Alerts in Logpoint are warnings generated to notify users when any significant events occur. They fire incidents that enable you to execute appropriate actions. Any valid search query can trigger an alert to generate incidents.
You can create an alert rule and select the medium to notify you of the incident. Logpoint can notify you via e-mail, SSH, SNMP, HTTP, or Syslog. You have the flexibility to design an alert mechanism based on your requirements.
You can select among My Rules, Used Rules, Vendor Rules, Shared Rules, and Transferred Rules from the drop-down at the top-left corner of the panel.
Note
If you use a log_ts timestamp to configure the system, Logpoint does not incorporate older logs in the alerts. So, it does not generate any alerts if there is a delay in the collection time of the logs.
Incidents are used to identify, analyze, correct, and thereby prevent information hazards in the future. Logpoint lets you find events such as a system crash, power down, cables unplugged, high disk usage, high CPU usage, and forensics by creating incidents for each of them. Incidents can be created either on an ad-hoc basis from the search logs or by pre-defined alert rules. If you create an alert rule to detect system crashes, an alert is fired whenever the search results match the alerting criteria. Logpoint then creates the corresponding incident based on the alert rule. You can view the log source of an incident to determine if it was triggered by an alert rule or by a search query.
The severity level of an incident can be identified by the following colors:
S.N. |
Severity Level |
Color |
|---|---|---|
1 |
Critical |
Red |
2 |
High |
Purple |
3 |
Medium |
Blue |
4 |
Low |
Gray |
The guide provides you information on creating, managing, and customizing various rules in Logpoint. These rules trigger warnings as notification to users when any significant events occur. The guide serves you in learning a step-by-step execution of one or more of the following tasks.
Create new Alert Rules and Incidents. Refer to Creating an Alert Rule and Creating an Incident.
Activate or Deactivate the Alert Rule. Refer to Activating Alert Rules.
Configure multiple mediums for receiving alert notifications. Refer to Setting Up Alert Notifications.
Select different views to display the alert rules. Refer to Selecting Page View of Alert Rules.
Update the information saved in Alert Rules. Refer to Editing an Alert Rule.
Replicate existing Alert Rules to a new one. Refer to Cloning Alert Rules.
Manage ownership and permission of Alert Rules. Refer to Transfer Ownership of Alert Rules.
Change the time range and repo of Alert Rules. Refer to Changing Time Range and Repo of Alert Rules.
Search for incidents and perform necessary actions. Refer to Filtering an Incident and Incident Actions.
Delete the Alert Rules. Refer to Deleting Alert Rules.
Import and Export the Alert Rules. Refer to Exporting Alert Rules and Importing Alert Rules.
Share the Alert Rules with users. Refer to Sharing Alert Rules with Users.