Create custom log-processing rules

On the Log Processing Configuration page, you can create custom rules to complement the standard, out-of-the-box rule sets. You can define rule conditions to identify a specific log entry, and then establish subsequent actions, such as executing commands and discarding log entries.

The pre-defined Rule Policy groups organize rule policies based on the message source and determine the rule policy evaluation order. The Processing Policies pane is organized into the following policy groups:

• Log Files (Log Analyzer only)
• Syslog
• Traps
• VMware Events
• Windows Events (Log Analyzer only)
• Global Pre-processing: Evaluated before log-specific and global post-processing rule policies
• Global Post-processing: Evaluated after all log-specific rule policies

Group	Message Type	Evaluation Order
Global Pre-processing	All messages	1
Log Files (Log Analyzer only)	Windows flat file messages	2
Syslog	Syslog messages	3
Traps	Trap messages	4
VMware Events	VMware event messages	5
Windows Events (Log Analyzer only)	Windows event messages	6
Global Post-processing	All messages	7

1. On the Log Viewer toolbar, click Configure Rules.

   

2. In the Processing Policies pane, click to expand a policy group, and then click My Custom Rules.

3. Click Create New Rule.

   

4. Enter a descriptive name for the rule, and then click Next.

   

5. Select your source computers.

   You can choose to trigger this alert from all sources, or specify conditions and values for one or more sources.

   

6. Define your log entry rule conditions and values, and then click Next.

   

7. Select one or more log entry actions.

   

8. Integrate an alert action, and then click Next.

9. Review your rule summary, and then click Save to create the rule. To edit your rule conditions and actions, click Back.

10. After you create one or more rules, you can then edit, enable, or disable each rule.

11. To return to the Log Viewer, navigate to My Dashboards > Logs > Log Viewer.