Watcher

This function is used to watch out for specified data within incoming data logs. The system sends an alarm when the incoming log data contains a specified key word or phrase. This is useful to detect any known abnormalities or behavior.

To access the Watcher function, click on the <SIEM> icon at the Left Navigation Bar then click on <Watcher> at the Top Navigation Bar if not already at the Reports page.

Click on Watcher < > and when you are in the Watcher menu, click .

Enter the data and rules to define what you want to watch out for and receive an alarm when the conditions are met.

Name – Input name of rule.

Enable – Select Yes/No to enable rule.

Run interval – Select interval time to run the rule.

Search windows – Select logs past time to run the rule.

Query string - Input query string value for logs search.

Log Hits - Input log hits “expression” and “numbers”

Alarm message – Input alarm message.

Alarm generation - Select condition for alarm generate.

Save – Save watcher rule.

Watcher will search the log data according to the conditions set. Results are displayed on the main page of the Watcher menu.

When the Watcher rule has been created and enabled, an alert will be generated if the specified key word or phrase is detected.

To see the alert message, click on Alerts icon at the Left Bavigation bar then click on <Alerts> at the Top Navigation Bar than click on <Current> at the sub menu bar then select <LogsWatch Alarms> at the drop down list menu.