It can be sometimes necessary and judicious to be warned about failures on system events, to react as quickly as possible and correct a possible critical point.
This example describes the procedure to use in order to be automatically warned by Email, when a failure occurred in the security logs.
This topic can also be used as a starting point to be warned of other system events (Information, Warning, Error, Success Audit, Failure Audit).
- Create a new alert, named for example "Failure in security logs".
- Add the following event to be monitored :
The state after detection "Continue the observation", enables to infinitely pursue the monitoring of security logs.
- Add the following action to be performed :
Fill in the different settings required to send the Email.
If the SMTP server requires an authentication, check "Use authentication", then enter the authentication information.
The communication with the SMTP server can be easily tested by clicking on the "Test" button.
- Select the target computers on which the alert must be applied :
- Confirm the alert creation by clicking on the "OK" button.