This topic describes how to configure notifications for event source groups. Notifications are sent when thresholds are not met.
Notifications go hand-in-hand with Thresholds. Before you configure notifications, you should set up Thresholds for an event source group.
Before you set up notifications for an event source group, you should review the available notification items:
- Notification Servers: These are the servers that you want to receive notifications from the system. For more details, see the Notification Servers Overview topic in the System Configuration Guide.
- Notification Templates: These are the available templates for each type of notification. For Event Source Management, default templates are supplied for Email (SMTP), SNMP, and Syslog. You can use these templates as supplied, or customize them if necessary. For more details, see the Templates Overview topic in the Systems Configuration Guide.
- Notification Output: The outputs contain the parameters for the notification type. For example, an email notification type contains the email addresses and subject for the notification. For more details, see the Notification Outputs Overview topic in the Systems Configuration Guide.
Add Notifications for an event source group
To add notifications for an event source group:
- In the Security Analytics menu, select Administration > Event Sources.
Select the Monitoring Policies tab.
In the Event Groups panel, select a group.
Enter values for the Notification, Notification Server, and Template fields.
- For Notification, select from the list, or add a suitable notification type in Notifications, and then select it here.
- For the Server, select one from the list, or add a suitable server in Notifications, and then select it here.
- For Template, select an available template, or create a suitable template in Notifications, and then select it here.
Optionally, you can limit the rate of notifications for a policy.
- Select Output Suppression to enable setting a limit.
- Enter a value, in minutes, for the suppression rate. For example, if you enter 30, notifications for this policy are limited to one notification every 30 minutes.
- Click Save.
Here is an example of a monitoring policy that contains a threshold and notification for an event source group.