Change Guardian collects events from various assets based on pre-configured Change Guardian policies. Events are collected by Change Guardian agents and are received by the Change Guardian server and displayed in the Events dashboard.
This section provides the following information:
You can configure event routing rules to filter events based on one or more of the searchable fields. You can associate each event routing rule with one or more of the configured actions. You can also assign tags to group the events logically.
Following sections provide information about configuring event routing rules.
You can create a filter-based event routing rule and then assign one or more configured actions that are executed to handle or output the events that meet the event routing rule criteria.
The newly created event routing rule appears at the end of the rules list under the Event Routing Rules tab. By default, this new event routing rule is active.
To create an event routing rule:
Login to the Change Guardian web console.
Navigate to Administration > Routing > Event Routing Rules.
Click Create.
Specify the Name. To set the Criteria, click the + icon and select the criteria based on your requirement.
For example: Change Guardian Events with the criteria pn:"NetIQ Change Guardian" AND (sev:[2 TO 5]) and click Add.
Under Route to the following services, choose All.
Under Perform the following actions, select Send Events via Sentinel Link. If the Sentinel link has been configured, you will see that the DNS name of the regional server and port 1290 appears.
Click Save. The event routing rule is created.
When there is more than one event routing rule, the event routing rules can be reordered by dragging them to a new location. Events are evaluated by event routing rules in the specified order until a match is made, so you should order the event routing rules accordingly. More narrowly defined event routing rules and more important event routing rules should be placed at the beginning of the list.
The first routing rule that matches the event based on the filter is processed. For example, if an event passes the filter for two routing rules, only the first rule is applied. The default routing rule cannot be reordered. It always appears at the end.
To order event routing rules:
From the web console, click ADMINISTRATION > Routing in the toolbar.
The Event Routing Rules tab is displayed.
Existing event routing rules appear on the page.
Mouse over the icon to the left of the event routing rule numbering to enable drag-and-drop. The cursor changes.
Drag the event routing rule to the correct place in the ordered list.
When the event routing rules are ordered, a success message is displayed.
New event routing rules are activated by default. If you deactivate an event routing rule, incoming events are no longer evaluated according to that event routing rule. If there are already events in the queue for one or more actions, it might take some time to clear the queue after the event routing rule is deactivated. If the On check box next to the event routing rule is selected, the event routing rule is activated. If the On check box is not selected, the event routing rule is deactivated.
From the web console, click ADMINISTRATION > Routing in the toolbar.
The Event Routing Rules tab is displayed.
Existing event routing rules appear on the page.
To activate the event routing rule, select the check box next to each event routing rule in the Enabled column.
If the event routing rule is activated, a success message is displayed.
To deactivate the event routing rule, select the check box next to each event routing rule in the Enabled column.
When the event routing rule is deactivated, a success message is displayed.