Adding and Editing a Syslog Monitor

To add or edit a Syslog monitor:

1. Click the Admin tab, then click Monitor Library. The Monitor Library dialog appears.
2. Click the Passive tab. The Passive Monitor list appears.
3. Click New and select Syslog from the list to create a new Syslog monitor. Click OK.
   - or -
   Select the Syslog monitor you want to change from the list of current monitors, and then click Edit.
4. Type or select the appropriate information in the following fields.
   • Name. Type a name for the monitor. This name displays in the Passive Monitor Library.
   • Description. Type a short description for the monitor. This description displays next to the monitor in the Passive Monitor Library.
   • Match On. You can click the Add button to access the expression editor, where you can create your expression, test it, and compare it against potential payloads you can receive. After creating the expression, click OK to insert that string into the Match on box.

   Note: If you have multiple payload "match on" expressions, they are linked by "OR" logic - not "AND" logic. Example: If you have two expressions, one set to "AB" and the other to "BA", it will match against a trap containing any of the following: "AB" or "BA" or "ABBA".

5. Click OK to list this event in the Passive Monitor Library as a Syslog Passive Monitor.

After configuring a passive monitor in the Passive Monitor Library, add the monitor to devices.

For an example of why you might create a Syslog Event, see Sample of a Syslog Monitor Event.

See Also Using the Passive Monitor Library Adding and Editing a SNMP Trap Monitor Adding and Editing a Windows Event Log Monitor Using the Any Passive Monitor