Add a Logging Rule to a Device Template

To add a logging rule to a device template follow the steps below.

1. Log in to Netreo as a user with the SuperAdmin access level.
2. Go to the main menu and select Administration > Templates to open the Device Templates Administration page.
3. Locate the device template to which you would like to add a logging rule and select its edit icon in the ACTIONS column.
4. In the Template Components panel locate the Logging Rules table.
5. Select the add logging rule button (+symbol).
   1. In the TITLE field enter a name for your rule. Logging rule names must be unique across all device templates.
   2. By default Netreo collects statistics for rule matches and provides a threshold check for optional monitoring and alerting on that value. If you do not wish for Netreo to collect statistics on matches for this rule, set the POLLER switch to OFF.
   3. If you wish to be alerted to all occurrences of a rule match, set the PASSIVE CHECK switch to ON.
      • This option adds a generic passive service check to all applicable devices. The added check requires additional configuration on each applicable device to set alarm sensitivity and action groups.
      • Alarms generated by this passive service check automatically clear after 5 minutes.
   4. To trigger a match for this rule any of the 3 following options may be used, either individually or in combination:
      1. To trigger a match based on a regular expression, enter appropriate expressions in the REGULAR EXPRESSION MATCH and/or NOT MATCH REGULAR EXPRESSION fields.
         • These fields may be used independently or together for more complex matching, as the fields are combined using an AND.
         • MySQL databases (how logs are stored in Netreo) use a subset of the regular expression ruleset explained here: https://dev.mysql.com/doc/refman/8.0/en/regexp.html
      2. To trigger a match based on log message severity, in the SEVERITY fields, first select how the severity should be matched then select the severity level.
         • Note: Syslogs and Windows event logs have severities, SNMP traps do not.
      3. To trigger a match based on a Windows event log code, in the CODE field enter the appropriate code to match.
6. (Optional) Configure the provided threshold check if statistics are being collected. This check monitors the number of occurrences.
7. Select Add Log.
8. Now follow the instructions in Re-Apply Device Templates After Editing.