Log Rule
A robust Infraon Infinity solution must monitor certain events in real-time to facilitate swift responses to security threats. Log rules are essential components that define how log data is processed, examined, and acted upon within logging and monitoring systems.
Infraon's alerting system allows you to set up rules that continuously scan log data for specific conditions. When these conditions are met, the system triggers predefined alerts.
In essence, rules are predetermined scenarios that, when matched, initiate an alarm, event, or configured action. Each rule consists of three key elements:
A specific query to be executed
Parameters that determine what constitutes a rule match
A set of alerts to be triggered when a match occurs
Rule Types:
Infraon Infinity allows you to set up rules that can trigger alarms or send notifications to users through email or SMS. These rules are based on specific criteria you define, such as error rate thresholds or particular log patterns. The system offers two main types of rules:
Custom Query
Custom query rules use tailored search parameters to identify alert-worthy conditions in your log data. To set up a custom query rule:
Formulate a query that filters the log data you want to monitor
Design the query to capture the exact conditions that should trigger an alert
Specify how often the system should run this query to check for matching log entries (e.g., every 5 minutes)
Threshold Rule
Activates when defined thresholds are reached. Select the metric or data point for monitoring. For instance, you could track the number of error logs or the average response time. Establish the alert triggers, such as limits for high error frequencies or unexpected data surges.
Trigger Condition: For example, if the error tally reaches over 100 in 5 minutes.
Alert Frequency: The regularity of condition assessment (e.g., every 5 minutes).
Instructions to add a New Log rule
Go to Infraon configuration -> IT Operations -> Rules and click on the ‘New Rule’ button at the top right corner and Add Log rule option to continue.
Refer to the table below to add the details respectively.
Add Log Rule | Details
Label
Action/ Description
Example
Log Rule
Name
Add a name to the Log rule
Description
Add a brief description of the Log rule
Status
Activate the rule by switching the toggle button on. The rule will only function when its status is on.
Rule Type
Select the respective rule type from the below call-out boxes.
Custom query and Threshold Count.
Criteria
Index Pattern/ Data View
Select the type of data to be entered.
Value
Input the relevant value in the Multi-Index field to specify which index the rule should be applied to.
Windows*, or windows-2024.09.12, windows-2024.09.13
Custom Filters
Add custom filters to define specific conditions for your logs or metrics.
For example, you might want to filter logs where the status_code is 500 and the response_time exceeds 2s.
Check Every
This will run periodically and detect alerts within the specific time frame.
2 seconds/minutes
Look Back
Add time to the look-back period to prevent missed alerts.
3 seconds/minutes
Group By
Add the field by which you want to group. This could be any field from your logs or metrics.
For example, you might group by service_name to get separate alerts for each service.
Count
Add the respective count from the drop-down box below.
Hostname, IP Address, Message, Agent Name, Host ID.
Threshold
Set a limit for how many times a certain event can happen. This limit is based on the group of users you're looking at.
2,3,4…. Etc.
Action
Severity
Choose the appropriate urgency level for the event this rule will generate from the drop-down box below.
Critical, Major, and Minor are the highest and Minor the lowest.
Alarm/ Event Message
Enter a personalized notification text that will appear in the event when the rule is triggered.
Once the details have been added, click “Save” to confirm the rule configurations.
Last updated
Was this helpful?