Define rules to process incoming Syslog, Windows Event Log, and SNMP Trap entries. Log rules can tag entries, discard irrelevant logs, create events, raise alarms, and control the flow of log processing.
Log Rules in Cloudmon apply conditional logic to incoming log entries from Syslog, Windows Event Logs, and SNMP Trap. When a log entry matches the conditions defined in a rule, Cloudmon executes the configured actions such as tagging the entry, flagging it for discard, generating an event, or raising an alarm. Rules are processed in sequence and can include flow control to stop further rule processing for a matched entry.
Navigate to Settings → Configurations → Log Rules to view and manage all log rules.
| Field | Description |
| Enabled | Determines whether the rule is active. Set to Off to disable the rule without deleting it. |
| Name | A descriptive name for the rule to identify its purpose. |
| Probe / Servers | The probe (for Syslog and SNMP Trap rules) or Windows server (for Windows Event Log rules) to which this rule applies. |
| Log Type | Specifies whether the rule applies to Syslog, Windows Event Logs, and SNMP Trap. |
| Conditions | Determines whether the rule applies to every log entry or only to entries that match specified conditions such as severity level, event ID, or message content. |
| Active Time Window | Defines the time window during which the rule is active, allowing rules to be scoped to business hours or maintenance windows. |
| Entry Count | Specifies whether the rule triggers on every matching log entry or only after a defined count is reached. |
| Flood | When enabled, there is no cooldown period between rule triggers, allowing the rule to fire continuously on every matching entry. |
| Action | Description |
| Tag the Entry | Adds a tag to the matching log entry for easy identification. Tags can be used in later rules, log searches, and visualisations to categorise and filter log data. |
| Flag for Discard | Marks the log entry so it will not be saved to the database. Rule processing continues for the entry, but it is not stored. Useful for filtering out high-volume irrelevant log noise. |
| Stop Processing Rules | Stops further rule processing for the current log entry. No additional rules will be evaluated after this action fires. |
| Create Event | Generates a Cloudmon event based on the log entry to highlight or track a significant occurrence for future reference. |
| Raise Alarms | Triggers an alarm whenever the rule conditions are met, enabling real-time alerting for critical issues or anomalies detected in log data. |