Rule sets are collections of rules you want to enforce on a specific UNIX agent computer or a group of UNIX agent computers. You can create rule sets that are specific to the location, job, or sensitivity of a particular UNIX or Linux computer, or you can easily create a rule set to apply to all your Apache web servers or Oracle database servers. You can enforce unique rule sets on each UNIX agent or deploy a uniform rule set to multiple computers.
Rule set data is normally in a UNIX Agent Manager server, and can be accessed by any UNIX Agent Manager console that is connected to that server. However, you can export the data to a file that can be imported into another server. When you import a rule set, you have the opportunity to change the name of that rule set.
Before you start working with a rule set, determine what rule set you want to modify. Consider the following scenarios:
Consider reviewing and editing the default rule set provided with the UNIX Agent Manager if this is an initial implementation of rule sets in your organization. The UNIX Agent Manager displays the default rule set when you open Rules Manager and click Create Rule Set If you modify the default rule set, save the new rule set with a unique name.
Open a saved rule set if you have already begun to edit a rule set. You might also need to open a saved rule set if you have template rule sets based on the job-related use of the agent computer. For more information, see Section 8.2, Understanding Rule Sets
When you open a rule set, the UNIX Agent Manager provides both a tree pane and a list pane. The tree pane provides an easy way to navigate through specific event source and rule group information, while the list pane changes to provide detailed information about your tree selection.
At the second level of the tree, you can find the event sources and rule groups of the rule set. The following list provides a short description of the contents of this secondary tree level and references for more information:
Event sources provide the data on which to trigger your rules. For more information, see Section 8.5, Understanding Event Sources.
Rule groups provide editable properties at the group level, and contain individual rules. For more information, see Section 8.6, Understanding Rule Groups.
Expanding a rule group allows you to view and edit the rules associated with its common event source. For more information, see Section 8.7, Understanding Rules and Actions
UNIX Agent Manager displays disabled rules and event sources in a darker color.
The content pane allows you to view the configuration of any selected tree element. But, you cannot edit the properties in the content pane.
To edit the properties of an element:
Right-click the element in the tree pane. You cannot modify the properties of action elements and conditional elements from the tree pane. For more information, see Section 8.7, Understanding Rules and Actions, Section 8.9, Understanding Conditionals and Comparisons, and Section 8.10, Understanding Time Conditions.
Select Edit on the menu.
On the Edit window, modify the appropriate properties.
Click OK to save the modifications and close the window.
Deploying a rule set to an agent computer replaces the previous rule set. The event detection and alerting daemon begins processing and initializing the new rule set immediately. However, it may take up to 30 seconds for the new rule set to take effect. Modifications to items in the filesystem rule group may cause the event detection and alerting daemon may take longer to initialize, due to the time it takes to create initial snapshots of the filesystem objects.
To deploy rule sets to agent computers:
Start the UNIX Agent Manager.
Start the UNIX Agent Manager.
Start the UNIX Agent Manager.
Click File > Rules Manager.
Click Manage Rule Sets > Create Rule Set, then enter a name for rule set.
(Conditional) If you want to make changes to the default rule set displayed in the Rules Manager, customize the rule set as needed until the rule set is correctly configured for your environment.
Close the Rule Editor.
Click Back to return to the main Rules Management window.
In the Available Hosts list, select the agent computers where you want to use the rule set.
Click To Selected Hosts to deploy the rule set. The detectd process begins processing and initializing the new rule set immediately. However, it may take up to 30 seconds for the new rule set to take effect.
Verify that the rule set is active on the agent computers. The Sentinel column shows green cells for all agents with an active rule set.