Send an email alert for critical messages in KSS NG
Rules define what action Kiwi Syslog Server NG (KSS NG) takes when it receives a message. The rule in this example sends an email message to the NOC group when KSS NG receives a message with a priority level of Critical or higher from a device within an IP address range.
To configure this rule, complete the following tasks:
- Add a rule.
- Add a filter that includes only messages from specific devices.
- Add a filter that includes only messages with a priority level of Critical or higher.
- Add an action that sends an email when a message passes both filters.
Task 1: Add a rule
-
From the KSS NG navigation bar, choose Setup > Rules.
-
Click Add. Use the New Rule wizard to add rule details.
Rule, filter, and action names do not have to be unique. They are limited to 25 characters. If you enter more than 25 characters, the name is automatically truncated.
Task 2: Add a filter to include only messages from certain devices
This filter specifies a range of IP addresses to include. Only messages sent from one of these devices pass the filter.
For information about configuring other types of filters, see Add a filter in the administrator guide.
- After creating a name in the New Rule wizard, click Add Filter under Filters.
- Define the filter name in the provided field.
-
In the Field drop down, select IP Address.
-
Select an option from the Filter Type drop down and specify the respective IP addresses.
For more information on IP address filter types, see Filter messages based on IP address.
- Click Add to apply the filter in the wizard.
Task 3: Add a filter to include only messages with a priority of Critical or higher
This filter specifies which priority levels to include. Only messages with a priority of Critical or higher pass the filter.
-
In the New Rule wizard, click Add Filter under Filters.
-
Define the filter name in the provided field.
-
In the Field drop down, select Priority.
-
In the Facility drop down, select the appropriate facility.
-
In the Severity drop down, select Critical.
- Click Add to apply the filter.
- To add the action to send an email, click Next.
Task 4: Add an action to send an email
When a message passes both filters, the following action sends an email to the NOC group at mycompany.com.
For information about configuring other types of actions, see Add an action in the administrator guide.
-
In the New Rule wizard, click Add Action under Actions.
-
Define the action name in the provided field.
-
In the Action drop down, select E-mail message.
-
Define the E-mail Recipients address or addresses. You can enter multiple addresses separated by commas.
-
Define the Email From address.
-
Define the E-mail Subject name.
To insert a variable, click the icon on the right and select an option. For more information on the available variables, see Message content or counters in the administrator guide.
-
Enter the email message. Review the action settings.
-
Click Add to apply the action.
-
In the New Rule wizard, click Next.
-
Review all filters and actions. Click Save.