Setting Up Alerts for Log Data on the Log Monitoring Dashboard

You can set up an alert on a search criteria to receive emails whenever there are occurrences of the search criteria results in the log events.

For example, suppose you have a saved search criteria for failed logins. You can set up an alert to receive an email if the failed login event occurs three times within the next five minutes. 

Before You Begin

You must have a saved search criteria. Access the search criteria using the following steps:

  1. From the My Applications page in the Web Console, click Log Monitoring.
  2. At the upper right of the Default dashboard page, click Search.
  3. On the Search page, go to the Saved Search table and click the saved search criteria that you want to use.

If you want to create a new search criteria, perform a search and then save the search criteria. For instructions, see Searching Log Data on the Log Monitoring Dashboard.

Procedure

  1. On the Search page, use one of the following ways to access the properties of the saved search criteria:
    • Go to the search bar and click the star button .
    • At the upper right of the page, click Actions > Create Alert.
  2. In the Edit Saved Search Criteria dialog box, select the Enable Alert check box and specify the following details:
    1. In the Alert Name box, enter a name for the alert.
    2. In the Alert Frequency area, determine how frequent you want to receive alerts:
      • To receive an alert every time there is an occurrence of the search criteria, click Every occurrence.
      • To receive an alert based on the number of occurrences that take place within a period of time, click Match multiple occurrences.

        In the Matches area, specify the number of times that the log event should occur within a specific period of time.

        For example, to receive an email whenever a log event occurs three times within five minutes, type 3 in the times box and 5 in the minutes box.

    3. In the Email Recipients box, enter the e-mail addresses of the alert recipients.
    4. In the Lines above and Lines below boxes, specify the number of lines above and below the log event that you want to see in the email.
    5. Click Save.
  3. To view the alert that you created, at the upper right of the page, click Alerts.

    The Alerts page displays the alert details, such as the name and email recipients.

  4. If you need to manage your alerts at some point in time, use the Alerts page to perform the following tasks:
    • Edit the alert details
    • Delete an alert
    • Disable an alert