Skip to Content
This is the latest documentation for BMC Helix Network Management (formerly known as Netreo).

 

Add a Logging Rule to a Device Template

Logging rules can be added to device templates to monitor incoming logs and SNMP traps for specific occurrences.

Information

Logging Rule Alert Timing

SNMP traps are processed by Netreo every 5 minutes. In an on-premises deployment, alerting on a triggered rule can take roughly about that much time. However, in a SaaS deployment, there are additional delays, such as transport time and additional processing. So, it is possible for triggered log rules to take up to 8 minutes to alert users.

To add a logging rule to a device template, follow the steps below.

  1. Log in to Netreo as a user with the SuperAdmin access level.
  2. Go to the main menu and select Administration > Templates to open the Device Templates Administration page.
  3. Locate the device template to which you would like to add a logging rule and select its edit icon in the ACTIONS column.
  4. In the Template Components panel, locate the Logging Rules table.
  5. Select the add logging rule button (+ symbol).
    1. In the TITLE field, enter a name for your rule. Logging rule names must be unique across all device templates.
    2. By default, Netreo collects statistics for rule matches and provides a threshold check for optional monitoring and alerting on that value. If you do not wish for Netreo to collect statistics on matches for this rule, set the POLLER switch to OFF.
    3. If you wish to be alerted to all occurrences of a rule match, set the PASSIVE CHECK switch to ON.
      • This option adds a generic passive service check to all applicable devices. The added check requires additional configuration on each applicable device to set alarm sensitivity and action groups.
      • Alarms generated by this passive service check automatically clear after 5 minutes.
    4. To trigger a match for this rule, any of the 3 following options may be used, either individually or in combination:
      1. To trigger a match based on a regular expression, enter appropriate expressions in the REGULAR EXPRESSION MATCH and/or NOT MATCH REGULAR EXPRESSION fields.
        • These fields may be used independently or together for more complex matching, as they are combined using an AND operation.
        • MySQL databases (how logs are stored in Netreo) use a subset of the regular expression ruleset explained here: https://dev.mysql.com/doc/refman/8.0/en/regexp.html
      2. To trigger a match based on log message severity, first select how the severity should be matched in the SEVERITY fields, and then select the corresponding severity level.
        • Note: Syslogs and Windows event logs have severities; SNMP traps do not.
      3. To trigger a match based on a Windows event log code, enter the appropriate code to match in the CODE field.
  6. (Optional) Configure the provided threshold check if statistics are being collected. This check monitors the number of occurrences.
  7. Select Add Log.
  8. Now follow the instructions in Re-Apply Device Templates After Editing.

Note: Logging data time stamps reported by Netreo are based on the time stamp supplied by the message.

 

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*

BMC Helix Network Management