Documentation forKiwi Syslog Server

Send an email alert for critical messages

Rules define what action Kiwi Syslog Server NG takes when it receives a message. The rule in this example sends an email message to the NOC group when Kiwi Syslog Server NG receives a message with a priority level of Critical or higher from a device within an IP address range.

To configure this rule, complete the following tasks:

  1. Add a rule.
  2. Add a filter that includes only messages from specific devices.
  3. Add a filter that includes only messages with a priority level of Critical or higher.
  4. Add an action that sends an email when a message passes both filters.

Task 1: Add a rule

  1. From the Kiwi Syslog Server NG navigation bar, choose Setup > Rules.

  2. Click Add. Use the New Rule wizard to add rule details.

    Rule, filter, and action names do not have to be unique. They are limited to 25 characters. If you enter more than 25 characters, the name is automatically truncated.

Task 2: Add a filter to include only messages from certain devices

This filter specifies a range of IP addresses to include. Only messages sent from one of these devices pass the filter.

For information about configuring other types of filters, see Add a filter in the administrator guide.

  1. After creating a name in the New Rule wizard, click Add Filter under Filters.

  2. Define the filter name in the provided field.

  3. In the Field drop down, select IP Address.

  4. Select an option from the Filter Type drop down and specify the respective IP addresses.

    For more information on IP address filter types, see Filter messages based on IP address.

  5. Click Add to apply the filter in the wizard.

Task 3: Add a filter to include only messages with a priority of Critical or higher

This filter specifies which priority levels to include. Only messages with a priority of Critical or higher pass the filter.

  1. In the New Rule wizard, click Add Filter under Filters.

  2. Define the filter name in the provided field.

  3. In the Field drop down, select Priority.

  4. In the Facility drop down, select the appropriate facility.

  5. In the Severity drop down, select Critical.

  6. Click Add to apply the filter.
  7. To add the action to send an email, click Next.

Task 4: Add an action to send an email

When a message passes both filters, the following action sends an email to the NOC group at mycompany.com.

For information about configuring other types of actions, see Add an action in the administrator guide.

  1. In the New Rule wizard, click Add Action under Actions.

  2. Define the action name in the provided field.

  3. In the Action drop down, select E-mail message.

  4. Define the E-mail Recipients address or addresses. You can enter multiple addresses separated by commas.

  5. Define the Email From address.

  6. Define the E-mail Subject name.

    To insert a variable, click the icon on the right and select an option. For more information on the available variables, see Message content or counters in the administrator guide.

  7. Enter the email message. Review the action settings.

  8. Click Add to apply the action.

  9. In the New Rule wizard, click Next.

  10. Review all filters and actions. Click Save.