Pre-Defined Search Filter Alert

The Pre-Defined Search Filter Alert allows for alert notification when a text search match occurs within the received log message. This alert leverages the Log Appliance search filters for the text search match definitions.

Request Parameters

Example of Pre-Defined Search Filter Alert:

<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:aler="AlertService">
   <soapenv:Header/>
   <soapenv:Body>
      <aler:createAlert>
         <!--Optional:-->
         <aler:authToken>admin/admin123</aler:authToken>
         <!--Optional:-->
         <aler:alertTypeName>Pre-Defined Search Filter Alert</aler:alertTypeName>
         <!--Optional:-->
         <aler:name>Alert7</aler:name>
         <!--Optional:-->
         <aler:desc>Pre-Defined Search Filter Alert - user alert</aler:desc>
         <!--Optional:-->
         <aler:priorityName>medium</aler:priorityName>
         <!--Optional:-->
         <aler:enabled>no</aler:enabled>
         <!--Optional:-->
         <aler:deviceNames>All Cisco ASA</aler:deviceNames>
         <!--Optional:-->
         <aler:usernames>admin</aler:usernames>
         <!--Optional:-->
         <aler:trapIds></aler:trapIds>
         <!--Optional:-->
         <aler:resetTime>900</aler:resetTime>
         <!--Optional:-->
         <aler:trackIndividualDevice>yes</aler:trackIndividualDevice>
         <!--Optional:-->
         <aler:alertRules>SearchFilterName/MySearchFilter//FewerThan/100//Timespan/60/</aler:alertRules>
         <!--Optional:-->
         <aler:snmpOId></aler:snmpOId>
      </aler:createAlert>
   </soapenv:Body>
</soapenv:Envelope>

Example

“searchFilterName/MySearchFilter//FewerThan/100//TimeSpan/60”

The following table lists the Pre-Defined Search Filter Alert-specific parameters. You must include the parameters as inputs for the alertRules parameter.

Pre-Defined Search Filter Alert-specific parameters
Parameter Description Values Required Type
searchFilterName Name of the search filter. Any text up to 64 characters in length. yes string
FewerThan Minimum number of messages that must be received within a time period (TimeSpan parameter) before an alert is generated. If the number of messages drops below FewerThan, an alert is generated.
The FewerThan and MoreThan parameters make up the alert range.
Note: You do not have to specify both FewerThan and MoreThan.
Any positive integer between 1 and 100. yes string
MoreThan Maximum number of messages that can be received within a time period (TimeSpan parameter) before an alert is generated. If the number of messages exceeds MoreThan, an alert is generated.
The FewerThan and MoreThan parameters make up the alert range.
Note: You do not have to specify both FewerThan and MoreThan
Any positive integer between 1 and 100. yes string
Timespan Period of time that must be exceeded by the FewerThan and MoreThan thresholds before an alert is triggered.

If the FewerThan and MoreThan thresholds are met for the specified TimeSpan, an alert is generated.

Any positive integer. The value is in seconds. For example, the value 120 represents two minutes.

The default is 60.

yes int