System Log Notifications

You can set up notifications to be sent one or more system log servers.

• Types of Event—When you set up alerts, you can globally specify which alerts are sent to all configured system log servers. You can also specify which alert types a specific system log server receives. For a list and description of each event type, see About Events.
• Notification Delivery Frequency—You can specify the delivery frequency both globally and for individual sysem log servers. When you set an system log servers delivery frequency it overrides the global delivery frequency setting.

  FireEye recommends that you provide per event notifications to all persons monitoring event alerts. This ensures that these persons receive the alerts as soon as they occur.

  For more information on Notification Delivery Frequency, see Notification Delivery Frequency

• Notification Format—You can specify the format and level of depth for each notification that is logged. For more information on the notification format, see Notification Format
• Severity Level—You can set the default severity level for each alert to:
  • Alert
  • Critical
  • Debug
  • Emergency
  • Error
  • Informational
  • Notice
  • Warning

Task List

The following sections explain how to configure system log notifications:

• Configure default syslog settings. See Configuring the Default Syslog Settings Using the Web UI or Configuring Default Syslog Settings Using the CLI.
• Add one or more system log (rsyslog) servers. See Adding System Log Servers Using the Web UI or Adding System Log Servers Using the CLI
• Customize rsyslog server notifications in the CLI. See Customizing System Log Server Notifications Using the CLI.
• Change line feedback settings in the CLI, if desired. See Configuring Line Feedback for Rsyslog Notifications.