Alerts in Logpoint are warnings generated to notify users when any significant events occur. They fire incidents that enable you to execute appropriate actions. Any valid search query can trigger an alert to generate incidents.
You can create an alert rule and select the medium to notify you of the incident. Logpoint can notify you via e-mail, SSH, SNMP, HTTP, or Syslog. You have the flexibility to design an alert mechanism based on your requirements.
You can select among My Rules, Used Rules, Vendor Rules, Shared Rules, and Transferred Rules from the drop-down at the top-left corner of the panel.
If you use a log_ts timestamp to configure the system, Logpoint does not incorporate older logs in the alerts. So, it does not generate any alerts if there is a delay in the collection time of the logs.
Incidents are used to identify, analyze, correct, and thereby prevent information hazards in the future. Logpoint lets you find events such as a system crash, power down, cables unplugged, high disk usage, high CPU usage, and forensics by creating incidents for each of them. Incidents can be created either on an ad-hoc basis from the search logs or by pre-defined alert rules. If you create an alert rule to detect system crashes, an alert is fired whenever the search results match the alerting criteria. Logpoint then creates the corresponding incident based on the alert rule. You can view the log source of an incident to determine if it was triggered by an alert rule or by a search query.
The severity level of an incident can be identified by the following colors:
S.N. |
Severity Level |
Color |
|---|---|---|
1 |
Critical |
Red |
2 |
High |
Purple |
3 |
Medium |
Blue |
4 |
Low |
Gray |
The guide provides you information on creating, managing, and customizing various rules in Logpoint. These rules trigger warnings as notification to users when any significant events occur. The guide serves you in learning a step-by-step execution of one or more of the following tasks.
Create new Alert Rules and Incidents. Go to Creating an Alert Rule and Creating an Incident for more details.
Activate or Deactivate the Alert Rule. Go to Activating or De-activating Alert Rules for more details.
Configure multiple mediums for receiving alert notifications. Go to Setting Up Alert Notifications for more details.
Select different views to display the alert rules. Go to Viewing Alert Rules for more details.
Update the information saved in Alert Rules. Go to Editing an Alert Rule for more details.
Replicate existing Alert Rules to a new one. Go to Cloning Alert Rules for more details.
Manage ownership and permission of Alert Rules. Go to Transfer Ownership of Alert Rules for more details.
Change the time range and repo of Alert Rules. Go to Changing Time Range and Repo of Alert Rules for more details.
Search for incidents and perform necessary actions. Go to Filtering an Incident and Incident Actions for more details.
Delete the Alert Rules. Go to Deleting Alert Rules for more details.
Import and Export the Alert Rules. Go to Export and Importing Alert Rules for more details.
Share the Alert Rules with users. Go to Sharing Alert Rules for more details.