Monitoring Policy Wizard: Please specify criteria/Edit Criteria for Monitoring Policy

Use this page in the wizard to define the monitoring criteria to track specific events in the logs. The contents of this page are also available in the Edit Criteria for Monitoring Policy dialog box, which comes up if you selected to edit the criteria of an existing monitoring policy.

Index all lines

Use this option to capture all the events that occur in the logs. Use this configuration if you plan to monitor the logs only by using the Log Monitoring dashboard in the Web Console. If you did not set up the dashboard, you must set up the Web Console and configure the Analytics engine before creating the monitoring policy. For more information, see Setting Up the Log Monitoring Dashboard.

This option disables the ability to define monitoring criteria, because all the log events are captured. Therefore, if you use this option, alerts cannot be created as they require the monitoring criteria to trigger notifications.

Specify Criteria

Use this option to specify monitoring criteria to capture specific log events. When the option is selected, it enables a table which displays the details of the monitoring criteria that you defined.

  • Description

    Displays the parameters for tracking log events that you want to capture. For example, a description can say "PID equals to 1234", which means that the policy will track a process with ID 1234.

  • User Assigned Severity

    Displays the severity level associated with the monitoring criteria.

Add

Opens the Create Criteria dialog box you define a new monitoring criteria.

Edit

Opens the Edit Criteria dialog box where you can update the monitoring criteria currently selected in the table.

Delete

Deletes the monitoring criteria currently selected in the table.