How To setup a Start Program Action

Thursday, April 12th, 2007

How To setup a Start Program Action

Article created 2007-04-12 by Florian Riedl.

1. First we define a new rule set. Right-click "Rules". A pop up menu will appear. Select "Add Rule Set" from this menu. On screen, it looks as follows:

2. Then, a wizard starts. Change the name of the rule to whatever name you like. We will use "Start Program" in this example. The screen looks as follows:


Click "Next" to go on with the next step.

3. Select only "Start Program". Do not select any other options for this sample. Also, leave the "Create a Rule for each of the following actions" setting selected. Click "Next". You will see a confirmation page. Click "Finish" to create the rule set.

4. As you can see, the new Rule Set "Set Property" is present. Please expand it in the tree view until the action level of the "Set Property" Rule and select the "Set Property" action to configure.

5. You can use this action to start programs and scripts on the occurence of special Events. Mostly this action is used in conjunction with strict filter settings. It allows you to begin with counter-measures if something happens.

6. By clicking on the "Browse"-Button a windows opens up. Here you can specify the program or script you want to use. After that you can specify special parameters that should be used upon execution. These will be used as command-line parameters. Further there are parameters available which refer directly to message properties. That way you can use information from the messages as parameters. For more information on these, refer to the manual
internal property list

7. Finally, make sure you press the "Save" button – otherwise your changes will not be applied. Then start the service and you are done.

How To setup a Control NT Service Action

Thursday, April 5th, 2007

How To setup a Control NT Service Action

Article created 2007-04-05 by Florian Riedl.

1. First we define a new rule set. Right-click "Rules". A pop up menu will appear. Select "Add Rule Set" from this menu. On screen, it looks as follows:

2. Then, a wizard starts. Change the name of the rule to whatever name you like. We will use "Control NT Service" in this example. The screen looks as follows:


Click "Next" to go on with the next step.

3. Select only "Control NT Service". Do not select any other options for this sample. Also, leave the "Create a Rule for each of the following actions" setting selected. Click "Next". You will see a confirmation page. Click "Finish" to create the rule set.

4. As you can see, the new Rule Set "Control NT Service" is present. Please expand it in the tree view until the action level of the "Control NT Service" Rule and select the "Control NT Service" action to configure.

5. Here you can configure the control options which include the service name (which is the actual service name, not the display name), the action to perform and a timeout value. For the service name, you can take a concrete name for a specific service or leave the property in conjunction with the NT Service Monitor. For now we leave the default values.

6. Finally, make sure you press the "Save" button – otherwise your changes will not be applied. Then start the service and you are done.

How To setup a Set Status Action

Thursday, April 5th, 2007

How To setup a Set Status Action

Article created 2007-04-05 by Florian Riedl.

1. First we define a new rule set. Right-click "Rules". A pop up menu will appear. Select "Add Rule Set" from this menu. On screen, it looks as follows:

2. Then, a wizard starts. Change the name of the rule to whatever name you like. We will use "Set Status" in this example. The screen looks as follows:


Click "Next" to go on with the next step.

3. Select only "Set Status". Do not select any other options for this sample. Also, leave the "Create a Rule for each of the following actions" setting selected. Click "Next". You will see a confirmation page. Click "Finish" to create the rule set.

4. As you can see, the new Rule Set "Set Status" is present. Please expand it in the tree view until the action level of the "Set Status" Rule and select the "Set Status" action to configure.

5. With this action you can create your own properties which can be used in the whole rule and filter engine. Or you can take a already existing property and just change it’s value. Properties are a variable for specified information units. More detailed information is available in the manual.

6. You can enter your own property name in the corresponding field, or choose one from the internal list. For this example I choose the property name secEventID. The "Set Property value" can be filled with any valid value or the property replacement. Here I chose my property to be filled with the EventID value. Click on "Insert" to open the menu with the already available properties. This would look like that.
internal property list

7. Finally, make sure you press the "Save" button – otherwise your changes will not be applied. Then start the service and you are done.

How To setup a Set Property Action

Thursday, April 5th, 2007

How To setup a Set Property Action

Article created 2007-04-05 by Florian Riedl.

1. First we define a new rule set. Right-click "Rules". A pop up menu will appear. Select "Add Rule Set" from this menu. On screen, it looks as follows:

2. Then, a wizard starts. Change the name of the rule to whatever name you like. We will use "Set Property" in this example. The screen looks as follows:


Click "Next" to go on with the next step.

3. Select only "Set Property". Do not select any other options for this sample. Also, leave the "Create a Rule for each of the following actions" setting selected. Click "Next". You will see a confirmation page. Click "Finish" to create the rule set.

4. As you can see, the new Rule Set "Set Property" is present. Please expand it in the tree view until the action level of the "Set Property" Rule and select the "Set Property" action to configure.

5. With this action you can set your custom properties which then can be used in the whole rule and filter engine with the new values. Or you can take a already existing property and just change it’s value. Properties are a variable for specified information units. More detailed information is available in the manual.

6. You can enter your custom property name in the corresponding field, or choose one from the internal list. For this example I chose to replace the value of the property timegenerated with the value of the property timereported. Click on "Insert" to open the menu with the already available properties. This would look like on the following screen. Of course you could choose your own properties, too.
internal property list

7. Finally, make sure you press the "Save" button – otherwise your changes will not be applied. Then start the service and you are done.

How To setup an Send Mail Action

Friday, December 22nd, 2006

How To setup an Send Mail Action

Article created 2006-12-22 by Florian Riedl.

1. First we define a new rule set. Right-click "Rules". A pop up menu will appear. Select "Add Rule Set" from this menu. On screen, it looks as follows:

2. Then, a wizard starts. Change the name of the rule to whatever name you like. We will use "Forward E-Mail" in this example. The screen looks as follow:


Click "Next" to go on with the next step.

3. Select only Send Email. Do not select any other options for this sample. Also, leave the "Create a Rule for each of the following actions" setting selected. Click "Next". You will see a confirmation page. Click "Finish" to create the rule set.

4. As you can see, the new Rule Set "Forward E-Mail" is present. Please expand it in the tree view until the action level of the "Send Email" Rule and select the "Send Email" action to configure.

5. Now, we are going to configure the necessary settings for sending emails. Type the IP or the hostname of your SMTP mailserver into the Mailserver field in the form. Then choose a sender email adress and of course the adress of the recipient for the notifications.

6. Finally, make sure you press the "Save" button – otherwise your changes will not be applied. Then start the service and you are done.