends an email when a message passes both filters.

Task 1: Add a rule

  1. Choose File > Setup to open the Kiwi Syslog Server Setup dialog box.

    The left pane displays existing rules.

    By default, Kiwi Syslog Server includes two rules. One displays all messages in the console and logs them to a file called SyslogCatchAll-yyyy-mm-dd.txt. The other logs all messages to Kiwi Syslog Web Access (if it is installed).

  2. Right-click the Rules top level and choose Add Rule.

    A new rule sub-item is added below the existing rules.

  3. Replace the default rule name with a descriptive name.

    Rule, filter, and action names do not have to be unique. They are limited to 25 characters. If you enter more than 25 characters, the name is automatically truncated.

Task 2: Add a filter to include only messages from certain devices

This filter specifies a range of IP addresses to include. Only messages sent from one of these devices pass the filter.

For information about configuring other types of filters, see Add a filter in the administrator guide.

  1. Right-click the Filters sub-level below the new rule, and choose Add Filter.

  2. Replace the default filter name with a descriptive name.

  3. In the Field menu at the top of the dialog, select IP address.

  4. In the Filter Type menu, select the option for specifying IP addresses. For this example, select IPv4 Range.

  5. Specify the range of IP addresses to include.

    In this example, messages are included if the sending device's IP address is between 192.0.2.0 and 192.0.2.24.

  6. Click Apply to save the filter.

Task 3: Add a filter to include only messages with a priority of Critical or higher

This filter specifies which priority levels to include. Only messages with a priority of Critical or higher pass the filter.

  1. Right-click the Filters sub-level below the rule, and choose Add Filter.

  2. Replace the default filter name with a descriptive name.

  3. In the Field menu, select IP address.

  4. Drag the mouse pointer from the Emerg (Emergency) column heading to the Crit (Critical) column heading to select them.

    The Emerg, Alert, and Crit columns are highlighted in yellow.

  5. Right-click the highlighted area and select Toggle to On.

    Green check marks indicate that the column cells are included.

  6. Click Apply to save the filter.

Task 4: Add an action to send an email

When a message passes both filters, the following action sends an email to the NOC group at mycompany.com.

  • The action to send an email is available only in the licensed version of Kiwi Syslog Server.
  • For information about configuring other types of actions, see Add an action in the administrator guide.
  1. Verify that the required email settings have been configured.
    1. In the left pane of the Kiwi Syslog Server Setup dialog, scroll down and click Email.
    2. Select the email format and security protocol your email system uses.
    3. Enter the host name or IP address of the SMTP server, and specify the port.
    4. Enter a valid from email address.

      This address is shown in the From field in emails that Kiwi Syslog Server sends. Also, in case of a mail failure, the SMTP server sends the bounce message to this address.

      For more information about these and other email options, see Configure email options in the administrator guide.

  2. Right-click the Action sub-level below the rule, and choose Add Action.
  3. Replace the default name with a descriptive name.

  4. In the Action menu at the top of the dialog, select E-mail message.

  5. Enter the recipient's address. You can enter multiple addresses separated by commas.

  6. Enter the From address.

    If you are using SSL or TLS, make sure that this address is the same as the From email address specified in E-mail settings.

  7. Enter the email subject line.

    This example uses variables to insert the message level and sending device's IP address.

    To insert a variable, click Insert message content or counter, and select an option. For more information on the available variables, see Message content or counters in the administrator guide.

  8. Enter the email message. This example uses variables to insert the sending device's IP address, time, date, and syslog message text.

    The following example shows a subject line and email message built with these variables.

  9. Click Apply to save the action.

    Check marks indicate that the rule, filters, and action are enabled.