Edit Alert Policy rules

Alert Policy rule settings include the Alert Sender, the Alert and Situation, Time, and Severity.

  For more details about the product and how to configure features, click Help or press F1.

Steps

  1. Select Configuration, then browse to Administration.
  2. Browse to Alert Configurations > Alert Policies.
  3. Right-click an Alert Policy, then select Edit <name>.
  4. Add a rule:
    • In an empty Alert Policy, right-click the rule table, then select Rule > Add Rule.
    • In an Alert Policy with existing rules, right-click a rule ID, then select Rule > Add Rule Before or Rule > Add Rule After.
  5. (Optional) Select the Alert Sender or keep the option Set to ANY.
  6. (Optional) Specify the Alert and Situation that this rule matches.
  7. (Optional) Double-click the Time cell, select when you want the rule to be applied, then click OK.
    • If you do not specify a validity time, the rule is always applicable.
    • The time is entered as UTC (GMT) time. You must calculate the effects of the time difference on your local time. (UTC does not adjust for daylight savings time.)
  8. (Optional) Double-click the Severity cell, then specify the Severity value or the range of Severity values that this rule matches.
    • To define a single Severity value, select Severity, then one of the Severity options.
    • If you want the rule to match a range of Severities, select Severity Range, then define the range in the From and To lists.
  9. Select which Alert Chain is processed when an alert event matches this rule.
  10. Click Save.

Alert Policy Editing view

Use this view to edit Alert rules in an Alert Policy element.

Option Definition
Resources Use this pane to create and add elements to a policy.
Search Opens a search field for the selected element list.
Up (Backspace) Returns to the previous folder.
New Opens the associated dialog box to create an element.
Tools Show Deleted Elements — Shows elements that have been moved to the Trash.
Option Definition
Policy Toolbar
Save Saves the changes.
Save and Install Saves the changes and installs the policy on the target engine.
Undo operation Undoes the last change made.
Redo operation Redoes the last change that was undone.
Tools
Validate Validates the rules in the policy. Opens the Validate Policy dialog box in which you can select which issues are checked in the rules.
Compare to Policy Snapshot Compares the policy with a previously created snapshot of the policy.
Expand Rule Sections If you have added Rule Sections, they are all expanded.
Collapse Rule Sections If you have added Rule Sections, and they are expanded, they are all collapsed.
Target selector Selects the target Domain for the Validate action.
Option Definition
Rules table
ID (Not editable) Automatically assigned ID number that indicates the order of the rules in the policy. The rules are matched against traffic in the order of the ID numbers. For example, the rule 14.3 is the third rule added in this policy to the insert point that is the fourteenth rule in the upper-level template.
Right-clicking this type of cell opens these menu items:
  • Properties — Opens the Rule Properties dialog box.
  • Cut Rule — Copies the rule to the clipboard and deletes the rule from the policy.
  • Copy Rule — Copies the rule from the policy.
  • Paste — Pastes the rule into the policy.
  • Delete Rule — Deletes the rule from the policy.
  • Disable Rule — Temporarily disables the rule without deleting it.
  • Add Rule Before — Adds the new rule before the selected rule or section.
  • Add Rule After — Adds the new rule after the selected rule or section.
  • Add Rule Section Before — Creates a collapsible section before the selected rule or section.
  • Add Rule Section After — Creates a collapsible section after the selected rule or section.
  • Move Rule Up — Moves the rule position up on the list.
  • Move Rule Down — Moves the rule position down on the list.
  • Show Related Logs — Filters the logs based on the identifier.
Sender Drag and drop elements from the Resources pane to specify the Alert Sender or keep the option Set to ANY.
Alert and Situation

(Optional)

Specifies the Alert and Situation that the rule matches.
Time

(Optional)

Double-click and select when you want the rule to be applied.

If you do not specify a validity time, the rule is always applicable.

The time is entered in UTC time. You must calculate the effects of the time difference on your local time.

Severity Double-click and specify the Severity value or the range of Severity values that this rule matches. The Select Severity dialog box opens.

To define a single Severity value, select Severity and one of the options.

If you want the rule to match a range of Severities, select Severity Range and define the range in the From and To lists.

Chain

(Optional)

Specifies which Alert Chain is processed when an alert event matches this rule.
Rule Name Contains a rule tag and optionally a rule name.
  • Name (Optional) — Name or description for the rule. Displayed alongside the rule tag.
  • Tag (Not editable) — Automatically assigned unique identification for the rule. Works as a link between the log entries and the rule that has generated the log entries. The rule tag consists of two parts (for example, @20.1). The first part of the tag is permanent and belongs to only that rule. The second part changes when the rule is changed. The first part and the second part are separated by a period.
Right-clicking this type of cell opens these menu items:
  • Edit Rule Name — Opens a text area that allows you to edit the rule name.
  • Clear Cell — Removes the cell content.
  • Remaining list items are the same as for the ID cell.
Comment An optional comment for your own reference.
Option Definition
General tab
Name Specifies the element name.
Rule Tag Rule tag of the rule.
Comment An optional comment for your own reference.
Rule Info tab The rule cells and their values.
Right-clicking the ID cell opens the following menu items:
  • Preview Alert Rule — Opens the Alert rule for preview.
  • Lock — Prevents edits until the rule is explicitly unlocked. Opens the Lock Properties dialog box.
Option Definition
History tab
Creator Shows the administrator who created the rule.
Created Shows the time when the rule was created.
Modifier Shows the administrator who modified the rule.
Modified Shows the time when the rule was modified.
Audit History Opens the Logs view and displays the audit log data for traffic that matches the rule.

Alert Rule Validity Time dialog box

Use this dialog box to define the validity time of an Alert Rule in an Alert Policy element.

Option Definition
Days The days on which the rule is applied.
Hours The time range during which the rule is applied.

The time is entered in UTC time. You must calculate the effects of the time difference on your local time.

Reset Discards the changes and reverts to the default settings.

Select Severity dialog box

Use this dialog box to define the severity of an Alert rule in an Alert Policy element.

Option Definition
Severity Severity value or the range of Severity values that this rule matches.
  • Severity — Select to define a single Severity value, then select one of the Severity options.
  • Severity Range — Select if you want the rule to match a range of Severities, then define the range in the From and To lists.
Information Alerts that are meant for information only. Corresponds to numeric alert value 1.
Low The alerts that have a low severity. Corresponds to numeric alert values 2–4.
High The alerts that have a high severity. Corresponds to numeric alert values 5–7.
Critical Alerts that have the highest severity. Corresponds to numeric alert values 8–10.
From The start value of a Severity Range.
to The end value of a Severity Range.