Managing Triggers
Triggers describe what action should be taken when a correlation Blok is triggered. If several triggers are associated with the same correlation Blok, all of them are triggered.
Adding a Trigger
You can add triggers from the Management > Advanced Features > Rules > Triggers tab.
- Enter a name and description for the trigger. The name can include letters, numbers, or underscore (_).
- Enable or disable the trigger.
You can enable or disable triggers at any time, but they must be synchronized in order to be activated.
- Specify a trigger group, severity, category, and correlation Blok. The built-in group
System
is provided, but you can also create your own trigger groups. However, you cannot delete a trigger group from the GUI. - Set the maximum number of alerts and the frequency (hour, minute, day).
- (Optional) Set up alert notifications to be sent out when the trigger is activated. Notifications can be in the form of email, syslog, or SNMP and you can set multiple notifications for a single alert.
For SNMP notifications, if you select the SNMP version as v3, the Snmp Community field is not included in the log data that is displayed in the search results.
Synchronizing Triggers
Any updates to the trigger settings requires synchronization for the changes to take effect. Click the Sync triggers icon on the Triggers tab and select the trigger groups to be synchronized. The synchronization process deploys all enabled and disabled triggers in the selected groups to the correlation node. If you create a new trigger, you must synchronize the trigger group containing the new trigger by clicking the Sync triggers icon .