Alerts in Logpoint are warnings generated to notify users when any significant events occur. They fire incidents that enable you to execute appropriate actions. Any valid search query can trigger an alert to generate incidents.
You can create an alert rule and select the medium to notify you of the incident. Logpoint can notify you via e-mail, SSH, SNMP, HTTP, or Syslog. You have the flexibility to design an alert mechanism based on your requirements.
If you use a log_ts timestamp to configure the system, Logpoint does not incorporate older logs in the alerts. So, it does not generate any alerts if there is a delay in the collection time of the logs.
Incidents are used to identify, analyze, correct, and thereby prevent information hazards in the future. Logpoint lets you find events such as a system crash, power down, cables unplugged, high disk usage, high CPU usage, and forensics by creating incidents for each of them. Incidents can be created either on an ad-hoc basis from the search logs or by pre-defined alert rules. If you create an alert rule to detect system crashes, an alert is fired whenever the search results match the alerting criteria. Logpoint then creates the corresponding incident based on the alert rule. You can view the log source of an incident to determine if it was triggered by an alert rule or by a search query.
The severity level of an incident can be identified by the following colors:
S.N. |
Severity Level |
Color |
|---|---|---|
1 |
Critical |
Red |
2 |
High |
Purple |
3 |
Medium |
Blue |
4 |
Low |
Gray |